Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

TROJ_ZLOB.AMH and iesmin.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

TROJ_ZLOB.AMH and iesmin.exe

Unread postby Hank » August 2nd, 2007, 8:07 pm

Hello,

I'm troubled with a "Virus Protect Pro" that keeps staying in my startup, wanting me to download antivirus software... I've gone through and cleaned what I could, but it seems I'm out of places to search, and I havent removed this darn thing.

I hope I'm not too late for a fix. Any help much much appreciated. Thanks,
Craig



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:04:47 PM, on 02/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\LVComsX.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - C:\PROGRA~1\INSTAN~1\IBBar.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\__c00DC7E9.dat
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - C:\PROGRA~1\INSTAN~1\IBBar.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-21-1602100791-742536468-358169722-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1602100791-742536468-358169722-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-1602100791-742536468-358169722-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6098484812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C1889.dat
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: hemprich - {af8bca8b-a9f1-471d-bdcd-caa14be2bdd9} - C:\WINDOWS\system32\ktrxe.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 11103 bytes
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm
Advertisement
Register to Remove

Unread postby tim s » August 2nd, 2007, 8:35 pm

Hi Hank,

Welcome to the MalWare Removal forums! I'll be glad to help you with your computer problems.
HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.

In order to help me help you, please observe the following while we work:
  1. If you don't know, stop and ask! Don't continue, we don't want to start all over again!
  2. Understand that cleaning your computer can sometimes take multiple passes/posts,
    and it's important to follow the steps as listed including re-running scans as listed
  3. Please reply to this thread, do not start another.


If you can do those three things, everything should go smoothly

---------------------------------------------------------

The is first:

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


-----------------------------------------------------------

Next:

Make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1.Start HijackThis

Image

2. Click on the Open the Misc tool section button
3. Click on the Misc Tools button

Image

4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save list button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply. Note: please uncheck word wrap under format in notepad

Post HJT Uninstall list in next reply

--------------------------------------------------------------

Please post these in next reply to this thread by using the postreply button:

C:\vundofix.txt
HJT Uninstall list
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Hank » August 3rd, 2007, 2:15 am

Hi Tim S,

Thanks for the speedy reply!

Downloaded and ran VundoFix.exe
It did not find any files to remove, so there was no prompt to restart. Below is the txt file.

------------------------

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 10:58:24 PM 02/08/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...


----------------------------------

Completed the Uninstall List in HijackThis....


Ad-Aware SE Professional
Adobe Acrobat - Reader 6.0.2 Update
Adobe Acrobat 5.0
Adobe Acrobat 6.0.1 Professional
Adobe Acrobat and Reader 6.0.3 Update
Adobe Acrobat and Reader 6.0.4 Update
Adobe Acrobat and Reader 6.0.5 Update
Adobe Acrobat and Reader 6.0.6 Update
Adobe After Effects 7.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Premiere Pro 2.0
Adobe Reader 7.0.8
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos 1.0
AI RoboForm (All Users)
ALPS Touch Pad Driver
ArcGIS Desktop
ArcGIS Desktop Developer Kit
ArcGIS Plug-in with ECW Compressor
ArcGIS Tutorial Data
ArcGIS Tutorial Data
Atheros Client Utility
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Autodesk MapGuide(R) Author Release 6.5
Autodesk MapGuide(R) Release 6.5 Documentation
Avery DesignPro
Battlefield 2142
Bentley MicroStation (V 08.00.00.21) - 1
Canon i250
Canon MP Drivers
CD/DVD Drive Acoustic Silencer
CDBurnerXP Pro 3
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
CONTACT ORGANIZER DELUXE (S)
CorelDRAW Graphics Suite 12
dBpowerAMP Music Converter
DFX 8 for Winamp
Didger 2
DigDB 7.1 for Excel2000/2002/XP/2003
DivX Content Uploader
DivX Web Player
D-Link CIF Webcam
Documents To Go
DVD-RAM Driver
EA Link
ESRI Software Documentation Library
ESRI Software Documentation Library
ET GeoWizards 9.2
Final Draft 5
Flash to Video Encoder Pro
Geosoft Plug-In for ArcGIS
Google Desktop
Google Earth
Google Earth and 3D Warehouse Plugin
Google Talk (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp designjet printer software
HP Image Zone 3.5
HP Precisionscan Pro 3.1
HP PSC & OfficeJet 3.5
HP Share-to-Web
HP Software Update
HP System maintenance for HP Designjet 30 130 series
HTML Password Lock 3.2.9
Icefield Inclin for PalmOS
InclinDOS
InclinWin
Instant Buzz (remove only)
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
i-Sound Pro 6.60
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) SE Runtime Environment 6 Update 1
LimeWire 4.9.30
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Maxtor Quick Start
Messenger Service
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.5)
MSN Messenger 7.5
Nero 6 Ultra Edition
PageBreeze Free HTML Editor
palmOne
Picasa 2
ProFile - Uninstall Only
Python 2.1
Python 2.1 combined Win32 extensions
QuickTime
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Remote Desktop Connection
SketchUp 5
SketchUp 5 Architecture Library
SketchUp 5 Construction Library
SketchUp 5 ESRI Plug-in
SketchUp 5 Film & Stage
SketchUp 5 Film & Stage Library
SketchUp 5 Landscape Architecture Library
SketchUp 5 Mechanical Design Library
SketchUp 5 People Library
SketchUp 5 Shape File Importer
SketchUp 5 Symbols Library
SketchUp 5 Transportation Library
Skype 3.1
Skype Plugin Manager
Sonic DLA
Sonic RecordNow!
Sothink HTML Editor 2.5
SplashStream 6.0
Surfer 7
SurfOffline (remove only)
The Battle for Middle-earth (tm) II
The Lord of the Rings, The Rise of the Witch-king
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Tbiosdrv Driver
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Trend Micro AntiVirus
Ulead DVD MovieFactory 3 Disc Creator
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 7 Beta 3
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Safety Alert
Windows XP Hotfix - KB888302
WinRAR archiver
WinZip


Once again thank you. I was hoping that the VundoFix might find something to remove...I can run it again and manually restart if that works? Thanks,
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm

Unread postby tim s » August 3rd, 2007, 8:41 am

Hi Hank,

Thanks for posting logs.

These Add or Remove Program entries correspond to programs that are either malware, installs malware, or is bundled with malware.

Windows Safety Alert
Instant Buzz (remove only)


Add/Remove Programs
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following:

    Windows Safety Alert
    Instant Buzz (remove only)

You will need to reboot computer to complete uninstall.

----------------------------------------------------

This is next:

Please do the following:
1. Download this file - combofix.exe and save it to your Desktop.
2. Close all open windows.
3. Double click combofix.exe & follow the prompts.
4. When finished, it shall produce a log for you. It is located >> C:\ComboFix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note: ComboFix may reset a number of Internet Explorer's settings.

---------------------------------------------------

Please post these in next reply:

C:\ComboFix.txt
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

ComboFix log

Unread postby Hank » August 3rd, 2007, 12:55 pm

I noticed after removing the Windows Safety Alert that the "Startup" reminder was gone. After completing your instructions and going online again, the internet explorer pop-ups came back. Getting there! Thanks! Below is combofix log.

---------------------------

ComboFix 07-08-03.4 - "MIC" 2007-08-03 9:28:40.1 - NTFS


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((( Files Created from 2007-07-03 to 2007-08-03 )))))))))))))))))))))))))))))))


2007-08-03 09:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 22:58 <DIR> d-------- C:\VundoFix Backups
2007-08-02 11:30 <DIR> d-------- C:\info
2007-08-02 10:22 <DIR> d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-08-02 10:17 32,528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-08-02 10:17 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 16:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-08-01 16:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-01 15:24 <DIR> d-------- C:\DOCUME~1\MIC\.housecall6.6
2007-08-01 09:33 64,991 --a------ C:\WINDOWS\system32\__c00DC7E9.dat
2007-08-01 09:33 106,496 --a------ C:\WINDOWS\system32\__c00C1889.dat
2007-08-01 09:33 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-24 18:32 <DIR> d-------- C:\Program Files\WordPress
2007-07-23 19:45 13,340 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-07-21 15:09 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2007-07-21 15:09 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys
2007-07-21 15:09 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2007-07-21 15:09 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
2007-07-12 15:37 <DIR> d-------- C:\GOLD
2007-07-12 15:14 <DIR> d-------- C:\Program Files\Cygwin
2007-07-05 14:51 <DIR> d-------- C:\Program Files\surfoffline
2007-07-05 13:09 73,728 --a------ C:\WINDOWS\system32\CNMCP50.exe
2007-07-05 13:09 5,632 --a------ C:\WINDOWS\system32\CNMVS50.DLL
2007-07-05 13:09 100,352 --a------ C:\WINDOWS\system32\CNMLM50.DLL
2007-07-05 13:09 <DIR> d-------- C:\canonbj
2007-07-05 13:00 <DIR> d-------- C:\Temp\i250_2KXP_v170
2007-07-05 13:00 <DIR> d-------- C:\Temp\Canon_i250_2KXP_v170
2007-07-05 13:00 <DIR> d-------- C:\Temp
2007-07-05 10:07 <DIR> d-------- C:\Driver
2007-07-05 10:06 57,344 --------- C:\WINDOWS\dvdrgn.exe
2007-07-05 10:05 <DIR> d-------- C:\Program Files\Ulead Systems
2007-07-05 10:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 09:11 --------- d-------- C:\Program Files\Instant Buzz
2007-07-31 16:27 8704 --a-s---- C:\WINDOWS\system32\ktrxe.dll
2007-07-31 16:27 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-07-31 16:27 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-07-31 12:42 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\Skype
2007-07-30 21:40 --------- d-------- C:\Program Files\Excel Compare
2007-07-30 21:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 21:12 --------- d-------- C:\Program Files\Etopo
2007-07-23 19:49 --------- d-------- C:\Program Files\Electronic Arts
2007-07-19 23:06 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-19 23:06 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-11 10:46 97328 --a------ C:\DOCUME~1\MIC\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-05 15:18 --------- d-------- C:\Program Files\DesignPro
2007-07-05 10:09 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\Ulead Systems
2007-06-29 16:37 74 --ah----- C:\WINDOWS\uce.dat
2007-06-29 12:27 --------- d-------- C:\Program Files\Monsters
2007-06-29 12:17 --------- d-------- C:\Program Files\callburner
2007-06-28 14:03 --------- d-------- C:\Program Files\Ulead3d
2007-06-26 10:52 --------- d-------- C:\Program Files\MyAdobe
2007-06-07 17:57 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\AdobeUM
2007-06-05 18:01 --------- d-------- C:\Program Files\Citrix
2007-05-07 22:22 63040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-02-09 22:00 2661432 --a------ C:\Program Files\AiRoboForm.exe
2006-05-26 10:18 22 --a------ C:\Program Files\zipnew.dat
2006-05-26 10:18 20 --a------ C:\Program Files\rarnew.dat
2005-10-07 14:05 98816 --a------ C:\Program Files\Default.SFX
2005-10-07 14:05 98304 --a------ C:\Program Files\Uninstall.exe
2005-10-07 14:05 881664 --a------ C:\Program Files\WinRAR.exe
2005-10-07 14:05 77312 --a------ C:\Program Files\WinCon.SFX
2005-10-07 14:05 66048 --a------ C:\Program Files\Zip.SFX
2005-10-07 14:05 651 --a------ C:\Program Files\Uninstall.lst
2005-10-07 14:05 389617 --a------ C:\Program Files\WinRAR.hlp
2005-10-07 14:05 298496 --a------ C:\Program Files\Rar.exe
2005-10-07 14:05 198144 --a------ C:\Program Files\UnRAR.exe
2005-10-07 14:05 125440 --a------ C:\Program Files\RarExt.dll
2005-10-01 21:04 9042 --a------ C:\Program Files\TechNote.txt
2005-10-01 21:04 66711 --a------ C:\Program Files\Rar.txt
2005-10-01 21:04 502 --a------ C:\Program Files\File_Id.diz
2005-10-01 21:04 11942 --a------ C:\Program Files\WhatsNew.txt
2005-08-03 21:31 3121 --a------ C:\Program Files\Order.htm
2005-06-21 21:27 9229 --a------ C:\Program Files\WinRAR.cnt
2005-06-07 11:26 43008 --a------ C:\Program Files\RarExt64.dll
2005-06-07 11:25 44032 --a------ C:\Program Files\RarExtLoader.exe
2005-06-02 15:05 1111 --a------ C:\Program Files\Descript.ion
2005-05-12 17:02 90 --a------ C:\Program Files\UnrarSrc.txt
2005-05-12 17:01 1687 --a------ C:\Program Files\ReadMe.txt
2004-05-24 20:02 4482 --a------ C:\Program Files\License.txt
2002-09-06 23:36 1082 --a------ C:\Program Files\RarFiles.lst


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8D60EBB-5565-4392-957B-7164BA087AD4}]
C:\PROGRA~1\INSTAN~1\IBBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"="TPSMain.exe" [2004-06-01 19:43 C:\WINDOWS\system32\TPSMain.exe]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 15:23]
"TFncKy"="TFncKy.exe" []
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-08-05 20:49]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 00:04]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 14:14]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 00:46]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 14:00 C:\WINDOWS\agrsmmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 12:45]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 13:47]
"NDSTray.exe"="NDSTray.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 20:10]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 15:07]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-01-19 17:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\MIC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-09-01 23:29:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00C1889.dat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MIC^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\MIC\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASDPLUGIN]
C:\WINDOWS\system32\canada.exe -N

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etbrun]
C:\windows\system32\eliteutp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Buzz Daemon]
C:\Program Files\Instant Buzz\IBDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssSort]
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkypeMate]
C:\Program Files\SkypeMate\SkypeMate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
c:\WINDOWS\System32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)



**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 09:43:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-03 9:46:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-03 09:45

--- E O F ---



And New HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:54 AM, on 03/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B8D60EBB-5565-4392-957B-7164BA087AD4} - C:\PROGRA~1\INSTAN~1\IBBar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Instant Bu&zz - {7475D3FD-5D85-49DB-8B9B-6968467B2D80} - C:\PROGRA~1\INSTAN~1\IBBar.dll (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-21-1602100791-742536468-358169722-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1602100791-742536468-358169722-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-1602100791-742536468-358169722-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\PROGRA~1\INSTAN~1\IBBar.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6098484812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C1889.dat
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: hemprich - {af8bca8b-a9f1-471d-bdcd-caa14be2bdd9} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 11089 bytes


Thanks Tim!
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm

Unread postby tim s » August 3rd, 2007, 1:59 pm

Hi Hank,

Thanks for posting logs.

