Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

missing exiplorer.exe error aka XPBAGUIO.A work

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby phrenkat » July 23rd, 2008, 6:55 am

Hi guys,
When trying to access my removable disk E from My Computer I get the "can't find Exiplorer.exe". Pls note the spelling, Exiplorer -- I certainly didn't the first few times. The error msg popped up as I tried while trying to access the smart card I'd slipped into my Brother MFC-210C for a routine slideshow of some digital pics. Here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:57 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe


Many thanks.

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\IBM\Security\certtool.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Locate\Locate32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HFXP2\hfxp.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Qualcomm\Eudorapro\Eudora\Eudora.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
phrenkat
Active Member
 
Posts: 11
Joined: July 23rd, 2008, 6:23 am
Advertisement
Register to Remove

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby Shaba » July 24th, 2008, 3:16 am

Hi phrenkat

Your HijackThis log cuts off.

Please re-send it :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: missing exiplorer.exe error aka XPBAGUIO.A worm

Unread postby phrenkat » July 24th, 2008, 5:53 am

Yessir. Here it is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:57 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PGPserv.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\IBM\Security\certtool.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Locate\Locate32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HFXP2\hfxp.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Qualcomm\Eudorapro\Eudora\Eudora.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.0.3:8080;http=192.168.0.3:8080;ftp=192.168.0.3:8080;gopher=192.168.0.3:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lmon Class - {1B7445F8-3774-4E7D-AF54-8B933C554B1C} - C:\Program Files\LeechVideoConvert\leechmon.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [ISS_Certtool] "C:\Program Files\IBM\Security\certtool.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DataLayer] "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [hf] E:\hf.exe /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKUS\S-1-5-18\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'Default user')
O4 - S-1-5-18 Startup: Locate32 Autorun.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Locate32 Autorun.lnk = ? (User 'Default user')
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: SymmTime.lnk = ?
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE426EC-486E-4E21-A004-5D91CFB6E052}: NameServer = 58.69.254.3,58.69.254.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 16227 bytes
phrenkat
Active Member
 
Posts: 11
Joined: July 23rd, 2008, 6:23 am

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby Shaba » July 24th, 2008, 6:17 am

Hi

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby phrenkat » July 24th, 2008, 8:06 am

Thanks for the suggestions. Here are the requested logs:
Deckard's System Scanner v20071014.68
Run by Gregorio Andre on 2008-07-24 18:59:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2008-07-24 10:59:12 UTC - RP835 - Deckard's System Scanner Restore Point
33: 2008-07-23 12:30:33 UTC - RP834 - System Checkpoint
32: 2008-07-21 13:45:49 UTC - RP833 - System Checkpoint
31: 2008-07-20 12:52:23 UTC - RP832 - System Checkpoint
30: 2008-07-17 08:10:57 UTC - RP831 - System Checkpoint


-- First Restore Point --
1: 2008-07-01 08:10:57 UTC - RP802 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Gregorio Andre.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:00:46 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\IBM\Security\certtool.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Locate\Locate32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HFXP2\hfxp.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gregorio Andre\Desktop\Downloads\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Gregorio Andre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.0.3:8080;http=192.168.0.3:8080;ftp=192.168.0.3:8080;gopher=192.168.0.3:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lmon Class - {1B7445F8-3774-4E7D-AF54-8B933C554B1C} - C:\Program Files\LeechVideoConvert\leechmon.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [ISS_Certtool] "C:\Program Files\IBM\Security\certtool.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DataLayer] "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [hf] E:\hf.exe /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'Default user')
O4 - S-1-5-18 Startup: Locate32 Autorun.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Locate32 Autorun.lnk = ? (User 'Default user')
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: SymmTime.lnk = ?
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE426EC-486E-4E21-A004-5D91CFB6E052}: NameServer = 58.69.254.3,58.69.254.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 16384 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - C:\WINDOWS\System32\NOTEPAD.EXE %1


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Shockprf - c:\windows\system32\drivers\shockprf.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R1 ANC - c:\windows\system32\drivers\anc.sys
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 BrPar - c:\windows\system32\drivers\brpar.sys <Not Verified; Brother Industries Ltd.; Brother Parallel Class Driver>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R2 PGPdisk - c:\windows\system32\drivers\pgpdisk.sys <Not Verified; PGP Corporation; PGP>
R2 PGPsdkDriver - c:\windows\system32\drivers\pgpsdk.sys <Not Verified; PGP Corporation; PGPsdk>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 procguard - c:\windows\system32\drivers\procguard.sys <Not Verified; DiamondCS; DiamondCS ProcessGuard>
R2 ShockMgr - c:\windows\system32\drivers\shockmgr.sys <Not Verified; IBM Corporation; IBM Hard Drive Active Protection System>
R2 smi2 - c:\windows\system32\drivers\smi2.sys <Not Verified; IBM Corp.; IBM SMI Bios driver>
R3 ATMELTPM - c:\windows\system32\drivers\atmeltpm.sys <Not Verified; Atmel, Inc.; Atmel TPM Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S1 ewido anti-spyware 4.0 driver - c:\program files\ewido anti-spyware 4.0\guard.sys (file missing)
S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 cmudau (C-Media USB Sound Interface) - c:\windows\system32\drivers\cmudau.sys <Not Verified; C-Media Inc; C-Media USB Audio Driver (WDM)>
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys
S3 hamachi (Hamachi Network Interface) - c:\windows\system32\drivers\hamachi.sys <Not Verified; Applied Networking Inc.; Hamachi Virtual Network Interface Driver>
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
S3 USTOR (U-Storage Controller) - c:\windows\system32\drivers\ustork.sys <Not Verified; USB Mass Storage.; USB Mass Storage Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CobianBackupAmanita (Cobian Backup 9 service) - c:\program files\cobian backup 9\cbservice.exe <Not Verified; Luis Cobian; Cobian Backup Amanita>
R2 IBM Rapid Restore Ultra Service - c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe <Not Verified; ; rrpcsb Module>
R2 IBM User Verification Manager - "c:\program files\ibm\security\uvmserv.exe" <Not Verified; IBM; IBM User Verification Manager Server>
R2 ibmsmbus (SMBus Upgrade Service for Windows 2000 and above) - c:\windows\system32\ibmsmbus.exe <Not Verified; International Business Machines Corp.; SMBus Package (Version 6.1.0.35)>
R2 PGPserv - c:\windows\system32\pgpserv.exe <Not Verified; PGP Corporation; PGPsdk>
R2 QCONSVC - system32\qconsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe

S2 ewido anti-spyware 4.0 guard - c:\program files\ewido anti-spyware 4.0\guard.exe (file missing)
S2 LiveUpdate Notice Ex (LiveUpdate Notice Service Ex) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)
S3 SystemSuite Task Manager - c:\progra~1\vcom\system~1\mxtask.exe -service <Not Verified; Avanquest Publishing USA, Inc.; >
S4 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_04F9&PID_0161&MI_02\7&2F53603A&1&0002
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_04F9&PID_0161&MI_02\7&2F53603A&1&0002
Service: USBSTOR


-- Scheduled Tasks -------------------------------------------------------------

2008-07-24 19:00:17 504 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-03-12 08:44:02 284 -----n--- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2004-12-16 11:16:27 410 -----n--- C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2008-06-24 and 2008-07-24 -----------------------------

2008-07-24 18:36:47 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-24 18:36:47 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-24 18:36:47 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-07-24 18:36:47 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-24 18:36:47 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-24 18:36:45 0 d-a------ C:\Program Files\Trojan Remover
2008-07-24 18:36:45 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Simply Super Software
2008-07-24 18:36:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-23 18:08:18 0 d-------- C:\Program Files\Trend Micro
2008-07-22 15:17:57 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-22 15:16:02 0 d-------- C:\Program Files\Convert_X_TO_DVD_working
2008-07-22 14:55:21 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-21 11:12:07 48560 --a------ C:\Documents and Settings\Gregorio Andre\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 21:18:48 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\WordWeb
2008-07-18 14:04:18 0 d-------- C:\Program Files\Sort Text Lists Alphabetically Software
2008-07-17 03:31:21 0 d-------- C:\Program Files\NewsBin
2008-07-17 03:31:21 0 d-------- C:\Documents and Settings\All Users\Application Data\NewsBin
2008-07-09 16:33:50 0 d-------- C:\Program Files\2BrightSparks
2008-07-04 15:40:34 90668 -----n--- C:\WINDOWS\system32\vobis32.dll
2008-07-04 15:40:34 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\IObit
2008-07-03 16:34:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-07-03 14:16:10 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-03 14:14:45 0 d-------- C:\WINDOWS\ShellNew
2008-07-03 11:19:12 0 d-------- C:\Program Files\IObit
2008-07-03 11:17:11 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\TuneUp Software
2008-07-03 11:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-03 11:16:39 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-03 02:17:05 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-02 17:54:14 0 d--h----- C:\$AVG8.VAULT$
2008-07-02 17:19:19 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-02 17:18:53 0 d-------- C:\Program Files\AVG
2008-07-02 17:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-07-24 18:59:14 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\uTorrent
2008-07-24 18:50:46 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Skype
2008-07-24 13:50:13 0 d-------- C:\Program Files\ClipCache
2008-07-24 13:47:27 0 d-------- C:\Program Files\ClipCache Preview(2)
2008-07-24 12:12:16 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-07-24 03:36:28 668 --a------ C:\Documents and Settings\Gregorio Andre\Application Data\vso_ts_preview.xml
2008-07-24 03:36:28 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Vso
2008-07-23 14:56:56 1637 --a------ C:\swlist.reg
2008-07-23 14:35:16 0 d-------- C:\Program Files\eMule
2008-07-22 22:28:07 0 d-------- C:\Program Files\SpyMe Tools
2008-07-22 14:55:19 0 d-------- C:\Program Files\VSO
2008-07-21 11:24:57 0 d-------- C:\Program Files\Brownie
2008-07-21 11:23:42 34 -----n--- C:\WINDOWS\system32\BD2040.DAT
2008-07-21 11:23:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 17:39:15 0 d-------- C:\Program Files\IrfanView
2008-07-17 22:26:02 0 d-------- C:\Program Files\WordWeb
2008-07-17 03:37:25 0 d-------- C:\Program Files\nbpro
2008-07-14 09:31:28 0 d-------- C:\Program Files\Java
2008-07-10 19:20:44 0 d-------- C:\Program Files\Microsoft USB Flash Drive Manager
2008-07-10 18:18:27 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Azureus
2008-07-10 17:38:37 0 d-------- C:\Program Files\Winamp
2008-07-09 21:45:38 0 d-------- C:\Program Files\Lavasoft
2008-07-09 21:45:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 17:48:25 0 d-------- C:\Program Files\Azureus
2008-07-09 17:22:39 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\TrueCrypt
2008-07-06 14:58:33 0 d-------- C:\Program Files\Cobian Backup 9
2008-07-06 12:52:11 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Mozilla
2008-07-03 17:55:02 0 d-------- C:\Program Files\Sync Manager
2008-07-03 16:30:06 0 d-------- C:\Program Files\Common Files\Acronis
2008-07-03 14:15:51 0 d-------- C:\Program Files\Common Files
2008-07-02 17:12:17 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B7445F8-3774-4E7D-AF54-8B933C554B1C}]
09/27/2006 10:36 AM 37376 --a------ C:\Program Files\LeechVideoConvert\leechmon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/20/2003 12:56 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/20/2003 12:56 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [10/24/2003 02:39 PM]
"TpShocks"="TpShocks.exe" [12/18/2003 02:12 AM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [03/11/2004 01:10 AM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [12/25/2003 04:36 PM]
"BMMMONWND"="rundll32.exe" [08/04/2004 03:56 PM C:\WINDOWS\system32\rundll32.exe]
"TP4EX"="tp4ex.exe" [09/04/2002 04:05 PM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 05:04 PM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [10/01/2003 06:39 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [01/21/2004 05:28 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [10/22/2003 04:04 PM]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [03/20/2004 03:12 AM]
"ISS_Certtool"="C:\Program Files\IBM\Security\certtool.exe" [10/02/2004 08:32 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/17/2007 04:22 PM]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [03/31/2005 09:30 AM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/14/2007 03:02 AM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/14/2007 02:55 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 09:34 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 03:56 PM]
"hf"="E:\hf.exe" []
"BluetoothAuthenticationAgent"="rundll32.exe" [08/04/2004 03:56 PM C:\WINDOWS\system32\rundll32.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/05/2001 07:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [09/01/2005 12:36 PM]
"CmUsbSound"="cmcnfgu.cpl" []
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 05:50 PM C:\WINDOWS\LOGI_MWX.EXE]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [09/14/2007 02:52 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [03/12/2004 06:10 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/11/2004 12:10 PM]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [02/26/2007 02:03 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/08/2008 08:11 AM]
"Cobian Backup 9 interface"="C:\Program Files\Cobian Backup 9\cbInterface.exe" [07/03/2008 01:21 PM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [07/24/2008 06:32 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/2007 01:31 PM]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe" [10/29/2007 10:47 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [01/21/2004 05:28 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TurboBackup"=C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s

C:\Documents and Settings\Gregorio Andre\Start Menu\Programs\Startup\
Locate32 Autorun.lnk - C:\Program Files\Locate\Locate32.exe [11/4/2006 3:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AdsGone 2006.lnk - C:\Program Files\AdsGone\adsgone.exe [12/21/2002 12:53:40 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/24/2004 3:13:02 AM]
PGPtray.lnk - C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe [10/29/2004 5:12:37 PM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [6/8/2006 1:35:07 PM]
SymmTime.lnk - C:\Program Files\Symmetricom\SymmTime\SymmTime.exe [10/18/2004 8:20:57 AM]
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [2/9/2006 4:30:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoRun"=0 (0x0)
"NoFolderOptions"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudorapro\Eudora\EuShlExt.dll [08/17/2006 02:57 PM 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gregorio Andre^Start Menu^Programs^Startup^BDCheck.lnk]
path=C:\Documents and Settings\Gregorio Andre\Start Menu\Programs\Startup\BDCheck.lnk
backup=C:\WINDOWS\pss\BDCheck.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gregorio Andre^Start Menu^Programs^Startup^Dialog Helper.lnk]
path=C:\Documents and Settings\Gregorio Andre\Start Menu\Programs\Startup\Dialog Helper.lnk
backup=C:\WINDOWS\pss\Dialog Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare 3]
"C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Line Speed Meter]
"C:\Program Files\tcpIQ\Line Speed Meter\LineSpeedMeter.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smtpsrv]
"C:\Program Files\1st SMTP Server\SMTPServer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"CLTNetCnService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{766f8020-24b3-11d9-9e11-00054e4aedef}]
AutoRun\command- RootFolder.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c3c8351-df6c-11dc-86c2-00054e4aedef}]
AutoRun\command- .\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d104bc30-e811-11dc-86cf-00054e4aedef}]
AutoRun\command- H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9c1570-435e-11dc-93a1-00054e4aedef}]
AutoRun\command- bar311.exe %1
Explore\command- bar311.exe %1
Open\command- bar311.exe %1




-- Hosts -----------------------------------------------------------------------

127.0.0.1 ads.datingyes.com
127.0.0.1 adserver2.mediainsight.de
127.0.0.1 adserver3.eudora.com
127.0.0.1 adserver4.eudora.com
127.0.0.1 adlink.deh.nl
127.0.0.1 advert.stealth.nl
127.0.0.1 http://www.banneroverdrive.com
127.0.0.1 interactive.wsj.com
127.0.0.1 ad.120-gen.tbn.ru
127.0.0.1 ad.3ad.doubleclick.net

5626 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-24 19:01:36 ------------

(ends) And here's the "extra:"
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.80GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2046.86 MiB / 1123.96 MiB
Pagefile Memory (total/avail): 1896.52 MiB / 1196.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.6 MiB

C: is Fixed (NTFS) - 86.03 GiB total, 41.15 GiB free.
D: is CDROM (No Media)
F: is Fixed (NTFS) - 149.05 GiB total, 33.12 GiB free.
G: is CDROM (No Media)
I: is Removable (FAT)

\\.\PHYSICALDRIVE0 - HTS721010G9AT00 - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 86.03 GiB - C:
\PARTITION1 - Unknown - 7.13 GiB

\\.\PHYSICALDRIVE3 - JetFlash TS2GJFV30 USB Device - 1953.22 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1959.98 MiB - I:

\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 149.05 GiB - 1 partition
\PARTITION0 - Installable File System - 149.05 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:Java launcher"
"C:\\Program Files\\AdsGone\\adsgone.exe"="C:\\Program Files\\AdsGone\\adsgone.exe:*:Enabled:adsgone"
"C:\\Program Files\\1st SMTP Server\\SMTPServer.exe"="C:\\Program Files\\1st SMTP Server\\SMTPServer.exe:*:Enabled:SMTPServer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Gregorio Andre\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DELAMO1
ComSpec=C:\WINDOWS\system32\cmd.exe
DEVMGR_SHOW_DETAILS=1
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Gregorio Andre
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\DELAMO1
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Gregorio Andre\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\Fire GL 3D Studio Max;C:\Program Files\ATI Technologies\Fire GL Control Panel;C:\WINDOWS\Downloaded Program Files;C:\IBMTOOLS\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Microsoft USB Flash Drive Manager\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Microsoft USB Flash Drive Manager\;C:\Program Files\Nmap
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONCASEOK=1
PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\utils\logger
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4
TEMP=C:\DOCUME~1\GREGOR~1\LOCALS~1\Temp
TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4
TMP=C:\DOCUME~1\GREGOR~1\LOCALS~1\Temp
USERDOMAIN=DELAMO1
USERNAME=Gregorio Andre
USERPROFILE=C:\Documents and Settings\Gregorio Andre
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Gregorio Andre (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /X{10025061-8403-4534-A2D8-1F8D76BB14E4}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
1st SMTP Server --> "C:\Program Files\1st SMTP Server\unins000.exe"
Access IBM --> MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Access IBM Message Center --> MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Acronis Disk Director Suite --> MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Acronis True Image Home --> MsiExec.exe /X{E5343B27-55DF-40BD-9FCF-A643C1331E8A}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AdsGone Popup Killer and Banner Ad Stopper v4.0.1 2002 --> MsiExec.exe /X{997C02DA-C689-4F56-929E-ADF9C647C010}
AdsGone Popup Killer Spyware Blocker by A1Tech.com --> "C:\Program Files\AdsGone\unins000.exe"
Advanced WindowsCare 3 Beta --> "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\unins000.exe"
Advanced WindowsCare Personal --> "C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
AI RoboForm Adapter for Firefox/Mozilla/Netscape --> "C:\Program Files\Siber Systems\Gecko Adapter\rfwipeout.exe" -moz
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AT&T Global Network Client Internet Edition --> MsiExec.exe /I{63058CC2-B2A6-4F5D-9DD8-C17B0BF1EE91}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
AudioShell 1.0 --> "C:\Program Files\AudioShell\unins000.exe"
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9 -removeonly
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
BackDora --> C:\PROGRA~1\BackDora\UNWISE.EXE C:\PROGRA~1\BackDora\INSTALL.LOG
BitTorrent 3.4.2 --> "C:\Program Files\BitTorrent\uninstall.exe"
Brother HL-2040 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C817F5F5-76DC-4DFF-82A1-7D9268EB43B6}\SETUP.exe" -l0x9 -removeonly /uninst
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClipCache Pro 3.1.3 --> "C:\Program Files\ClipCache\unins001.exe"
Cobian Backup 9 --> C:\Program Files\Cobian Backup 9\cbUninstall.exe
ConvertXtoDVD 2.2.3.258h --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
ConvertXtoDVD 2.99.9.500 --> "C:\Program Files\VSO\ConvertX\3\unins000.exe"
Crypto Anywhere --> I:\bfsetup.exe /u /f "I:\setup.cfg"
DiamondCS Port Explorer v2.000 --> "C:\Program Files\Port Explorer\unins000.exe"
DieHard --> MsiExec.exe /X{73836944-F4A0-44E0-8976-760A0D1AF3E4}
DriverMax 1.2 --> "C:\Program Files\Innovative Solutions\DriverMax\unins000.exe"
Duplicate Cleaner 1.0.0 --> "C:\Program Files\Duplicate Cleaner\unins000.exe"
EasyCapture 1.0.0.0 --> "C:\Program Files\EasyCapture\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Ethereal 0.99.0 --> "C:\Program Files\Ethereal\uninstall.exe"
Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DA643EB-3A71-4D4F-B82C-97A4A643CD89}\setup.exe" -l0x9
Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91EA15AA-FF78-4D92-A12F-FF5B8C8C8F56}\setup.exe" -l0x9
Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC943254-6C1D-47E2-94BE-22A4DEB35219}\setup.exe" -l0x9
EVEREST Home Edition v2.00 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Excellence Real Converter 1.5 --> "C:\Program Files\Excellence Real Converter\unins000.exe"
FastStone Capture 4.3 --> C:\Program Files\FastStone Capture\uninst.exe
ffdshow [rev 1685] [2007-12-06] --> "C:\Program Files\ffdshow\unins000.exe"
FIRE GL driver for 3D Studio MAX/VIZ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}\SETUP.EXE" -l0x9
FireGL Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924FD767-4B99-47FC-9DB5-2F44E062E548}\setup.exe"
FLAC 1.2.1b (remove only) --> C:\Program Files\FLAC\uninstall.exe
Forté Agent --> C:\PROGRA~1\Agent\UNWISE.EXE C:\PROGRA~1\Agent\install.log
FreshDiagnose --> "C:\Program Files\FreshDevices\FreshDiagnose\unins000.exe"
Gaim (remove only) --> C:\Program Files\ScatterChat\scatterchat-uninst.exe
GGSearch v.3.8.4 --> "C:\Program Files\GGSearchTool\unins000.exe"
GoodSync V6 --> "C:\Program Files\Siber Systems\GoodSync\uninstall.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Google Video Viewer 1.0 (based on VLC 0.8.2 Player) --> C:\Program Files\GoogleVideoViewer\VLC\uninstall.exe
GTK+ Runtime 2.6.10 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
Haali Media Splitter --> "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HashCalc 2.01 --> "C:\Program Files\HashCalc\unins000.exe"
Hide Folders XP 2.9 for Windows XP/Vista --> "C:\Program Files\HFXP2\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM 11a/b/g Wireless LAN Mini PCI Adapter Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB45BBE5-5F76-4753-8DC5-A0F118DEEDF7}\SETUP.EXE" UNINSTALL
IBM 32-bit Runtime Environment for Java 2, v1.4.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM Active Protection System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything
IBM Client Security Software 5.40.018.0 --> MsiExec.exe /I{B193BF4A-EF82-4D29-93B8-C5005626CEC8}
IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_055A1014 -S -ISFG
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore --> MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM System Migration Assistant 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF19358B-F7E1-4CAD-897B-BF83E0D462EE}\Setup.exe" -l0x9 SMA 4.2 or later
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL
IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM Update Connector --> MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8}
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KeyNote 1.6.5 --> "C:\Program Files\KeyNote\unins000.exe"
Kiswin v1.0 --> "C:\Program Files\Kiswin\unins000.exe"
Kruptos 2 --> MsiExec.exe /I{A2273570-B532-4F8D-892E-14999C591E25}
LeechVideo 1.0 --> "C:\Program Files\LeechVideoConvert\unins000.exe"
LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe"