This is next:

Open notepad (not wordpad) and copy/paste the text in the codebox below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.

Code: Select all
File::
C:\WINDOWS\system32\__c00DC7E9.dat
C:\WINDOWS\system32\__c00C1889.dat

Folder::
C:\VundoFix Backups

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8D60EBB-5565-4392-957B-7164BA087AD4}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASDPLUGIN] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Buzz Daemon] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\etbrun]



Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

-----------------------------------------------------------------------

This is next:

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

  • Under Main choose:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Cookies
    • Temporary Internet Files
    • Prefetch
    • Java Cache

      *The other boxes are optional*
    • Then click the Empty Selected button.
    Firefox:
    • Click Firefox at the top and choose: Select All
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
    Opera:
    • Click Opera at the top and choose: Select All
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
  • Click Exit on the Main menu to close the program.


----------------------------------------------------------------------

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports. NOTE* If this is not selected you will not be able to click Save Scan Report button when instructed to do so.
    • Under What to scan? - Select Scan every file.
Close AVG Anti-Spyware without running yet.
Now disable (turn off AVG Anti-Spyware)
  • Right-click the AVG Anti-Spyware Tray Icon (Bottom right corner of computer screen near clock) and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon again and select Exit. Confirm by clicking Yes.

______________________________

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________


Open AVG Anti-Spyware program.
  • Click on Scanner on the toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
Restart computer back into normal mode.

-----------------------------------------------------------

Post these in next reply:
Combofix.txt
AVG Anti-Spyware report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

AVG scan and logs

Unread postby Hank » August 3rd, 2007, 11:59 pm

Hi Tim,

Things are looking good! Below is the combofix.txt log

--------------

ComboFix 07-08-03.4 - "MIC" 2007-08-03 16:18:11.2 - NTFS
Command switches used :: C:\Documents and Settings\MIC\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\VundoFix Backups
C:\WINDOWS\system32\__c00C1889.dat
C:\WINDOWS\system32\__c00DC7E9.dat


((((((((((((((((((((((((( Files Created from 2007-07-04 to 2007-08-04 )))))))))))))))))))))))))))))))


2007-08-03 09:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 11:30 <DIR> d-------- C:\info
2007-08-02 10:22 <DIR> d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-08-02 10:17 32,528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-08-02 10:17 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 16:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-08-01 16:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-01 15:24 <DIR> d-------- C:\DOCUME~1\MIC\.housecall6.6
2007-08-01 09:33 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-24 18:32 <DIR> d-------- C:\Program Files\WordPress
2007-07-23 19:45 13,340 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-07-21 15:09 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2007-07-21 15:09 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys
2007-07-21 15:09 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2007-07-21 15:09 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
2007-07-12 15:37 <DIR> d-------- C:\GOLD
2007-07-12 15:14 <DIR> d-------- C:\Program Files\Cygwin
2007-07-05 14:51 <DIR> d-------- C:\Program Files\surfoffline
2007-07-05 13:09 73,728 --a------ C:\WINDOWS\system32\CNMCP50.exe
2007-07-05 13:09 5,632 --a------ C:\WINDOWS\system32\CNMVS50.DLL
2007-07-05 13:09 100,352 --a------ C:\WINDOWS\system32\CNMLM50.DLL
2007-07-05 13:09 <DIR> d-------- C:\canonbj
2007-07-05 13:00 <DIR> d-------- C:\Temp\i250_2KXP_v170
2007-07-05 13:00 <DIR> d-------- C:\Temp\Canon_i250_2KXP_v170
2007-07-05 13:00 <DIR> d-------- C:\Temp
2007-07-05 10:07 <DIR> d-------- C:\Driver
2007-07-05 10:06 57,344 --------- C:\WINDOWS\dvdrgn.exe
2007-07-05 10:05 <DIR> d-------- C:\Program Files\Ulead Systems
2007-07-05 10:05 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 09:11 --------- d-------- C:\Program Files\Instant Buzz
2007-07-31 16:27 8704 --a-s---- C:\WINDOWS\system32\ktrxe.dll
2007-07-31 16:27 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-07-31 16:27 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-07-31 12:42 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\Skype
2007-07-30 21:40 --------- d-------- C:\Program Files\Excel Compare
2007-07-30 21:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 21:12 --------- d-------- C:\Program Files\Etopo
2007-07-23 19:49 --------- d-------- C:\Program Files\Electronic Arts
2007-07-19 23:06 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-19 23:06 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-11 10:46 97328 --a------ C:\DOCUME~1\MIC\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-05 15:18 --------- d-------- C:\Program Files\DesignPro
2007-07-05 10:09 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\Ulead Systems
2007-06-29 16:37 74 --ah----- C:\WINDOWS\uce.dat
2007-06-29 12:27 --------- d-------- C:\Program Files\Monsters
2007-06-29 12:17 --------- d-------- C:\Program Files\callburner
2007-06-28 14:03 --------- d-------- C:\Program Files\Ulead3d
2007-06-26 10:52 --------- d-------- C:\Program Files\MyAdobe
2007-06-07 17:57 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\AdobeUM
2007-06-05 18:01 --------- d-------- C:\Program Files\Citrix
2007-05-07 22:22 63040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-02-09 22:00 2661432 --a------ C:\Program Files\AiRoboForm.exe
2006-05-26 10:18 22 --a------ C:\Program Files\zipnew.dat
2006-05-26 10:18 20 --a------ C:\Program Files\rarnew.dat
2005-10-07 14:05 98816 --a------ C:\Program Files\Default.SFX
2005-10-07 14:05 98304 --a------ C:\Program Files\Uninstall.exe
2005-10-07 14:05 881664 --a------ C:\Program Files\WinRAR.exe
2005-10-07 14:05 77312 --a------ C:\Program Files\WinCon.SFX
2005-10-07 14:05 66048 --a------ C:\Program Files\Zip.SFX
2005-10-07 14:05 651 --a------ C:\Program Files\Uninstall.lst
2005-10-07 14:05 389617 --a------ C:\Program Files\WinRAR.hlp
2005-10-07 14:05 298496 --a------ C:\Program Files\Rar.exe
2005-10-07 14:05 198144 --a------ C:\Program Files\UnRAR.exe
2005-10-07 14:05 125440 --a------ C:\Program Files\RarExt.dll
2005-10-01 21:04 9042 --a------ C:\Program Files\TechNote.txt
2005-10-01 21:04 66711 --a------ C:\Program Files\Rar.txt
2005-10-01 21:04 502 --a------ C:\Program Files\File_Id.diz
2005-10-01 21:04 11942 --a------ C:\Program Files\WhatsNew.txt
2005-08-03 21:31 3121 --a------ C:\Program Files\Order.htm
2005-06-21 21:27 9229 --a------ C:\Program Files\WinRAR.cnt
2005-06-07 11:26 43008 --a------ C:\Program Files\RarExt64.dll
2005-06-07 11:25 44032 --a------ C:\Program Files\RarExtLoader.exe
2005-06-02 15:05 1111 --a------ C:\Program Files\Descript.ion
2005-05-12 17:02 90 --a------ C:\Program Files\UnrarSrc.txt
2005-05-12 17:01 1687 --a------ C:\Program Files\ReadMe.txt
2004-05-24 20:02 4482 --a------ C:\Program Files\License.txt
2002-09-06 23:36 1082 --a------ C:\Program Files\RarFiles.lst


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"="TPSMain.exe" [2004-06-01 19:43 C:\WINDOWS\system32\TPSMain.exe]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 15:23]
"TFncKy"="TFncKy.exe" []
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-08-05 20:49]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 00:04]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 14:14]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 00:46]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 14:00 C:\WINDOWS\agrsmmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 12:45]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 13:47]
"NDSTray.exe"="NDSTray.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 20:10]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 15:07]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-01-19 17:49]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\MIC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-09-01 23:29:33]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\system32\__c00C1889.dat

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MIC^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\MIC\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssSort]
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkypeMate]
C:\Program Files\SkypeMate\SkypeMate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
c:\WINDOWS\System32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)



**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-03 16:31:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-03 16:34:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-03 16:33
C:\ComboFix2.txt ... 2007-08-03 09:46

--- E O F ---

And the AVG File


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:46:28 PM 03/08/2007

+ Scan result:



HKU\S-1-5-21-1602100791-742536468-358169722-1006\Software\_rtneg -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Documents and Settings\MIC\My Documents\My PIV\recipes.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Documents and Settings\MIC\My Documents\My PIV\Instantbuzz\SetupInstantBuzz.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFFB8611-C1D0-4C1C-BA9E-6FDA29A9CA30}\RP148\A0066434.exe -> Adware.InstantBuzz : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7475D3FD-5D85-49DB-8B9B-6968467B2D80} -> Adware.InstantBuzz : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{066040F0-5018-4E15-8AA0-81D36136D989}\\BandCLSID -> Adware.InstantBuzz : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7475D3FD-5D85-49DB-8B9B-6968467B2D80} -> Adware.InstantBuzz : Cleaned with backup (quarantined).
HKU\S-1-5-21-1602100791-742536468-358169722-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7475D3FD-5D85-49DB-8B9B-6968467B2D80} -> Adware.InstantBuzz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFFB8611-C1D0-4C1C-BA9E-6FDA29A9CA30}\RP144\A0063837.ini -> Adware.Qworke : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{EFFB8611-C1D0-4C1C-BA9E-6FDA29A9CA30}\RP145\A0065846.exe -> Downloader.Zlob.bvj : Cleaned with backup (quarantined).
:mozilla.80:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.81:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.36:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.37:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.41:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.70:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Adobe : Cleaned.
:mozilla.33:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.60:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.61:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.62:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.83:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\MIC\Cookies\mic@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.17:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.74:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.75:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.76:C:\Documents and Settings\chantke\Application Data\Mozilla\Firefox\Profiles\q14ba85g.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.


::Report end

------------

And new HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:21 PM, on 03/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-21-1602100791-742536468-358169722-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1602100791-742536468-358169722-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-1602100791-742536468-358169722-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6098484812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C1889.dat
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: hemprich - {af8bca8b-a9f1-471d-bdcd-caa14be2bdd9} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 10953 bytes

Wonderful work! Hope I did everything right. Thanks Tim! :lol:
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm

Unread postby tim s » August 4th, 2007, 7:37 pm

Hi Hank
Wonderful work! Hope I did everything right. Thanks Tim!


You are doing a fine job. Sorry for the delay on repling had to work today.

---------------------------------------------------------------

Please do the following.

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present):

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O9 - Extra button: Instant Buzz - {066040F0-5018-4E15-8AA0-81D36136D989} - C:\WINDOWS\system32\shdocvw.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c00C1889.dat

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit HijackThis.

------------------------------------------------------------

I missed one by listing as a file instead of a folder in the CFScript.

Ok this is next:

Please delete the CFScript I had you make we need to make another one.

Open notepad and copy/paste the text in the codebox below into it:
NOTE* make sure to only highlight and copy what is inside the code box nothing out side of it.

Code: Select all
File::
C:\WINDOWS\system32\__c00C1889.dat

Folder::
C:\Program Files\Instant Buzz



Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
Image


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

-----------------------------------------------------------------

Now we need to check for leftovers:

Please do an online scan with Kaspersky Online Scanner

Notice!
A new version of Kaspersky Virus Scanner has been released on August 8, 2006. If you have installed a previous version, you must unistall that program first before installing the new version. To uninstall, please go to the computer control panel and select "Add/Remove Programs." Close all Internet Explorer windows before uninstalling the Kaspersky Online Scanner.
Note* You must use Internet Explorer for the scan not Firefox if you have it.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save Report As button:
    • Save the file to your desktop.
    • File Type: Text file (*.txt).
    • Name: Kav.txt for example
  • Copy and paste that information in your next post.
==========================

Please post in next reply:

Combofix.txt
Kaspersky Online Scan report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby tim s » August 6th, 2007, 7:27 pm

Hi Hank

How are things going with last set of instructions.
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Hank » August 7th, 2007, 2:40 am

Hi Tim,

It was a long weekend up here in BC, Canada, so I had an extra day to get out of town. I'm following through with the last set of instructions and will let the scan run. I will post the logs in the morning.

Thanks for all your support!

Craig
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm

Unread postby Hank » August 7th, 2007, 12:21 pm

Combofix.txt

------------

ComboFix 07-08-03.4 - "MIC" 2007-08-06 23:26:22.3 - NTFS
Command switches used :: C:\Documents and Settings\MIC\Desktop\CFScript.txt


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Instant Buzz
C:\Program Files\Instant Buzz\.ibp
C:\Program Files\Instant Buzz\bugreport.txt
C:\Program Files\Instant Buzz\MicBain007.ibp


((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))


2007-08-03 16:58 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-08-03 09:26 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-02 11:30 <DIR> d-------- C:\info
2007-08-02 10:22 <DIR> d-------- C:\WINDOWS\system32\drivers\AU_Backup
2007-08-02 10:17 32,528 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-08-02 10:17 102,800 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-08-01 16:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-08-01 16:45 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-01 15:24 <DIR> d-------- C:\DOCUME~1\MIC\.housecall6.6
2007-08-01 09:33 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-24 18:32 <DIR> d-------- C:\Program Files\WordPress
2007-07-23 19:45 13,340 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2007-07-21 15:09 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2007-07-21 15:09 49,024 --a------ C:\WINDOWS\system32\drivers\mstape.sys
2007-07-21 15:09 13,696 --a--c--- C:\WINDOWS\system32\dllcache\avcstrm.sys
2007-07-21 15:09 13,696 --a------ C:\WINDOWS\system32\drivers\avcstrm.sys
2007-07-12 15:37 <DIR> d-------- C:\GOLD
2007-07-12 15:14 <DIR> d-------- C:\Program Files\Cygwin


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-31 16:27 8704 --a-s---- C:\WINDOWS\system32\ktrxe.dll
2007-07-31 16:27 73 --a------ C:\WINDOWS\system32\ssprs.dll
2007-07-31 16:27 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2007-07-31 12:42 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\Skype
2007-07-30 21:40 --------- d-------- C:\Program Files\Excel Compare
2007-07-30 21:18 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 21:12 --------- d-------- C:\Program Files\Etopo
2007-07-23 19:49 --------- d-------- C:\Program Files\Electronic Arts
2007-07-19 23:06 22328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-07-19 23:06 103736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-07-11 10:46 97328 --a------ C:\DOCUME~1\MIC\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-07-05 15:18 --------- d-------- C:\Program Files\DesignPro
2007-07-05 14:56 --------- d-------- C:\Program Files\surfoffline
2007-07-05 10:09 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\Ulead Systems
2007-07-05 10:05 --------- d-------- C:\Program Files\Ulead Systems
2007-07-05 10:05 --------- d-------- C:\Program Files\Common Files\Ulead Systems
2007-06-29 16:37 74 --ah----- C:\WINDOWS\uce.dat
2007-06-29 12:27 --------- d-------- C:\Program Files\Monsters
2007-06-29 12:17 --------- d-------- C:\Program Files\callburner
2007-06-28 14:03 --------- d-------- C:\Program Files\Ulead3d
2007-06-26 10:52 --------- d-------- C:\Program Files\MyAdobe
2007-06-07 17:57 --------- d-------- C:\DOCUME~1\MIC\APPLIC~1\AdobeUM
2007-05-07 22:22 63040 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-02-09 22:00 2661432 --a------ C:\Program Files\AiRoboForm.exe
2006-05-26 10:18 22 --a------ C:\Program Files\zipnew.dat
2006-05-26 10:18 20 --a------ C:\Program Files\rarnew.dat
2005-10-07 14:05 98816 --a------ C:\Program Files\Default.SFX
2005-10-07 14:05 98304 --a------ C:\Program Files\Uninstall.exe
2005-10-07 14:05 881664 --a------ C:\Program Files\WinRAR.exe
2005-10-07 14:05 77312 --a------ C:\Program Files\WinCon.SFX
2005-10-07 14:05 66048 --a------ C:\Program Files\Zip.SFX
2005-10-07 14:05 651 --a------ C:\Program Files\Uninstall.lst
2005-10-07 14:05 389617 --a------ C:\Program Files\WinRAR.hlp
2005-10-07 14:05 298496 --a------ C:\Program Files\Rar.exe
2005-10-07 14:05 198144 --a------ C:\Program Files\UnRAR.exe
2005-10-07 14:05 125440 --a------ C:\Program Files\RarExt.dll
2005-10-01 21:04 9042 --a------ C:\Program Files\TechNote.txt
2005-10-01 21:04 66711 --a------ C:\Program Files\Rar.txt
2005-10-01 21:04 502 --a------ C:\Program Files\File_Id.diz
2005-10-01 21:04 11942 --a------ C:\Program Files\WhatsNew.txt
2005-08-03 21:31 3121 --a------ C:\Program Files\Order.htm
2005-06-21 21:27 9229 --a------ C:\Program Files\WinRAR.cnt
2005-06-07 11:26 43008 --a------ C:\Program Files\RarExt64.dll
2005-06-07 11:25 44032 --a------ C:\Program Files\RarExtLoader.exe
2005-06-02 15:05 1111 --a------ C:\Program Files\Descript.ion
2005-05-12 17:02 90 --a------ C:\Program Files\UnrarSrc.txt
2005-05-12 17:01 1687 --a------ C:\Program Files\ReadMe.txt
2004-05-24 20:02 4482 --a------ C:\Program Files\License.txt
2002-09-06 23:36 1082 --a------ C:\Program Files\RarFiles.lst


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"="TPSMain.exe" [2004-06-01 19:43 C:\WINDOWS\system32\TPSMain.exe]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-07-28 15:23]
"TFncKy"="TFncKy.exe" []
"TCtryIOHook"="c:\WINDOWS\System32\TCtrlIOHook.exe" [2004-08-05 20:49]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 00:04]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-08-06 14:14]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 00:46]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 14:00 C:\WINDOWS\agrsmmsg.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-03-02 12:45]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 13:47]
"NDSTray.exe"="NDSTray.exe" []
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-10 20:10]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2001-07-03 09:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" []
"ZoomingHook"="c:\WINDOWS\System32\ZoomingHook.exe" [2004-07-14 15:07]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"Trend Micro AntiVirus 2007"="C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" [2007-07-05 20:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 02:24]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

C:\Documents and Settings\MIC\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-09-01 23:29:33]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^MIC^Start Menu^Programs^Startup^palmOne Registration.lnk]
path=C:\Documents and Settings\MIC\Start Menu\Programs\Startup\palmOne Registration.lnk
backup=C:\WINDOWS\pss\palmOne Registration.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
"C:\Program Files\Electronic Arts\EA Link\Core.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mssSort]
C:\Program Files\Maxtor\Maxtor Quick Start\msssort.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkypeMate]
C:\Program Files\SkypeMate\SkypeMate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
c:\WINDOWS\System32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"UleadBurningHelper"=2 (0x2)
"iPod Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)



**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 23:36:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 23:37:47
C:\ComboFix-quarantined-files.txt ... 2007-08-06 23:37
C:\ComboFix2.txt ... 2007-08-03 16:34
C:\ComboFix3.txt ... 2007-08-03 09:46

--- E O F ---



Kaspersky Online Scan report

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 07, 2007 9:17:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 7/08/2007
Kaspersky Anti-Virus database records: 376356
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 158119
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 04:10:38

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\chantke\Local Settings\Temporary Internet Files\AntiPhishing\07FB382D-AA75-4683-82F4-EAB265A275CB.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\MIC\.housecall6.6\Quarantine\IBBar.dll.bac_a00132 Infected: not-a-virus:AdWare.Win32.InstantBuzz.a skipped
C:\Documents and Settings\MIC\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\MIC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\MIC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\MIC\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MIC\Local Settings\Temporary Internet Files\AntiPhishing\2997C193-A464-4307-88C9-F9C00083CD16.dat Object is locked skipped
C:\Documents and Settings\MIC\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\MIC\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\MIC\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Trend Micro\AntiVirus 2007\Quarantine\30.tmp Infected: not-a-virus:AdWare.Win32.InstantBuzz.a skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{EFFB8611-C1D0-4C1C-BA9E-6FDA29A9CA30}\RP145\A0065848.exe Infected: not-a-virus:FraudTool.Win32.VirusProtectPro.d skipped
C:\System Volume Information\_restore{EFFB8611-C1D0-4C1C-BA9E-6FDA29A9CA30}\RP146\A0065967.exe Object is locked skipped
C:\System Volume Information\_restore{EFFB8611-C1D0-4C1C-BA9E-6FDA29A9CA30}\RP150\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{0C14F17B-1D2B-4BA7-BA9F-46AE4E1F04D0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


----------------------------------------------------

HJT log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:22:17 AM, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TCtrlIOHook.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ZoomingHook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe
C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKUS\S-1-5-21-1602100791-742536468-358169722-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1602100791-742536468-358169722-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-1602100791-742536468-358169722-1006 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6098484812
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: hemprich - {af8bca8b-a9f1-471d-bdcd-caa14be2bdd9} - (no file)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe

--
End of file - 10882 bytes
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm

Unread postby Hank » August 7th, 2007, 8:04 pm

Hey Tim,

I just thought I would mention something. I keep getting this Trend Micro warning saying it cannot remove suspicious software "Adware Adblock" please remove manually....

Maybe there is something in the registry I'm not seeing. Thanks!

Craig
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm

Unread postby tim s » August 7th, 2007, 9:39 pm

Hi Hank

I just thought I would mention something. I keep getting this Trend Micro warning saying it cannot remove suspicious software "Adware Adblock" please remove manually....


Let me research this and let you know.

I also need to know if you have uninstall Norton and Zone Alarm there are leftovers in log that need to be removed if you have?

This is next:

Your version of Java is now outdated. Java vulnerabilites are commonly exploited by viruses. You need to update.

Download the latest version of Java Runtime Environment (JRE) 6u2
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u2".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Click Start then Control Panel > then Add/Remove Programs and remove all older versions of Java.
  • Remove any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • These were in your add/Remove program list:
    • J2SE Runtime Environment 5.0 Update 10
    • J2SE Runtime Environment 5.0 Update 11
    • J2SE Runtime Environment 5.0 Update 5
    • J2SE Runtime Environment 5.0 Update 6
    • J2SE Runtime Environment 5.0 Update 9
    • Java 2 Runtime Environment, SE v1.4.2_05
    • Java(TM) SE Runtime Environment 6 Update 1
  • Reboot your computer once all Java components are removed to complete uninstall.
  • Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

-------------------------------------------------------------------

Please run this tool to see if it can show more about that Trend Micro warning.

Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single reply post and you will need to split it into separate reply post.

Please do the following:

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files.
It will create a folder named WinPFind3u on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Change settings Under Files/Folders Created Within-----
    • Click on 60 days
  • Change settings Under Files/Folders Modified Within-----
    • Click on 60 days
  • Next on the right side of screen Under Additional Scans
    • Put a checkmark in the box next to Reg-Disabled MS Config items
    • Put a checkmark in the box next to Reg-IE CmdMapping
    • Put a checkmark in the box next to Reg-Uninstall List
    • Put a checkmark in the box next to File-Additional Folder Scan
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Use the Add Reply button and Copy/Paste the information back here.

Note* If, after posting your reply, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into separate reply post.

----------------------------------------------------------------------

Post in next reply

Let me know about Norton and Zone Alarm?
WinpFind3u report
New HJT log
User avatar
tim s
MRU Honors Grad Emeritus
 
Posts: 1541
Joined: February 11th, 2006, 10:27 am

Unread postby Hank » August 8th, 2007, 12:10 pm

Hi Tim,

I have a folder where I could install Zone Alarm and then uninstall it, but nothing in my Add/Remove Programs. And no sign of Norton. I assume I should get rid of the older Ad-Aware SE I have.