Line Speed Meter --> MsiExec.exe /I{D40491E3-35AB-4757-B1F0-94C9100C2F4E}
LinkStash 2.0.8 --> "C:\Program Files\LinkStash\unins000.exe"
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Locate32 --> C:\Program Files\Locate\Remove.exe
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.5.79 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{231F68F4-70E4-41A6-BEDA-7E7934169B54}
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{231F68F4-70E4-41A6-BEDA-7E7934169B54}
MediaCoder 0.5.1 --> C:\Program Files\MediaCoder\uninst.exe
MediaPortal --> MsiExec.exe /I{E95FD367-B0A7-420B-A95A-E8888D3C0C99}
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2003 --> MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft USB Flash Drive Manager --> MsiExec.exe /I{3F8EB641-6AD2-45DE-A8DD-91D7BDD39CDE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mobile Music Polyphonic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D0F386A-ADEC-4536-8EEA-6DD203F95239}\Setup.exe"
Monkey's Audio --> "C:\Program Files\Monkey's Audio\unins000.exe"
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.12) --> I:\PortableApps\FirefoxPortable\App\firefox\uninstall\helper.exe
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 WAV Converter 3.05 --> C:\PROGRA~1\MP3WAV~1\UNWISE.EXE C:\PROGRA~1\MP3WAV~1\INSTALL.LOG
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
myGrokker (remove only) --> C:\Program Files\Groxis\myGrokker\Uninst.exe
MyVoIPSpeed PC --> "C:\Program Files\MyVoIPSpeed PC\Uninstall.exe" "C:\Program Files\MyVoIPSpeed PC"
NASA World Wind 1.4 --> "C:\Program Files\NASA\World Wind 1.4\Uninstall_World_Wind_1.4.exe"
NetMeter 0.8.6.0 --> "C:\Program Files\NetMeter\unins000.exe"
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Network Chemistry Packetyzer 4.0.3 --> "C:\Program Files\Packetyzer\unins000.exe"
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
NewsBin Pro --> C:\Program Files\NewsBin\uninst.exe
NewsBin Pro 4.3 --> C:\Program Files\nbpro\uninst-nbpro.exe
Nokia Connectivity Cable Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15} /l2057
Nokia PC Suite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1267949C-73FC-4692-AA22-176F5E909647} /l2057
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
PAGE ANALYZER for Google, Version 5.1, By AnswerChase, Inc. --> MsiExec.exe /X{8C46D268-7517-4079-9502-BF37CAB6726F}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
PCMesh Hide Files and Folders --> C:\Program Files\pcmesh\phf\uninst.exe
PDF-XChange PDF Viewer --> "C:\Program Files\Tracker Software\PDF-XChange Viewer\unins000.exe"
PFConfig 1.0.163 --> C:\Program Files\PFConfig\uninst.exe
PGP 8.1 --> C:\PROGRA~1\PGPCOR~1\PGPFOR~1\PGPUNI~1\setup.exe PGP
Piky Basket 2.0 --> "C:\Program Files\Conceptworld\Piky\unins000.exe"
Power Defrag 3.02a --> "I:\Defrag\Power Defrag\unins000.exe"
PowerDesk 6 --> MsiExec.exe /I{B93251B5-9209-4DAB-867C-AA98D91584CD}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PPLive 1.2.21 --> C:\Program Files\PPLive\uninst.exe
ProxyPal Uninstall --> C:\WINDOWS\system32\unproxypal.exe
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Random Word Generator --> C:\Program Files\Random Word Generator\Uninstall.EXE /u:"Random Word Generator"
Real Alternative 1.46 --> "C:\Program Files\Real Alternative\unins000.exe"
RealProducer Basic 8.5 --> C:\Program Files\Real\RealProducer\rnuninst.exe RealNetworks|RealProducer|8.5
SABnzbd (remove only) --> "C:\Program Files\SABnzbd\uninstall.exe"
Sam Spade version 1.14 --> "C:\Program Files\Blighty Design\unins000.exe"
Security Task Manager 1.6e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sierra Wireless Network Adapter Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DEC2C44-BB50-11D4-9E04-0050DA701DC9}\setup.exe" -l0x9 UNINSTALL
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SkyQube --> "C:\Program Files\SkyQube\unins000.exe"
SMAC 2.0 --> C:\PROGRA~1\KLC\SMAC\UNWISE.EXE C:\PROGRA~1\KLC\SMAC\INSTALL.LOG
SmartFTP --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
SnagIt 7 --> MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
SnagIt 8 --> MsiExec.exe /I{A1C4EE2B-DF14-4488-BC8A-F9336D588E97}
SnagIt 8 --> MsiExec.exe /I{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}
Software Installer --> _tpiu000.exe /U
Sort Text Lists Alphabetically Software 7.0 --> "C:\Program Files\Sort Text Lists Alphabetically Software\unins000.exe"
SpyMe Tools 1.5 --> "C:\Program Files\SpyMe Tools\unins000.exe"
Steganos Safe One --> C:\Program Files\Steganos Safe One\uninstall.exe
Sun ODF Plugin for Microsoft Office 1.1 --> MsiExec.exe /X{8A3F2D6B-8347-4A5A-A398-F4DDBC6CB380}
SymmTime --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE33741B-7899-4938-A3C0-E1CBC116F6A3}\setup.exe"
SyncBackSE --> "C:\Program Files\2BrightSparks\SyncBackSE\unins000.exe"
SynchroMaster 1.7.0.10 --> "C:\Program Files\SynchroMaster\unins000.exe"
TextCrawler 1.0-2 --> "C:\Program Files\TextCrawler\unins000.exe"
TheSage --> "C:\Program Files\TheSage\uninstall.exe"
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
TinyJpegResizer --> MsiExec.exe /I{84FFDC8E-4306-4CE8-B32D-69ED48A44066}
Torrents Open Registrations Checker v1.24 --> "C:\Program Files\Torrents Open Registrations Checker\unins000.exe"
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
Trojan Remover 6.7.0 --> "C:\Program Files\Trojan Remover\unins000.exe"
TrueCrypt --> "C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Tunatic --> "C:\WINDOWS\lsb_un20.exe" /C=UC /N=Tunatic
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
URL Snooper v2.20.02 --> "C:\Program Files\URLSnooper2\unins000.exe"
USB Headset --> C:\WINDOWS\CmiUSB2Uninstall.exe C:\PROGRA~1\USBHEA~1#USB Headset
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
VCOM SystemSuite Professional 6 --> MsiExec.exe /I{90BDE109-6E6B-417F-AD2F-8426016AAACB}
VideoLAN VLC media player 0.8.2 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VisualRoute --> "C:\Program Files\VisualRoute\Uninstall.exe" "C:\Program Files\VisualRoute"
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Winfingerprint 0.6.2 --> C:\Program Files\Winfingerprint\uninst.exe
WinPcap 4.1 beta --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordWeb Pro --> C:\Program Files\WordWeb\uninst.exe
XstreamRadio 3.01 --> MsiExec.exe /X{35915E20-0B68-4315-9C76-E36FD82695B6}
XviD MPEG-4 Video Codec --> "C:\Program Files\XviD\unins000.exe"
ZoneLog 1.19 --> "C:\Program Files\ZoneLog\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type159260 / Warning
Event Submitted/Written: 07/23/2008 02:25:25 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type159228 / Warning
Event Submitted/Written: 07/20/2008 11:27:54 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv10, has been registered in the WMI namespace, Root\MSAPPS10, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type159227 / Warning
Event Submitted/Written: 07/20/2008 11:27:54 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv10, has been registered in the WMI namespace, Root\MSAPPS10, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type159201 / Error
Event Submitted/Written: 07/16/2008 03:48:23 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application lnkstash.exe, version 2.0.8.0, faulting module comctl32.dll, version 6.0.2900.2982, fault address 0x0004e967.
Processing media-specific event for [lnkstash.exe!ws!]