WinPFind3.txt

WinPFind3 logfile created on: 08/08/2007 1:43:17 AM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\MIC\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5700.6)

1022.98 Mb Total Physical Memory | 465.16 Mb Available Physical Memory | 45.47% Memory free
2.41 Gb Paging File | 1.99 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 7.36 Gb Free Space | 9.87% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MDN
Current User Name: MIC
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
acs.exe -> %System32%\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 07/07/2004 3:16:24 PM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 20/02/2004 2:00:00 PM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 25/02/2003 7:08:00 PM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Modified Date = 30/10/2003 12:46:00 AM | Attr = ]
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5115 | Size = 339968 bytes | Modified Date = 10/07/2004 8:10:00 PM | Attr = ]
ceekey.exe -> %ProgramFiles%\TOSHIBA\E-KEY\CeEKey.exe -> COMPAL ELECTRONIC INC. [Ver = 2, 1, 0, 9 | Size = 643072 bytes | Modified Date = 06/08/2004 2:14:42 PM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 15/06/2004 11:44:06 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 22/05/2003 8:38:26 PM | Attr = ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 4:31:10 AM | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 8:38:42 AM | Attr = ]
hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,4,0,26 | Size = 57344 bytes | Modified Date = 03/07/2001 9:11:52 AM | Attr = ]
hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe -> [Ver = 2,4,0,26 | Size = 65536 bytes | Modified Date = 03/07/2001 9:17:04 AM | Attr = ]
hpwuschd.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 04/08/2003 5:28:18 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 9:36:32 AM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 30/10/2006 9:36:36 AM | Attr = ]
lvcomsx.exe -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 19/07/2005 4:32:18 PM | Attr = ]
ndstray.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 57 | Size = 892928 bytes | Modified Date = 13/07/2004 4:51:04 AM | Attr = ]
pnkbstra.exe -> %System32%\PnkBstrA.exe -> [Ver = | Size = 63040 bytes | Modified Date = 07/05/2007 10:22:56 PM | Attr = ]
ramasst.exe -> %System32%\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 13/03/2003 6:38:12 PM | Attr = ]
smoothview.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 02/03/2004 12:45:28 PM | Attr = ]
tavsvc.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavsvc.exe -> Trend Micro Inc. [Ver = 15.1.0.1206 | Size = 251408 bytes | Modified Date = 19/01/2007 5:48:58 PM | Attr = ]
tavui.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavui.exe -> Trend Micro Inc. [Ver = 15.1.0.2002 | Size = 4609288 bytes | Modified Date = 05/07/2007 8:09:54 PM | Attr = ]
tctrliohook.exe -> %System32%\TCtrlIOHook.exe -> TOSHIBA [Ver = 0, 8, 0, 0 | Size = 28672 bytes | Modified Date = 05/08/2004 8:49:24 PM | Attr = ]
tfncky.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.05.02 | Size = 114688 bytes | Modified Date = 26/07/2004 4:32:32 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 20/07/2004 12:04:00 AM | Attr = ]
tmproxy.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\Components\TmProxy.exe -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 566872 bytes | Modified Date = 10/01/2007 7:19:26 PM | Attr = ]
toscdspd.exe -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 05/09/2003 2:24:46 AM | Attr = ]
tpsbattm.exe -> %System32%\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Modified Date = 01/06/2004 7:43:10 PM | Attr = ]
tptray.exe -> %ProgramFiles%\TOSHIBA\TouchPad\TPTray.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 2 | Size = 53248 bytes | Modified Date = 28/07/2004 3:23:30 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 23/06/2007 3:15:54 PM | Attr = ]
zoominghook.exe -> %System32%\ZoomingHook.exe -> TOSHIBA [Ver = 1, 0, 0, 0 | Size = 24576 bytes | Modified Date = 14/07/2004 3:07:32 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %System32%\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 07/07/2004 3:16:24 PM | Attr = ]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 26/05/2006 10:50:04 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %System32%\ati2evxx.exe -> [Ver = | Size = 385024 bytes | Modified Date = 10/07/2004 5:35:00 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 30/05/2007 4:31:10 AM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 15/06/2004 11:44:06 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 22/05/2003 8:38:26 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 03/04/2005 11:41:10 PM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 30/10/2006 9:36:32 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\hpzipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 25/02/2004 10:18:00 PM | Attr = ]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %System32%\PnkBstrA.exe -> [Ver = | Size = 63040 bytes | Modified Date = 07/05/2007 10:22:56 PM | Attr = ]
(tavsvc) Trend Micro AntiVirus Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavsvc.exe -> Trend Micro Inc. [Ver = 15.1.0.1206 | Size = 251408 bytes | Modified Date = 19/01/2007 5:48:58 PM | Attr = ]
(tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\AntiVirus 2007\Components\TmProxy.exe -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 566872 bytes | Modified Date = 10/01/2007 7:19:26 PM | Attr = ]
(UleadBurningHelper) Ulead Burning Helper [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 12/11/2003 4:48:20 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 20/02/2004 2:00:00 PM | Attr = ]
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Modified Date = 30/10/2003 12:46:00 AM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5115 | Size = 339968 bytes | Modified Date = 10/07/2004 8:10:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> File not found
CeEKEY -> %ProgramFiles%\TOSHIBA\E-KEY\CeEKey.exe -> COMPAL ELECTRONIC INC. [Ver = 2, 1, 0, 9 | Size = 643072 bytes | Modified Date = 06/08/2004 2:14:42 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 20/07/2004 12:04:00 AM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 8:38:42 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 04/08/2003 5:28:18 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 30/10/2006 9:36:36 AM | Attr = ]
NDSTray.exe -> NDSTray.exe -> File not found
PadTouch -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 4, 0 | Size = 1089589 bytes | Modified Date = 03/02/2004 1:47:06 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25/10/2006 6:58:18 PM | Attr = ]
Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,4,0,26 | Size = 57344 bytes | Modified Date = 03/07/2001 9:11:52 AM | Attr = ]
SmoothView -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 02/03/2004 12:45:28 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 4:00:36 AM | Attr = ]
Symantec NetDriver Monitor -> %SystemDrive%\PROGRA~1\SYMNET~1\SNDMon.exe -> File not found
TCtryIOHook -> %System32%\TCtrlIOHook.exe -> TOSHIBA [Ver = 0, 8, 0, 0 | Size = 28672 bytes | Modified Date = 05/08/2004 8:49:24 PM | Attr = ]
TFncKy -> TFncKy.exe -> File not found
TPNF -> %ProgramFiles%\TOSHIBA\TouchPad\TPTray.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 1, 0, 2 | Size = 53248 bytes | Modified Date = 28/07/2004 3:23:30 PM | Attr = ]
TPSMain -> %System32%\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 278528 bytes | Modified Date = 01/06/2004 7:43:28 PM | Attr = ]
Trend Micro AntiVirus 2007 -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavui.exe -> Trend Micro Inc. [Ver = 15.1.0.2002 | Size = 4609288 bytes | Modified Date = 05/07/2007 8:09:54 PM | Attr = ]
Zone Labs Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> File not found
ZoomingHook -> %System32%\ZoomingHook.exe -> TOSHIBA [Ver = 1, 0, 0, 0 | Size = 24576 bytes | Modified Date = 14/07/2004 3:07:32 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
TOSCDSPD -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 05/09/2003 2:24:46 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\RAMASST.lnk -> %System32%\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 13/03/2003 6:38:12 PM | Attr = ]
< User Startup > -> C:\Documents and Settings\MIC\Start Menu\Programs\Startup ->
%UserStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 16/03/2005 7:16:50 PM | Attr = ]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 30/05/2007 4:29:58 AM | Attr = ]
< SharedTaskScheduler [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler ->
{af8bca8b-a9f1-471d-bdcd-caa14be2bdd9} [HKLM] -> Reg Data - Key not found [hemprich] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dl ... ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKLM: Start Page -> about:blank ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dl ... r=iesearch ->
HKCU: Start Page -> http://www.google.ca/ ->
HKCU: SearchAssistant -> http://ie.search.msn.com ->
HKCU: ProxyEnable -> 0 ->
HKCU: ProxyOverride -> localhost ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 AM | Attr = ]
{724d43a9-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [Reg Data - Value does not exist] -> Siber Systems [Ver = 6-8-7 | Size = 5391416 bytes | Modified Date = 09/02/2007 10:05:28 PM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 4:00:36 AM | Attr = ]
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [AcroIEToolbarHelper Class] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 1:03:46 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 1:03:46 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 1:03:46 AM | Attr = ]
{724d43a0-0d85-11d4-9908-00400523e39a} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-8-7 | Size = 5391416 bytes | Modified Date = 09/02/2007 10:05:28 PM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 1:03:46 AM | Attr = ]
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [Ver = | Size = 147456 bytes | Modified Date = 15/05/2003 1:03:46 AM | Attr = ]
WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} [HKLM] -> %ProgramFiles%\Siber Systems\AI RoboForm\roboform.dll [&RoboForm] -> Siber Systems [Ver = 6-8-7 | Size = 5391416 bytes | Modified Date = 09/02/2007 10:05:28 PM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 4:00:36 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 12/07/2007 4:00:36 AM | Attr = ]
{320AF880-6646-11D3-ABEE-C5DBF3571F46} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm [ButtonText: Fill Forms] -> File not found
{320AF880-6646-11D3-ABEE-C5DBF3571F49} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm [ButtonText: Save] -> File not found
{724d43aa-0d85-11d4-9908-00400523e39a} -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm [ButtonText: RoboForm] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Search -> -> File not found
Customize Menu -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htm -> File not found
E&xport to Microsoft Excel -> -> File not found
Fill Forms -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComFillForms.htm -> File not found
RoboForm Toolbar -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htm -> File not found
Save Forms -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboFormComSavePass.htm -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{2BABB95E-F9A7-47B4-8577-2650B536DC42} -> (Atheros AR5004G Wireless Network Adapter) ->
{54B037D4-F607-4FA9-8469-C4A921C346D2} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{685DB276-E460-4255-B8C9-24AD02F1D538} -> () ->
{E49C22F4-4FB0-4155-8E25-9B9F9B0A2ACC} -> (1394 Net Adapter) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 10/01/2007 7:20:10 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 10/01/2007 7:20:10 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 10/01/2007 7:20:10 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000028 -> %System32%\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 10/01/2007 7:20:10 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
bwfile-8876480 -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 13/03/2007 5:10:24 PM | Attr = ]
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.4 | Size = 81920 bytes | Modified Date = 22/12/2003 8:38:40 AM | Attr = ]
ic32pp -> %SystemRoot%\wc98pp.dll -> [Ver = | Size = 51712 bytes | Modified Date = 02/05/2005 3:54:46 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 27, 0 | Size = 1828440 bytes | Modified Date = 12/01/2007 12:50:48 PM | Attr = R ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/ka ... nicode.cab ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://by131fd.bay131.hotmail.msn.com/r ... nPUpld.cab ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebook.com/controls/Fac ... loader.cab ->
{62789780-B744-11D0-986B-00609731A21D} -> Autodesk MapGuide ActiveX Control - CodeBase = http://webmap.em.gov.bc.ca/mapplace/mgaxctrl.cab ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupda ... 6098484812 ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -> MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/Me ... b31267.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload2.macromedia.com/get/s ... wflash.cab ->
ppctlcab -> - CodeBase = http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
Adobe LM Service -> ->
Ati HotKey Poller -> ->
Avg7Alrt -> ->
Avg7UpdSvc -> ->
iPod Service -> ->
UleadBurningHelper -> ->
WMPNetworkSvc -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk -> %ProgramFiles%\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 6.0.1.2003102300 | Size = 217194 bytes | Modified Date = 23/10/2003 8:37:56 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 23/09/2005 9:05:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk -> %ProgramFiles%\palmOne\Hotsync.exe -> PalmSource, Inc [Ver = 6.0.1 | Size = 471040 bytes | Modified Date = 09/06/2004 1:16:08 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 16/09/2003 5:19:24 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 13/03/2007 5:10:24 PM | Attr = ]
C:^Documents and Settings^MIC^Start Menu^Programs^Startup^palmOne Registration.lnk -> -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.5115 | Size = 339968 bytes | Modified Date = 10/07/2004 8:10:00 PM | Attr = ]
EA Core -> %ProgramFiles%\Electronic Arts\EA Link\Core.exe -> Electronic Arts [Ver = 3.1.1.94 | Size = 2887680 bytes | Modified Date = 19/07/2007 8:02:54 AM | Attr = ]
Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> [Ver = | Size = 168448 bytes | Modified Date = 22/11/2005 10:02:04 AM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 22/12/2003 8:38:42 AM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd.exe -> Hewlett-Packard [Ver = 1, 0, 0, 3 | Size = 49152 bytes | Modified Date = 04/08/2003 5:28:18 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 30/10/2006 9:36:36 AM | Attr = ]
LDM -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 13/03/2007 5:10:24 PM | Attr = ]
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 08/06/2005 1:44:14 PM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 08/06/2005 2:24:32 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 08/06/2005 2:14:44 PM | Attr = ]
mssSort -> %ProgramFiles%\Maxtor\Maxtor Quick Start\msssort.exe -> Maxtor [Ver = 1, 0, 0, 3 | Size = 45056 bytes | Modified Date = 10/01/2005 7:53:12 AM | Attr = ]
NDSTray.exe -> NDSTray.exe -> File not found
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 09/07/2001 11:50:42 AM | Attr = ]
PadTouch -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 4, 0 | Size = 1089589 bytes | Modified Date = 03/02/2004 1:47:06 PM | Attr = ]
Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe -> [Ver = | Size = 135168 bytes | Modified Date = 04/02/2005 3:32:52 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 25/10/2006 6:58:18 PM | Attr = ]
RoboForm -> %ProgramFiles%\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe -> Siber Systems [Ver = 6-8-7 | Size = 160832 bytes | Modified Date = 09/02/2007 10:05:28 PM | Attr = ]
Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,4,0,26 | Size = 57344 bytes | Modified Date = 03/07/2001 9:11:52 AM | Attr = ]
SkypeMate -> %ProgramFiles%\SkypeMate\SkypeMate.exe -> File not found
SmoothView -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 02/03/2004 12:45:28 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> File not found
ZoomingHook -> %System32%\ZoomingHook.exe -> TOSHIBA [Ver = 1, 0, 0, 0 | Size = 24576 bytes | Modified Date = 14/07/2004 3:07:32 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8192 - Sun Java Console ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Data - Value does not exist ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8194 - Reg Data - Key not found ->
NextId -> 8195 ->
< Uninstall List > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{008D69EB-70FF-46AB-9C75-924620DF191A} -> TOSHIBA Speech System SR Engine(U.S.) Version1.0 ->
{0169C189-FB39-4756-B9A3-6B816C52357D} -> ESRI Software Documentation Library ->
{02EED746-8C5A-43C8-BB3D-D29C8B363A4D} -> TOSHIBA Zooming Hotkey Hook ->
{068502DA-6979-4D9A-BBE1-C3AD0FF11F19} -> Ulead DVD MovieFactory 3 Disc Creator ->
{06F80017-8F98-4C94-B868-52358569FC32} -> Command & Conquer Generals ->
{0BEDBD4E-2D34-47B5-9973-57E62B29307C} -> ATI Control Panel ->
{11B569C2-4BF6-4ED0-9D17-A4273943CB24} -> Adobe Photoshop Album 2.0 Starter Edition ->
{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -> Sonic DLA ->
{18E0918E-1060-48f3-925C-56C82E88551B} -> HP PSC & OfficeJet 3.5 ->
{19E6ECAE-E43E-4551-887D-E8F2680EDF8C} -> SketchUp 5 Symbols Library ->
{1C875160-7E87-45C6-85C5-4FE2A840A3B8} -> Maxtor Quick Start ->
{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54} -> DocProc ->
{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk -> Google Talk (remove only) ->
{22988B2A-374A-4A7B-B795-A1AFF2046BE9} -> PhotoGallery ->
{236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 ->
{257EC58E-03FD-472B-A9B6-93F23A3C4CB0} -> Scan ->
{295C7ABA-3D12-11D5-99EB-0080C82BC2DE} -> Sothink HTML Editor 2.5 ->
{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0} -> SkinsHP1 ->
{2A9F95AB-65A3-432c-8631-B8BC5BF7477A} -> The Battle for Middle-earth (tm) II ->
{2ADA4418-24AC-45A2-BF76-DCB733263FC9} -> SketchUp 5 Film & Stage ->
{2BD5C305-1B27-4D41-B690-7A61172D2FEB} -> Macromedia Flash 8 ->
{2CC982C0-7EAE-11D4-ACC3-0050568AD318} -> Avery DesignPro ->
{2D54D793-57C0-4A38-B043-50125C347043} -> Geosoft Plug-In for ArcGIS ->
{2FCE4FC5-6930-40E7-A4F1-F862207424EF} -> InterVideo WinDVD Creator 2 ->
{3248F0A8-6813-11D6-A77B-00B0D0160020} -> Java(TM) 6 Update 2 ->
{34957B51-9676-41CE-9E52-44AE91B73F1C} -> HP Software Update ->
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP ->
{35D027A4-57BA-4E59-94DB-DFB36FFFDC1E} -> Remote Desktop Connection ->
{3822C803-791C-4871-BC77-CB1A0C4301E2} -> ArcGIS Plug-in with ECW Compressor ->
{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC} -> TOSHIBA Console ->
{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF} -> HPSystemDiagnostics ->
{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} -> Skype Plugin Manager ->
{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B} -> Google Earth ->
{3E166714-D5E1-4215-8D68-58452EAA46F1} -> ArcGIS Desktop Developer Kit ->
{3FBF6F99-8EC6-41B4-8527-0A32241B5496} -> TOSHIBA Speech System TTS Engine(U.S.) Version1.0 ->
{40F8FD5F-4701-48D6-A8FC-1F188007DF38} -> ArcGIS Desktop ->
{415B8A4E-0EA2-4C69-975C-EEE07B837FD7} -> Unload ->
{446DBFFA-4088-48E3-8932-74316BA4CAE4} -> iTunes ->
{47813E93-F2A0-484A-838E-47EC1B28D190} -> Adobe Stock Photos 1.0 ->
{47C25360-AEBC-4B21-B233-87CE653B3369} -> AIOMinimal ->
{48242276-DB89-42e8-9678-BD4280D7B99A} -> Copy ->
{505AFDC0-5E72-4928-8368-5DEA385E3647} -> CorelDRAW Graphics Suite 12 ->
{50D8FFDD-90CD-4859-841F-AA1961C7767A} -> QuickTime ->
{5285D66D-B53C-4014-B4E8-0EC0FFF86154} -> SketchUp 5 Shape File Importer ->
{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} -> Macromedia Extension Manager ->
{55DCBED7-5710-4939-A928-4CBD9AB09EBB} -> 1310_Help ->
{5786D2C8-A4C4-4DDB-B671-8ED2A53310EC} -> 1310Tour ->
{57C7C46A-D35D-492d-A328-4F8C9B5B4B52} -> PrintScreen ->
{58F8C6D9-5B55-486A-A322-4E8D87670031} -> Canon MP Drivers ->
{59FDFDFB-52FE-45B1-8A2A-A00079B07FF0} -> TOSHIBA Power Saver Driver ->
{5BCA8D15-BCB6-421E-9654-238B43456A4F} -> TOSHIBA Controls Driver ->
{5D96E2B1-D9AC-46E0-9073-425C5F63E338} -> Touch and Launch ->
{64212898-097F-4F3F-AECA-6D34A7EF82DF} -> TOSHIBA Zooming Utility ->
{6864A62D-3EF3-415F-9922-240EED34B4C0} -> Fax ->
{6AC7F416-78D5-4D98-B104-F8A39B2CF3A7} -> ArcGIS Tutorial Data ->
{6B36DEBF-27D0-4B1E-858D-D397091C6C7D} -> HP Precisionscan Pro 3.1 ->
{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE} -> Atheros Client Utility ->
{71E4D679-20AB-41E9-A350-D5BF92088FFE} -> Trend Micro AntiVirus ->
{723C033E-63EA-4227-BAB2-0AA8693C16EB} -> Director ->
{73528D51-8A68-4223-98C3-433C09B847A8} -> Google Earth and 3D Warehouse Plugin ->
{745A92AF-53B4-41A7-91C3-9B026B1D5897} -> InstantShare ->
{748F4870-8350-11D3-B0BF-080009FB4A19} -> HP Share-to-Web ->
{786C5747-1437-443D-B06E-79A00FE45110} -> Adobe Stock Photos 1.0 ->
{81DD5688-695A-4c1d-AE7D-368BF857725A} -> TrayApp ->
{862E85C6-3A84-444C-A9B8-456E8115C392} -> SketchUp 5 Transportation Library ->
{8777AC6D-89F9-4793-8266-DE406F343E89} -> QFolder ->
{885A63EA-382B-4DD4-A755-14809B8557D6} -> Macromedia Flash Player 8 ->
{896D642C-7125-44F0-AC49-A23ABF82209C} -> CDBurnerXP Pro 3 ->
{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E} -> The Lord of the Rings, The Rise of the Witch-king ->
{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} -> Macromedia Flash 8 Video Encoder ->
{8EDBA74D-0686-4C99-BFDD-F894678E5102} -> Adobe Common File Installer ->
{8FFC924C-ED06-44CB-8867-3CA778ECE903} -> Adobe Help Center 2.0 ->
{900B1197-53F5-4F46-A882-2CFFFE2EEDCB} -> Logitech Desktop Messenger ->
{90280409-6000-11D3-8CFE-0050048383C9} -> Microsoft Office XP Professional with FrontPage ->
{91057632-CA70-413C-B628-2D3CDBBB906B} -> Macromedia Flash Player 8 Plugin ->
{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} -> InterVideo WinDVD for TOSHIBA ->
{91A10409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office OneNote 2003 ->
{9541FED0-327F-4DF0-8B96-EF57EF622F19} -> Sonic RecordNow! ->
{95720E85-F3FB-4F95-9399-7E3E3E26D7AB} -> hp designjet printer software ->
{97AA0C55-AFAD-4126-B21C-F1318FB6DADA} -> Realtek Fast Ethernet Adapter Driver ->
{99D48FBB-2DEF-49A9-BCC9-C5AF63DD2643} -> AiOSoftware ->
{9B03C535-3AEA-4ef2-B326-0A01A2207034} -> CreativeProjects ->
{9D765FA6-F2BC-40AF-8145-50808F9BDF4E} -> DVD-RAM Driver ->
{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD} -> ALPS Touch Pad Driver ->
{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D} -> CD/DVD Drive Acoustic Silencer ->
{A32A6393-37DA-4E44-BB9F-C4F384F89EB9} -> HP System maintenance for HP Designjet 30 130 series ->
{A3DDA019-40B7-491C-AC88-62B94491FE8A} -> TouchPad On/Off Utility ->
{A535CF14-E12F-40B0-B6A3-6E214EA12CD3} -> SketchUp 5 Architecture Library ->
{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6} -> TOSHIBA Controls ->
{AC76BA86-0000-0000-0000-6028747ADE01} -> Adobe Acrobat - Reader 6.0.2 Update ->
{AC76BA86-0000-7EC8-7489-000000000603} -> Adobe Acrobat and Reader 6.0.3 Update ->
{AC76BA86-0000-7EC8-7489-000000000604} -> Adobe Acrobat and Reader 6.0.4 Update ->
{AC76BA86-0000-7EC8-7489-000000000605} -> Adobe Acrobat and Reader 6.0.5 Update ->
{AC76BA86-0000-7EC8-7489-000000000606} -> Adobe Acrobat and Reader 6.0.6 Update ->
{AC76BA86-1033-0000-7760-000000000001} -> Adobe Acrobat 6.0.1 Professional ->
{AC76BA86-7AD7-1033-7B44-A70800000002} -> Adobe Reader 7.0.8 ->
{AC76BA86-7AD7-1033-7B44-A70900000002} -> Adobe Reader 7.0.9 ->
{AEC20FEC-47D8-4DEA-85D7-0B7E5D905D11} -> AiO_Scan ->
{B357C4B4-9024-4B64-9B3F-A6729031C3DD} -> SketchUp 5 ->
{B556F76D-6EF7-49F4-9B50-09C987A2D318} -> Autodesk MapGuide(R) Author Release 6.5 ->
{B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player ->
{B74D4E10-6884-0000-0000-000000000103} -> Adobe Bridge 1.0 ->
{BC339BFD-F550-471a-8D26-4D08126C62F7} -> SkinsHP2 ->
{BC842852-5787-441A-90C1-5F315531BCE3} -> SketchUp 5 Construction Library ->
{BC8A5730-3899-4D7E-88D7-1BACDEED244A} -> ESRI Software Documentation Library ->
{BDD83DC9-BEE9-4654-A5DA-CC46C250088D} -> TOSHIBA ConfigFree ->
{BDFE199D-E889-4BB6-BECB-C4BDF5700849} -> Documents To Go ->
{C2723491-AE54-4E40-884C-A8EA9D3FA1EA} -> SketchUp 5 ESRI Plug-in ->
{C2EEB862-C767-11D5-8626-00C04F0134D4}_0 -> Bentley MicroStation (V 08.00.00.21) - 1 ->
{C43048A9-742C-4DAD-90D2-E3B53C9DB825} -> Logitech QuickCam Software ->
{C57F9385-D167-4829-BD5C-E75D08FC23CE} -> Autodesk MapGuide(R) Release 6.5 Documentation ->
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1 ->
{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F} -> QuickProjects ->
{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5} -> MSN Messenger 7.5 ->
{D186329B-1B4D-408D-ABEC-EA5CE1F182C9} -> Overland ->
{DD362256-A7A2-4524-9457-213DDC2AFC2A} -> Adobe After Effects 7.0 ->
{DE9EB40D-3D05-4099-92C2-CDAB50DAC1ED} -> SketchUp 5 Film & Stage Library ->
{E0CA85B5-113A-4E76-A018-6D7ECE65767D} -> ArcGIS Tutorial Data ->
{E3CE7F91-80C0-471B-8D38-905109BA9170} -> SketchUp 5 Mechanical Design Library ->
{E443F067-3345-482C-BD7A-12675A53D292} -> Readme ->
{E7A6ED40-F230-11D4-BBC4-00104B991322} -> VBA (2720) ->
{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC} -> Battlefield 2142 ->
{EDAA5D11-FAA6-425A-AF9D-0D7B5FCDCD74} -> SketchUp 5 Landscape Architecture Library ->
{EE033C1F-443E-41EC-A0E2-559B539A4E4D} -> TOSHIBA Speech System Applications ->
{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} -> Command and ConquerTM Generals Zero Hour ->
{F5577101-33CC-4711-8235-3A95BCD49DB0} -> EA Link ->
{F730A60D-F6DA-4653-9C6E-548F7A3A5EE0} -> 1310Trb ->
{F9450605-65E7-45E4-B071-BD759E10F072} -> TOSHIBA Hotkey Utility ->
{F9B0968A-810E-484C-B81D-7F19DC2CBBF5} -> 1310 ->
{FA0951BF-BBC4-407B-A9C4-92A37EAE3AF3} -> SketchUp 5 People Library ->
{FA17A726-B229-4116-B793-A2AB1A4EAE2E} -> Adobe Premiere Pro 2.0 ->
{FB08F381-6533-4108-B7DD-039E11FBC27E} -> Realtek AC'97 Audio ->
{FBBF532A-47AC-457d-AC06-0D3163D8911E} -> WebReg ->
{FF8157AA-F640-45BD-B7C2-BAA1016B267A} -> palmOne ->
Ad-Aware SE Professional -> Ad-Aware SE Professional ->
Adobe Acrobat 5.0 -> Adobe Acrobat 5.0 ->
Adobe After Effects 7.0 -> Adobe After Effects 7.0 ->
Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 ->
Adobe Premiere Pro 2.0 -> Adobe Premiere Pro 2.0 ->
Adobe Shockwave Player -> Adobe Shockwave Player ->
AI RoboForm -> AI RoboForm (All Users) ->
All ATI Software -> ATI - Software Uninstall Utility ->
ATI Display Driver -> ATI Display Driver ->
AVGAntiSpyware75 -> AVG Anti-Spyware 7.5 ->
CANONBJ_Deinstall_CNMCP50.DLL -> Canon i250 ->
CONTACT ORGANIZER DELUXE (S) -> CONTACT ORGANIZER DELUXE (S) ->
dBpowerAMP Music Converter -> dBpowerAMP Music Converter ->
DFX for Winamp -> DFX 8 for Winamp ->
Didger 2 -> Didger 2 ->
DigDB_is1 -> DigDB 7.1 for Excel2000/2002/XP/2003 ->
DivX Content Uploader -> DivX Content Uploader ->
D-Link CIF Webcam -> D-Link CIF Webcam ->
ET GeoWizards 9.2 -> ET GeoWizards 9.2 ->
Final Draft 5 -> Final Draft 5 ->
Flash to Video Encoder Pro_is1 -> Flash to Video Encoder Pro ->
Google Desktop -> Google Desktop ->
HijackThis -> HijackThis 2.0.2 ->
HP Photo & Imaging -> HP Image Zone 3.5 ->
HTML Password Lock_is1 -> HTML Password Lock 3.2.9 ->
Icefield Inclin for PalmOS -> Icefield Inclin for PalmOS ->
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ->
ie7 -> Windows Internet Explorer 7 ->
ie7beta3 -> Windows Internet Explorer 7 Beta 3 ->
InclinDOS -> InclinDOS ->
InclinWin -> InclinWin ->
InstallShield_{06F80017-8F98-4C94-B868-52358569FC32} -> Command & Conquer Generals ->
InstallShield_{1C875160-7E87-45C6-85C5-4FE2A840A3B8} -> Maxtor Quick Start ->
InstallShield_{A3DDA019-40B7-491C-AC88-62B94491FE8A} -> TouchPad On/Off Utility ->
InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} -> Command and ConquerTM Generals Zero Hour ->
InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0} -> EA Link ->
InstallShield_{F9450605-65E7-45E4-B071-BD759E10F072} -> TOSHIBA Hotkey Utility ->
i-Sound WMA MP3 Recorder_is1 -> i-Sound Pro 6.60 ->
Kaspersky Online Scanner -> Kaspersky Online Scanner ->
KB888302 -> Windows XP Hotfix - KB888302 ->
KB893803v2 -> Windows Installer 3.1 (KB893803) ->
KB915865 -> Hotfix for Windows XP (KB915865) ->
KB926239 -> Hotfix for Windows XP (KB926239) ->
LimeWire -> LimeWire 4.9.30 ->
Logitech Print Service -> Logitech Print Service ->
M886903 -> Microsoft .NET Framework 1.1 Hotfix (KB886903) ->
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1 ->
Mozilla Firefox (2.0.0.5) -> Mozilla Firefox (2.0.0.5) ->
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP ->
Nero - Burning Rom!UninstallKey -> Nero 6 Ultra Edition ->
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs ->
PageBreeze Free HTML Editor -> PageBreeze Free HTML Editor ->
PC Diagnostic Tool -> TOSHIBA PC Diagnostic Tool ->
Picasa2 -> Picasa 2 ->
Power Saver -> TOSHIBA Power Saver ->
ProFile -> ProFile - Uninstall Only ->
Python 2.1 -> Python 2.1 ->
Python 2.1 combined Win32 extensions -> Python 2.1 combined Win32 extensions ->
QcDrv -> Logitech® Camera Driver ->
ShockwaveFlash -> Adobe Flash Player 9 ActiveX ->
Skype_is1 -> Skype 3.1 ->
SplashStream -> SplashStream 6.0 ->
Surfer 7 -> Surfer 7 ->
SurfOffline -> SurfOffline (remove only) ->
TOSHIBA Software Modem -> TOSHIBA Software Modem ->
Toshiba Tbiosdrv Driver -> Toshiba Tbiosdrv Driver ->
Winamp -> Winamp (remove only) ->
Windows Media Format Runtime -> Windows Media Format 11 runtime ->
Windows Media Player -> Windows Media Player 11 ->
WinRAR archiver -> WinRAR archiver ->
WinZip -> WinZip ->
WMFDist11 -> Windows Media Format 11 runtime ->
wmp11 -> Windows Media Player 11 ->
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 ->