Event Record #/Type159200 / Error
Event Submitted/Written: 07/16/2008 02:14:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pdsync.exe, version 6.0.4.0, faulting module synchmod.dll, version 6.0.4.2, fault address 0x0000a6c6.
Processing media-specific event for [pdsync.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type74167 / Error
Event Submitted/Written: 07/24/2008 07:01:10 PM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type74166 / Warning
Event Submitted/Written: 07/24/2008 06:01:38 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type74165 / Warning
Event Submitted/Written: 07/24/2008 04:12:23 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type74164 / Warning
Event Submitted/Written: 07/24/2008 03:17:04 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type74163 / Warning
Event Submitted/Written: 07/24/2008 02:49:43 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-07-24 19:01:36 ------------
phrenkat
Active Member
 
Posts: 11
Joined: July 23rd, 2008, 6:23 am

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby Shaba » July 24th, 2008, 9:12 am

Hi

Go to Start > Run
Type regedit and click OK.

  • On the leftside, click to highlight My Computer at the top.
  • Go up to "File > Export"
    • Make sure in that window there is a tick next to "All" under Export Branch.
    • Leave the "Save As Type" as "Registration Files".
    • Under "Filename" put backup
  • Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
  • Click Save and then go to File > Exit.

Open Notepad and copy the contents of the following box to a new file.

Code: Select all
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hf"=-

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{766f8020-24b3-11d9-9e11-00054e4aedef}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c3c8351-df6c-11dc-86c2-00054e4aedef}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da9c1570-435e-11dc-93a1-00054e4aedef}]


Save it as fix.reg (save type: "All files" (*.*)) to your desktop.

It should look like this -> Image

Go to Desktop, double-click fix.reg and merge the infomation with the registry.

(In case you are unsure how to create a reg file, take a look here with screenshots.)

Reboot.

Re-run dss.

Post back a fresh dss log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby phrenkat » July 25th, 2008, 3:25 am

Okay - here's the dss.exe scan after backup, regedit and reboot:
Deckard's System Scanner v20071014.68
Run by Gregorio Andre on 2008-07-25 15:19:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Gregorio Andre.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:00 PM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\IBM\Security\certtool.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\WINDOWS\system32\PGPserv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Locate\Locate32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HFXP2\hfxp.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Gregorio Andre\Desktop\Downloads\dss(2).exe
C:\PROGRA~1\Trend Micro\HijackThis\Gregorio Andre.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.0.3:8080;http=192.168.0.3:8080;ftp=192.168.0.3:8080;gopher=192.168.0.3:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lmon Class - {1B7445F8-3774-4E7D-AF54-8B933C554B1C} - C:\Program Files\LeechVideoConvert\leechmon.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [ISS_Certtool] "C:\Program Files\IBM\Security\certtool.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DataLayer] "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'Default user')
O4 - S-1-5-18 Startup: Locate32 Autorun.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Locate32 Autorun.lnk = ? (User 'Default user')
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: SymmTime.lnk = ?
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE426EC-486E-4E21-A004-5D91CFB6E052}: NameServer = 58.69.254.3,58.69.254.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 16315 bytes

-- Files created between 2008-06-25 and 2008-07-25 -----------------------------

2008-07-24 18:36:47 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-24 18:36:47 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-24 18:36:47 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-07-24 18:36:47 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-24 18:36:47 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-24 18:36:45 0 d-a------ C:\Program Files\Trojan Remover
2008-07-24 18:36:45 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Simply Super Software
2008-07-24 18:36:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-23 18:08:18 0 d-------- C:\Program Files\Trend Micro
2008-07-22 15:17:57 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-07-22 15:16:02 0 d-------- C:\Program Files\Convert_X_TO_DVD_working
2008-07-22 14:55:21 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-07-21 11:12:07 48560 --a------ C:\Documents and Settings\Gregorio Andre\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 21:18:48 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\WordWeb
2008-07-18 14:04:18 0 d-------- C:\Program Files\Sort Text Lists Alphabetically Software
2008-07-17 03:31:21 0 d-------- C:\Program Files\NewsBin
2008-07-17 03:31:21 0 d-------- C:\Documents and Settings\All Users\Application Data\NewsBin
2008-07-09 16:33:50 0 d-------- C:\Program Files\2BrightSparks
2008-07-04 15:40:34 90668 -----n--- C:\WINDOWS\system32\vobis32.dll
2008-07-04 15:40:34 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\IObit
2008-07-03 16:34:32 0 d-------- C:\Documents and Settings\LocalService\Application Data\Acronis
2008-07-03 14:16:10 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-07-03 14:14:45 0 d-------- C:\WINDOWS\ShellNew
2008-07-03 11:19:12 0 d-------- C:\Program Files\IObit
2008-07-03 11:17:11 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\TuneUp Software
2008-07-03 11:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-03 11:16:39 0 d-------- C:\Program Files\TuneUp Utilities 2008
2008-07-03 02:17:05 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-02 17:54:14 0 d--h----- C:\$AVG8.VAULT$
2008-07-02 17:19:19 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-02 17:18:53 0 d-------- C:\Program Files\AVG
2008-07-02 17:18:53 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8


-- Find3M Report ---------------------------------------------------------------

2008-07-25 15:07:48 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Skype
2008-07-25 15:05:37 0 d-------- C:\Program Files\Microsoft AntiSpyware
2008-07-25 15:02:35 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\uTorrent
2008-07-25 08:19:49 668 --a------ C:\Documents and Settings\Gregorio Andre\Application Data\vso_ts_preview.xml
2008-07-25 08:19:49 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Vso
2008-07-24 13:50:13 0 d-------- C:\Program Files\ClipCache
2008-07-24 13:47:27 0 d-------- C:\Program Files\ClipCache Preview(2)
2008-07-23 14:56:56 1637 --a------ C:\swlist.reg
2008-07-23 14:35:16 0 d-------- C:\Program Files\eMule
2008-07-22 22:28:07 0 d-------- C:\Program Files\SpyMe Tools
2008-07-22 14:55:19 0 d-------- C:\Program Files\VSO
2008-07-21 11:24:57 0 d-------- C:\Program Files\Brownie
2008-07-21 11:23:42 34 -----n--- C:\WINDOWS\system32\BD2040.DAT
2008-07-21 11:23:23 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-18 17:39:15 0 d-------- C:\Program Files\IrfanView
2008-07-17 22:26:02 0 d-------- C:\Program Files\WordWeb
2008-07-17 03:37:25 0 d-------- C:\Program Files\nbpro
2008-07-14 09:31:28 0 d-------- C:\Program Files\Java
2008-07-10 19:20:44 0 d-------- C:\Program Files\Microsoft USB Flash Drive Manager
2008-07-10 18:18:27 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Azureus
2008-07-10 17:38:37 0 d-------- C:\Program Files\Winamp
2008-07-09 21:45:38 0 d-------- C:\Program Files\Lavasoft
2008-07-09 21:45:09 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 17:48:25 0 d-------- C:\Program Files\Azureus
2008-07-09 17:22:39 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\TrueCrypt
2008-07-06 14:58:33 0 d-------- C:\Program Files\Cobian Backup 9
2008-07-06 12:52:11 0 d-------- C:\Documents and Settings\Gregorio Andre\Application Data\Mozilla
2008-07-03 17:55:02 0 d-------- C:\Program Files\Sync Manager
2008-07-03 16:30:06 0 d-------- C:\Program Files\Common Files\Acronis
2008-07-03 14:15:51 0 d-------- C:\Program Files\Common Files
2008-07-02 17:12:17 0 d-------- C:\Program Files\Common Files\Symantec Shared


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1B7445F8-3774-4E7D-AF54-8B933C554B1C}]
09/27/2006 10:36 AM 37376 --a------ C:\Program Files\LeechVideoConvert\leechmon.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/20/2003 12:56 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/20/2003 12:56 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [10/24/2003 02:39 PM]
"TpShocks"="TpShocks.exe" [12/18/2003 02:12 AM C:\WINDOWS\system32\TpShocks.exe]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [03/11/2004 01:10 AM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [12/25/2003 04:36 PM]
"BMMMONWND"="rundll32.exe" [08/04/2004 03:56 PM C:\WINDOWS\system32\rundll32.exe]
"TP4EX"="tp4ex.exe" [09/04/2002 04:05 PM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 05:04 PM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [10/01/2003 06:39 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [01/21/2004 05:28 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [10/22/2003 04:04 PM]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [03/20/2004 03:12 AM]
"ISS_Certtool"="C:\Program Files\IBM\Security\certtool.exe" [10/02/2004 08:32 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/17/2007 04:22 PM]
"DataLayer"="C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe" [03/31/2005 09:30 AM]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/14/2007 03:02 AM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/14/2007 02:55 AM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 09:34 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 03:56 PM]
"BluetoothAuthenticationAgent"="rundll32.exe" [08/04/2004 03:56 PM C:\WINDOWS\system32\rundll32.exe]
"ATIModeChange"="Ati2mdxx.exe" [09/05/2001 07:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [09/01/2005 12:36 PM]
"CmUsbSound"="cmcnfgu.cpl" []
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 05:50 PM C:\WINDOWS\LOGI_MWX.EXE]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [09/14/2007 02:52 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [03/12/2004 06:10 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/11/2004 12:10 PM]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [02/26/2007 02:03 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/08/2008 08:11 AM]
"Cobian Backup 9 interface"="C:\Program Files\Cobian Backup 9\cbInterface.exe" [07/03/2008 01:21 PM]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [07/24/2008 06:32 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [09/13/2007 01:31 PM]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Global Network Client\NetSP.exe" [10/29/2007 10:47 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [01/21/2004 05:28 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"TurboBackup"=C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s

C:\Documents and Settings\Gregorio Andre\Start Menu\Programs\Startup\
Locate32 Autorun.lnk - C:\Program Files\Locate\Locate32.exe [11/4/2006 3:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AdsGone 2006.lnk - C:\Program Files\AdsGone\adsgone.exe [12/21/2002 12:53:40 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/24/2004 3:13:02 AM]
PGPtray.lnk - C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe [10/29/2004 5:12:37 PM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [6/8/2006 1:35:07 PM]
SymmTime.lnk - C:\Program Files\Symmetricom\SymmTime\SymmTime.exe [10/18/2004 8:20:57 AM]
WordWeb Pro.lnk - C:\Program Files\WordWeb\wweb32.exe [2/9/2006 4:30:34 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoRun"=0 (0x0)
"NoFolderOptions"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoFolderOptions"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudorapro\Eudora\EuShlExt.dll [08/17/2006 02:57 PM 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gregorio Andre^Start Menu^Programs^Startup^BDCheck.lnk]
path=C:\Documents and Settings\Gregorio Andre\Start Menu\Programs\Startup\BDCheck.lnk
backup=C:\WINDOWS\pss\BDCheck.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gregorio Andre^Start Menu^Programs^Startup^Dialog Helper.lnk]
path=C:\Documents and Settings\Gregorio Andre\Start Menu\Programs\Startup\Dialog Helper.lnk
backup=C:\WINDOWS\pss\Dialog Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced WindowsCare 3]
"C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Line Speed Meter]
"C:\Program Files\tcpIQ\Line Speed Meter\LineSpeedMeter.exe" -minimize

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smtpsrv]
"C:\Program Files\1st SMTP Server\SMTPServer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=2 (0x2)
"CLTNetCnService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d104bc30-e811-11dc-86cf-00054e4aedef}]
AutoRun\command- H:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe




-- End of Deckard's System Scanner: finished at 2008-07-25 15:20:28 ------------
phrenkat
Active Member
 
Posts: 11
Joined: July 23rd, 2008, 6:23 am

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby Shaba » July 25th, 2008, 3:47 am

Hi

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby phrenkat » July 25th, 2008, 10:12 pm

Hi, Here is is:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, July 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 25, 2008 09:03:43
Records in database: 1007315
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 243603
Threat name: 25
Infected objects: 231
Suspicious objects: 216
Duration of the scan: 12:29:22


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\000C41F1.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00B97333.exe Infected: Email-Worm.Win32.Zhelatin.o 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05BC67AF.exe Infected: Email-Worm.Win32.Zhelatin.o 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A281A2D.pif Infected: Email-Worm.Win32.Warezov.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1149093B.zm9 Infected: Email-Worm.Win32.Sober.y 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11700110.zm9 Infected: Email-Worm.Win32.Sober.y 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BC9221F.pif Infected: Email-Worm.Win32.Warezov.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20CA7F67.exe Infected: Email-Worm.Win32.Warezov.