[Files/Folders - Created Within 60 days]
canonbj -> %SystemDrive%\canonbj -> [Folder | Created Date = 05/07/2007 1:09:13 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 06/08/2007 11:26:01 PM | Attr = ]
Driver -> %SystemDrive%\Driver -> [Folder | Created Date = 05/07/2007 10:07:01 AM | Attr = ]
GOLD -> %SystemDrive%\GOLD -> [Folder | Created Date = 12/07/2007 3:37:44 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072746496 bytes | Created Date = 01/01/1601 8:00:00 AM | Attr = HS]
info -> %SystemDrive%\info -> [Folder | Created Date = 02/08/2007 11:30:41 AM | Attr = ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 03/08/2007 9:38:44 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Created Date = 05/07/2007 1:00:38 PM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Created Date = 02/08/2007 9:54:06 AM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Created Date = 02/08/2007 8:49:39 AM | Attr = H ]
ACLASS.DMF -> %SystemRoot%\ACLASS.DMF -> [Ver = | Size = 74 bytes | Created Date = 05/07/2007 10:06:51 AM | Attr = H ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 03/08/2007 9:26:46 AM | Attr = ]
dvdrgn.exe -> %SystemRoot%\dvdrgn.exe -> [Ver = | Size = 57344 bytes | Created Date = 05/07/2007 10:06:44 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 03/08/2007 9:28:33 AM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 03/08/2007 9:26:46 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 07/08/2007 1:30:49 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 07/08/2007 1:30:49 PM | Attr = H ]
temp -> %SystemRoot%\temp -> [Folder | Created Date = 06/08/2007 11:38:04 PM | Attr = ]
uce.dat -> %SystemRoot%\uce.dat -> [Ver = | Size = 74 bytes | Created Date = 28/06/2007 2:04:47 PM | Attr = H ]
CNMCP50.exe -> %System32%\CNMCP50.exe -> CANON INC. [Ver = 1.70.2.0 | Size = 73728 bytes | Created Date = 05/07/2007 1:09:40 PM | Attr = ]
CNMLM50.DLL -> %System32%\CNMLM50.DLL -> CANON INC. [Ver = 1.70.2.1 | Size = 100352 bytes | Created Date = 05/07/2007 1:09:50 PM | Attr = ]
CNMVS50.DLL -> %System32%\CNMVS50.DLL -> [Ver = | Size = 5632 bytes | Created Date = 05/07/2007 1:09:50 PM | Attr = ]
DKRNL.JAX -> %System32%\DKRNL.JAX -> [Ver = | Size = 24 bytes | Created Date = 28/06/2007 2:28:08 PM | Attr = ]
ealregsnapshot1.reg -> %System32%\ealregsnapshot1.reg -> [Ver = | Size = 13340 bytes | Created Date = 23/07/2007 7:45:07 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 08/08/2007 12:36:00 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Created Date = 08/08/2007 12:36:00 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 08/08/2007 12:36:00 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 08/08/2007 12:36:00 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 06/08/2007 11:41:13 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 03/08/2007 9:26:46 AM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 03/08/2007 9:26:46 AM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 03/08/2007 9:26:46 AM | Attr = ]
vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 03/08/2007 9:26:46 AM | Attr = ]
AU_Backup -> %System32%\drivers\AU_Backup -> [Folder | Created Date = 02/08/2007 10:22:30 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 03/08/2007 4:58:09 PM | Attr = ]
tmcomm.cat -> %System32%\drivers\tmcomm.cat -> [Ver = | Size = 10612 bytes | Created Date = 02/08/2007 10:22:30 AM | Attr = ]
tmcomm.inf -> %System32%\drivers\tmcomm.inf -> [Ver = | Size = 2454 bytes | Created Date = 02/08/2007 10:22:30 AM | Attr = ]
tmcomm.sys -> %System32%\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1052 | Size = 102800 bytes | Created Date = 02/08/2007 10:17:07 AM | Attr = ]
tmpreflt.sys -> %System32%\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.320.0.1004 | Size = 32528 bytes | Created Date = 02/08/2007 10:17:08 AM | Attr = ]
2 -> %System32%\drivers\AU_Backup\2 -> [Folder | Created Date = 02/08/2007 10:22:30 AM | Attr = ]
AuBackup.ini -> %System32%\drivers\AU_Backup\AuBackup.ini -> [Ver = | Size = 420 bytes | Created Date = 02/08/2007 10:22:34 AM | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 734 bytes | Created Date = 01/08/2007 5:02:03 PM | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 734 bytes | Created Date = 01/08/2007 5:02:03 PM | Attr = ]
553648256 -> %System32%\drivers\AU_Backup\2\553648256 -> [Folder | Created Date = 02/08/2007 10:22:30 AM | Attr = ]
backup.000 -> %System32%\drivers\AU_Backup\2\553648256\backup.000 -> Trend Micro Inc. [Ver = 1.6.0.1049 | Size = 94480 bytes | Created Date = 02/08/2007 10:22:30 AM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Created Date = 03/08/2007 4:58:06 PM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Created Date = 06/08/2007 11:41:15 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Created Date = 01/08/2007 9:33:30 AM | Attr = ]
@Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMP:44DAF2F1 ->
Trend Micro -> %AllUsersAppData%\Trend Micro -> [Folder | Created Date = 01/08/2007 4:46:56 PM | Attr = ]
Ulead Systems -> %AllUsersAppData%\Ulead Systems -> [Folder | Created Date = 28/06/2007 2:04:45 PM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Created Date = 03/08/2007 4:59:18 PM | Attr = ]
Ulead Systems -> %UserAppData%\Ulead Systems -> [Folder | Created Date = 28/06/2007 2:28:08 PM | Attr = ]
WMTools Downloaded Files -> %LocalAppData%\WMTools Downloaded Files -> [Folder | Created Date = 13/06/2007 1:24:22 PM | Attr = ]
callburner -> %UserDocuments%\callburner -> [Folder | Created Date = 13/06/2007 11:16:34 AM | Attr = ]
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 02/08/2007 8:40:57 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier ->
lamemp3 -> %UserDocuments%\lamemp3 -> [Folder | Created Date = 29/06/2007 12:32:43 PM | Attr = ]
mplat -> %UserDocuments%\mplat -> [Folder | Created Date = 29/06/2007 12:14:56 PM | Attr = ]
PCC15.3_b1239_Small_TMWebsite.exe -> %UserDocuments%\PCC15.3_b1239_Small_TMWebsite.exe -> Trend Micro [Ver = 1.0.0.95 | Size = 53985488 bytes | Created Date = 01/08/2007 4:26:49 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\PCC15.3_b1239_Small_TMWebsite.exe:Zone.Identifier ->
PowerGramo Records -> %UserDocuments%\PowerGramo Records -> [Folder | Created Date = 29/06/2007 12:27:19 PM | Attr = ]
TrendMicroPCCsmall -> %UserDocuments%\TrendMicroPCCsmall -> [Folder | Created Date = 01/08/2007 4:29:44 PM | Attr = ]
Ulead DVD MovieFactory -> %UserDocuments%\Ulead DVD MovieFactory -> [Folder | Created Date = 05/07/2007 10:09:18 AM | Attr = ]
Untitled-2.c3d -> %UserDocuments%\Untitled-2.c3d -> [Ver = | Size = 5632 bytes | Created Date = 28/06/2007 2:42:54 PM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 855 bytes | Created Date = 03/08/2007 4:58:13 PM | Attr = ]
Trend Micro AntiVirus 2007.lnk -> %AllUsersDesktop%\Trend Micro AntiVirus 2007.lnk -> [Ver = | Size = 1763 bytes | Created Date = 02/08/2007 10:16:59 AM | Attr = ]
Ulead DVD MovieFactory 3 Disc Creator Trial.lnk -> %AllUsersDesktop%\Ulead DVD MovieFactory 3 Disc Creator Trial.lnk -> [Ver = | Size = 2041 bytes | Created Date = 05/07/2007 10:06:51 AM | Attr = ]
Ulead DVD Player.lnk -> %AllUsersDesktop%\Ulead DVD Player.lnk -> [Ver = | Size = 2213 bytes | Created Date = 05/07/2007 10:06:47 AM | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 03/08/2007 4:41:36 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Created Date = 03/08/2007 4:54:24 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier ->
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1408767 bytes | Created Date = 03/08/2007 9:25:32 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
Comp 1.flv -> %UserDesktop%\Comp 1.flv -> [Ver = | Size = 176724 bytes | Created Date = 31/07/2007 9:44:35 PM | Attr = ]
Comp 1.swf -> %UserDesktop%\Comp 1.swf -> [Ver = | Size = 150390 bytes | Created Date = 31/07/2007 9:45:45 PM | Attr = ]
Comp 1R.htm -> %UserDesktop%\Comp 1R.htm -> [Ver = | Size = 1363 bytes | Created Date = 31/07/2007 9:45:45 PM | Attr = ]
DSC_0001.JPG -> %UserDesktop%\DSC_0001.JPG -> [Ver = | Size = 4510723 bytes | Created Date = 09/07/2007 2:40:22 PM | Attr = ]
DSC_0002.JPG -> %UserDesktop%\DSC_0002.JPG -> [Ver = | Size = 3840589 bytes | Created Date = 09/07/2007 2:40:34 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1740 bytes | Created Date = 02/08/2007 8:41:40 AM | Attr = ]
jre-6u2-windows-i586-p.exe -> %UserDesktop%\jre-6u2-windows-i586-p.exe -> [Ver = | Size = 14566808 bytes | Created Date = 07/08/2007 9:08:22 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u2-windows-i586-p.exe:Zone.Identifier ->
Newsreel Invoice 118.pdf -> %UserDesktop%\Newsreel Invoice 118.pdf -> [Ver = | Size = 10941 bytes | Created Date = 10/07/2007 11:52:22 AM | Attr = ]
SetupDVDDecrypter_3.5.4.0.exe -> %UserDesktop%\SetupDVDDecrypter_3.5.4.0.exe -> [Ver = | Size = 899414 bytes | Created Date = 21/07/2007 4:30:07 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SetupDVDDecrypter_3.5.4.0.exe:Zone.Identifier ->
SureThing_Label_Templates_PSD.zip -> %UserDesktop%\SureThing_Label_Templates_PSD.zip -> [Ver = | Size = 179989 bytes | Created Date = 05/07/2007 3:07:21 PM | Attr = ]
TAV15.1 -> %UserDesktop%\TAV15.1 -> [Folder | Created Date = 02/08/2007 9:51:31 AM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.05.0006 | Size = 109056 bytes | Created Date = 02/08/2007 10:57:41 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Created Date = 08/08/2007 12:42:29 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355277 bytes | Created Date = 08/08/2007 12:41:06 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Ulead Systems -> %CommonProgramFiles%\Ulead Systems -> [Folder | Created Date = 05/07/2007 10:05:52 AM | Attr = ]

[Files/Folders - Modified Within 60 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 12/07/2007 1:05:06 PM | Attr = HS]
canonbj -> %SystemDrive%\canonbj -> [Folder | Modified Date = 05/07/2007 1:09:14 PM | Attr = ]
ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 06/08/2007 11:38:08 PM | Attr = ]
Driver -> %SystemDrive%\Driver -> [Folder | Modified Date = 05/07/2007 10:07:02 AM | Attr = ]
GOLD -> %SystemDrive%\GOLD -> [Folder | Modified Date = 12/07/2007 3:38:04 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072746496 bytes | Modified Date = 08/08/2007 12:30:44 AM | Attr = HS]
info -> %SystemDrive%\info -> [Folder | Modified Date = 02/08/2007 11:30:42 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 06/08/2007 11:35:46 PM | Attr = R ]
QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 03/08/2007 9:38:46 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 05/07/2007 1:00:42 PM | Attr = ]
ttt.ttt -> %SystemDrive%\ttt.ttt -> [Ver = | Size = 2866 bytes | Modified Date = 02/08/2007 4:59:18 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 08/08/2007 12:31:40 AM | Attr = ]
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ -> [Folder | Modified Date = 02/08/2007 9:54:32 AM | Attr = H ]
$NtUninstallKB888302$ -> %SystemRoot%\$NtUninstallKB888302$ -> [Folder | Modified Date = 02/08/2007 8:49:42 AM | Attr = H ]
ACLASS.DMF -> %SystemRoot%\ACLASS.DMF -> [Ver = | Size = 74 bytes | Modified Date = 31/07/2007 2:53:44 PM | Attr = H ]
ArcView9x.INI -> %SystemRoot%\ArcView9x.INI -> [Ver = | Size = 529 bytes | Modified Date = 12/07/2007 1:31:16 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 08/08/2007 12:30:46 AM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Modified Date = 20/07/2007 12:47:24 AM | Attr = ]
CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 04/08/2007 8:13:32 AM | Attr = HS]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 06/08/2007 11:41:16 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 03/08/2007 9:40:00 AM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 06/07/2007 2:53:58 PM | Attr = R S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 02/08/2007 3:51:16 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -&g
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm

Unread postby Hank » August 8th, 2007, 12:14 pm

cont'd i started with one line above just to make sure it was all in

Help -> %SystemRoot%\Help -> [Folder | Modified Date = 02/08/2007 3:51:16 PM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 02/08/2007 8:57:02 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 06/08/2007 11:41:14 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 08/08/2007 12:36:04 AM | Attr = HS]
Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 01/08/2007 4:04:10 PM | Attr = ]
Media -> %SystemRoot%\Media -> [Folder | Modified Date = 09/07/2007 3:30:00 PM | Attr = ]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 1072775168 bytes | Modified Date = 01/08/2007 12:07:28 AM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 01/08/2007 12:07:36 AM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 07/08/2007 5:56:00 PM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 17/06/2007 12:11:58 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 08/08/2007 12:43:14 AM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 09/07/2007 11:28:24 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 07/08/2007 1:30:50 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 07/08/2007 1:30:50 PM | Attr = H ]
setupapi.log.0.old -> %SystemRoot%\setupapi.log.0.old -> [Ver = | Size = 1034043 bytes | Modified Date = 01/08/2007 6:33:42 PM | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 02/08/2007 10:53:34 PM | Attr = ]
system -> %SystemRoot%\system -> [Folder | Modified Date = 21/07/2007 12:14:52 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 12/07/2007 1:05:06 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 08/08/2007 12:37:32 AM | Attr = HS]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 03/08/2007 4:28:48 PM | Attr = S]
temp -> %SystemRoot%\temp -> [Folder | Modified Date = 07/08/2007 11:52:26 PM | Attr = ]
uce.dat -> %SystemRoot%\uce.dat -> [Ver = | Size = 74 bytes | Modified Date = 29/06/2007 4:37:16 PM | Attr = H ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 750 bytes | Modified Date = 12/07/2007 1:05:06 PM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/07/2007 3:33:28 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 08/08/2007 12:30:48 AM | Attr = H ]
AdobeFnt07.lst -> %System32%\AdobeFnt07.lst -> [Ver = | Size = 327944 bytes | Modified Date = 31/07/2007 10:35:26 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 06/08/2007 11:41:14 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 03/08/2007 9:40:50 AM | Attr = ]
DKRNL.JAX -> %System32%\DKRNL.JAX -> [Ver = | Size = 24 bytes | Modified Date = 28/06/2007 2:28:10 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 02/08/2007 4:34:24 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 06/08/2007 11:26:26 PM | Attr = ]
ealregsnapshot1.reg -> %System32%\ealregsnapshot1.reg -> [Ver = | Size = 13340 bytes | Modified Date = 23/07/2007 7:45:08 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 316360 bytes | Modified Date = 01/08/2007 3:38:56 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 12/07/2007 1:22:00 AM | Attr = ]
javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Modified Date = 12/07/2007 2:22:36 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 12/07/2007 1:22:04 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Modified Date = 12/07/2007 2:22:38 AM | Attr = ]
Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 06/08/2007 11:41:14 PM | Attr = ]
ktrxe.dll -> %System32%\ktrxe.dll -> [Ver = | Size = 8704 bytes | Modified Date = 31/07/2007 4:27:34 PM | Attr = S]
lsprst7.dll -> %System32%\lsprst7.dll -> [Ver = | Size = 205 bytes | Modified Date = 31/07/2007 4:27:34 PM | Attr = ]
lsprst7.tgz -> %System32%\lsprst7.tgz -> [Ver = | Size = 219 bytes | Modified Date = 31/07/2007 4:27:34 PM | Attr = ]
PnkBstrB.exe -> %System32%\PnkBstrB.exe -> [Ver = | Size = 103736 bytes | Modified Date = 19/07/2007 11:06:44 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 21/07/2007 3:25:38 PM | Attr = ]
ssprs.dll -> %System32%\ssprs.dll -> [Ver = | Size = 73 bytes | Modified Date = 31/07/2007 4:27:34 PM | Attr = ]
ssprs.tgz -> %System32%\ssprs.tgz -> [Ver = | Size = 87 bytes | Modified Date = 31/07/2007 4:27:34 PM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22/07/2007 6:39:28 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13784 bytes | Modified Date = 08/08/2007 12:31:08 AM | Attr = ]
ZoneLabs -> %System32%\ZoneLabs -> [Folder | Modified Date = 01/08/2007 4:03:42 PM | Attr = ]
AU_Backup -> %System32%\drivers\AU_Backup -> [Folder | Modified Date = 02/08/2007 10:22:36 AM | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 03/08/2007 4:31:44 PM | Attr = ]
PnkBstrK.sys -> %System32%\drivers\PnkBstrK.sys -> [Ver = | Size = 22328 bytes | Modified Date = 19/07/2007 11:06:52 PM | Attr = ]
2 -> %System32%\drivers\AU_Backup\2 -> [Folder | Modified Date = 02/08/2007 10:22:32 AM | Attr = ]
AuBackup.ini -> %System32%\drivers\AU_Backup\AuBackup.ini -> [Ver = | Size = 420 bytes | Modified Date = 02/08/2007 10:22:36 AM | Attr = ]
tmvsthfss.bin -> %System32%\drivers\etc\tmvsthfss.bin -> [Ver = | Size = 734 bytes | Modified Date = 02/08/2007 10:08:12 AM | Attr = ]
tmvsthfud.bin -> %System32%\drivers\etc\tmvsthfud.bin -> [Ver = | Size = 734 bytes | Modified Date = 02/08/2007 10:09:32 AM | Attr = ]
553648256 -> %System32%\drivers\AU_Backup\2\553648256 -> [Folder | Modified Date = 02/08/2007 10:22:32 AM | Attr = ]
avg7 -> %AllUsersAppData%\avg7 -> [Folder | Modified Date = 21/07/2007 12:14:36 PM | Attr = ]
Grisoft -> %AllUsersAppData%\Grisoft -> [Folder | Modified Date = 03/08/2007 4:58:08 PM | Attr = ]
Kaspersky Lab -> %AllUsersAppData%\Kaspersky Lab -> [Folder | Modified Date = 06/08/2007 11:41:16 PM | Attr = ]
TEMP -> %AllUsersAppData%\TEMP -> [Folder | Modified Date = 01/08/2007 9:50:22 AM | Attr = ]
@Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMP:44DAF2F1 ->
Trend Micro -> %AllUsersAppData%\Trend Micro -> [Folder | Modified Date = 02/08/2007 10:18:42 AM | Attr = ]
Ulead Systems -> %AllUsersAppData%\Ulead Systems -> [Folder | Modified Date = 05/07/2007 10:05:28 AM | Attr = ]
Adobe -> %UserAppData%\Adobe -> [Folder | Modified Date = 13/06/2007 1:54:20 PM | Attr = ]
AVG7 -> %UserAppData%\AVG7 -> [Folder | Modified Date = 21/07/2007 12:10:56 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %UserAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 97328 bytes | Modified Date = 11/07/2007 10:46:58 AM | Attr = ]
Grisoft -> %UserAppData%\Grisoft -> [Folder | Modified Date = 03/08/2007 4:59:20 PM | Attr = ]
Skype -> %UserAppData%\Skype -> [Folder | Modified Date = 31/07/2007 12:42:30 PM | Attr = ]
Ulead Systems -> %UserAppData%\Ulead Systems -> [Folder | Modified Date = 05/07/2007 10:09:30 AM | Attr = ]
ApplicationHistory -> %LocalAppData%\ApplicationHistory -> [Folder | Modified Date = 24/07/2007 2:21:20 PM | Attr = ]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %LocalAppData%\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 166400 bytes | Modified Date = 07/08/2007 5:55:58 PM | Attr = ]
Downloaded Installations -> %LocalAppData%\Downloaded Installations -> [Folder | Modified Date = 23/07/2007 7:44:50 PM | Attr = ]
GDIPFONTCACHEV1.DAT -> %LocalAppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 96296 bytes | Modified Date = 01/08/2007 4:05:56 PM | Attr = ]
IconCache.db -> %LocalAppData%\IconCache.db -> [Ver = | Size = 2686478 bytes | Modified Date = 01/08/2007 3:51:56 PM | Attr = H ]
Microsoft -> %LocalAppData%\Microsoft -> [Folder | Modified Date = 27/07/2007 10:46:00 AM | Attr = ]
WMTools Downloaded Files -> %LocalAppData%\WMTools Downloaded Files -> [Folder | Modified Date = 13/06/2007 1:24:24 PM | Attr = ]
callburner -> %UserDocuments%\callburner -> [Folder | Modified Date = 13/06/2007 11:47:04 AM | Attr = ]
Film_ -> %UserDocuments%\Film_ -> [Folder | Modified Date = 13/07/2007 11:39:08 AM | Attr = ]
HJTInstall.exe -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 02/08/2007 8:41:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier ->
lamemp3 -> %UserDocuments%\lamemp3 -> [Folder | Modified Date = 29/06/2007 12:33:32 PM | Attr = ]
MicBain_Inc -> %UserDocuments%\MicBain_Inc -> [Folder | Modified Date = 31/07/2007 10:35:02 AM | Attr = ]
mplat -> %UserDocuments%\mplat -> [Folder | Modified Date = 29/06/2007 12:15:12 PM | Attr = ]
My eBooks -> %UserDocuments%\My eBooks -> [Folder | Modified Date = 25/07/2007 12:09:22 AM | Attr = ]
My Health -> %UserDocuments%\My Health -> [Folder | Modified Date = 09/07/2007 10:26:32 AM | Attr = ]
My Music -> %UserDocuments%\My Music -> [Folder | Modified Date = 24/07/2007 5:00:10 PM | Attr = ]
My Pictures -> %UserDocuments%\My Pictures -> [Folder | Modified Date = 26/06/2007 2:35:36 PM | Attr = R ]
My PIV -> %UserDocuments%\My PIV -> [Folder | Modified Date = 28/07/2007 7:30:38 PM | Attr = ]
My Received Files -> %UserDocuments%\My Received Files -> [Folder | Modified Date = 31/07/2007 3:30:16 PM | Attr = ]
My Scans -> %UserDocuments%\My Scans -> [Folder | Modified Date = 24/07/2007 11:55:32 AM | Attr = ]
My Skype Pictures -> %UserDocuments%\My Skype Pictures -> [Folder | Modified Date = 23/07/2007 11:43:48 AM | Attr = ]
PCC15.3_b1239_Small_TMWebsite.exe -> %UserDocuments%\PCC15.3_b1239_Small_TMWebsite.exe -> Trend Micro [Ver = 1.0.0.95 | Size = 53985488 bytes | Modified Date = 01/08/2007 4:26:54 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\PCC15.3_b1239_Small_TMWebsite.exe:Zone.Identifier ->
PowerGramo Records -> %UserDocuments%\PowerGramo Records -> [Folder | Modified Date = 29/06/2007 2:15:18 PM | Attr = ]
Taxes -> %UserDocuments%\Taxes -> [Folder | Modified Date = 14/06/2007 10:43:28 PM | Attr = ]
TrendMicroPCCsmall -> %UserDocuments%\TrendMicroPCCsmall -> [Folder | Modified Date = 01/08/2007 4:31:30 PM | Attr = ]
Ulead DVD MovieFactory -> %UserDocuments%\Ulead DVD MovieFactory -> [Folder | Modified Date = 05/07/2007 10:09:20 AM | Attr = ]
Untitled-2.c3d -> %UserDocuments%\Untitled-2.c3d -> [Ver = | Size = 5632 bytes | Modified Date = 28/06/2007 2:42:56 PM | Attr = ]
Zipporah -> %UserDocuments%\Zipporah -> [Folder | Modified Date = 27/07/2007 1:16:04 AM | Attr = ]
AVG Anti-Spyware.lnk -> %AllUsersDesktop%\AVG Anti-Spyware.lnk -> [Ver = | Size = 855 bytes | Modified Date = 03/08/2007 4:58:14 PM | Attr = ]
EA Link.lnk -> %AllUsersDesktop%\EA Link.lnk -> [Ver = | Size = 1841 bytes | Modified Date = 23/07/2007 7:45:42 PM | Attr = ]
Trend Micro AntiVirus 2007.lnk -> %AllUsersDesktop%\Trend Micro AntiVirus 2007.lnk -> [Ver = | Size = 1763 bytes | Modified Date = 02/08/2007 10:17:00 AM | Attr = ]
Ulead DVD MovieFactory 3 Disc Creator Trial.lnk -> %AllUsersDesktop%\Ulead DVD MovieFactory 3 Disc Creator Trial.lnk -> [Ver = | Size = 2041 bytes | Modified Date = 05/07/2007 10:06:52 AM | Attr = ]
Ulead DVD Player.lnk -> %AllUsersDesktop%\Ulead DVD Player.lnk -> [Ver = | Size = 2213 bytes | Modified Date = 05/07/2007 10:06:48 AM | Attr = ]
ATF-Cleaner.exe -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 03/08/2007 4:41:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
avgas-setup-7.5.1.43.exe -> %UserDesktop%\avgas-setup-7.5.1.43.exe -> [Ver = | Size = 12413440 bytes | Modified Date = 03/08/2007 4:54:26 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier ->
ComboFix.exe -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1408767 bytes | Modified Date = 03/08/2007 9:25:36 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
Comp 1.flv -> %UserDesktop%\Comp 1.flv -> [Ver = | Size = 176724 bytes | Modified Date = 31/07/2007 9:44:52 PM | Attr = ]
Comp 1.swf -> %UserDesktop%\Comp 1.swf -> [Ver = | Size = 150390 bytes | Modified Date = 31/07/2007 9:45:50 PM | Attr = ]
Comp 1R.htm -> %UserDesktop%\Comp 1R.htm -> [Ver = | Size = 1363 bytes | Modified Date = 31/07/2007 9:45:50 PM | Attr = ]
DSC_0001.JPG -> %UserDesktop%\DSC_0001.JPG -> [Ver = | Size = 4510723 bytes | Modified Date = 09/07/2007 2:40:22 PM | Attr = ]
DSC_0002.JPG -> %UserDesktop%\DSC_0002.JPG -> [Ver = | Size = 3840589 bytes | Modified Date = 09/07/2007 2:40:34 PM | Attr = ]
HijackThis.lnk -> %UserDesktop%\HijackThis.lnk -> [Ver = | Size = 1740 bytes | Modified Date = 02/08/2007 8:41:42 AM | Attr = ]
jre-6u2-windows-i586-p.exe -> %UserDesktop%\jre-6u2-windows-i586-p.exe -> [Ver = | Size = 14566808 bytes | Modified Date = 07/08/2007 9:08:28 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u2-windows-i586-p.exe:Zone.Identifier ->
Newsreel Invoice 118.pdf -> %UserDesktop%\Newsreel Invoice 118.pdf -> [Ver = | Size = 10941 bytes | Modified Date = 10/07/2007 11:52:24 AM | Attr = ]
SetupDVDDecrypter_3.5.4.0.exe -> %UserDesktop%\SetupDVDDecrypter_3.5.4.0.exe -> [Ver = | Size = 899414 bytes | Modified Date = 21/07/2007 4:30:14 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SetupDVDDecrypter_3.5.4.0.exe:Zone.Identifier ->
SureThing_Label_Templates_PSD.zip -> %UserDesktop%\SureThing_Label_Templates_PSD.zip -> [Ver = | Size = 179989 bytes | Modified Date = 05/07/2007 3:07:10 PM | Attr = ]
TAV15.1 -> %UserDesktop%\TAV15.1 -> [Folder | Modified Date = 02/08/2007 9:52:02 AM | Attr = ]
VundoFix.exe -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.05.0006 | Size = 109056 bytes | Modified Date = 02/08/2007 10:57:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
WinPFind3u -> %UserDesktop%\WinPFind3u -> [Folder | Modified Date = 08/08/2007 12:42:30 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\winpfind3u.exe -> [Ver = | Size = 355277 bytes | Modified Date = 08/08/2007 12:41:10 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
Ulead Systems -> %CommonProgramFiles%\Ulead Systems -> [Folder | Modified Date = 05/07/2007 10:05:56 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.562 -> [Ver = | Size = 14633609 bytes | Modified Date = 13/04/2005 4:29:04 AM | Attr = ]
File scan skipped for file %SystemRoot%\MEMORY.DMP -> File size too big (1072775168 bytes) ->
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 13/04/2005 11:32:22 AM | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.562 -> [Ver = | Size = 14633609 bytes | Modified Date = 13/04/2005 4:29:04 AM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 13/04/2005 11:32:22 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr = ]
Umonitor , -> %System32%\ipebase12.dll -> Hewlett-Packard Company [Ver = 1, 2, 0, 5 | Size = 331776 bytes | Modified Date = 13/05/2001 9:13:44 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ktrxe.dll -> [Ver = | Size = 8704 bytes | Modified Date = 31/07/2007 4:27:34 PM | Attr = S]
UPX! , UPX0 , -> %System32%\macdll.dll -> Matthew T. Ashland [Ver = 3.97 | Size = 71680 bytes | Modified Date = 09/07/2002 10:30:06 PM | Attr = ]
UPX! , UPX0 , -> %System32%\monkeysource.ax -> [Ver = | Size = 179712 bytes | Modified Date = 30/08/2003 11:24:58 PM | Attr = ]
UPX! , UPX0 , -> %System32%\ogg.dll -> [Ver = | Size = 8704 bytes | Modified Date = 20/12/2003 5:44:34 PM | Attr = ]
Thawte Consulting , -> %System32%\SmartUI2.ocx -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 2.00.0202 | Size = 874248 bytes | Modified Date = 14/06/2004 2:04:34 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 22/07/2007 6:39:28 PM | Attr = ]
@Alternate Data Stream - 0 bytes -> %System32%\Thumbs.db:encryptable ->
UPX! , UPX0 , -> %System32%\vorbis.dll -> [Ver = | Size = 112128 bytes | Modified Date = 20/12/2003 5:45:26 PM | Attr = ]
UPX! , UPX0 , -> %System32%\vorbisenc.dll -> [Ver = | Size = 61952 bytes | Modified Date = 20/12/2003 5:45:34 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\xceedcry.dll -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.1.5302.0 | Size = 526184 bytes | Modified Date = 30/03/2006 10:53:48 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 04/08/2004 4:00:00 AM | Attr = ]
UPX! , aspack , -> %System32%\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.320-1004 | Size = 1052472 bytes | Modified Date = 27/09/2006 5:18:28 PM | Attr = ]
@Alternate Data Stream - 118 bytes -> %AllUsersAppData%\TEMP:44DAF2F1 ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\easter[1].bmp:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDocuments%\HJTInstall.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDocuments%\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 02/08/2007 8:41:00 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDocuments%\PCC15.3_b1239_Small_TMWebsite.exe:Zone.Identifier ->
@Alternate Data Stream - 0 bytes -> %UserDocuments%\Thumbs.db:encryptable ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ATF-Cleaner.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 03/08/2007 4:41:38 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\avgas-setup-7.5.1.43.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\ComboFix.exe:Zone.Identifier ->
UPX! , UPX0 , -> %UserDesktop%\ComboFix.exe -> [Ver = | Size = 1408767 bytes | Modified Date = 03/08/2007 9:25:36 AM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\FreePrimoSetup.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\jre-6u2-windows-i586-p.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\LotrBfMe2-65540-english.zip:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\SetupDVDDecrypter_3.5.4.0.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\unrarw32.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\VundoFix.exe:Zone.Identifier ->
PEC2 , PECompact2 , -> %UserDesktop%\VundoFix.exe -> Atribune.org [Ver = 6.05.0006 | Size = 109056 bytes | Modified Date = 02/08/2007 10:57:50 PM | Attr = ]
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winmail.dat:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\winpfind3u.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\wrar351.exe:Zone.Identifier ->
@Alternate Data Stream - 26 bytes -> %UserDesktop%\wrar36b4.exe:Zone.Identifier ->

< End of report >
Hank
Regular Member
 
Posts: 18
Joined: August 2nd, 2007, 7:50 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware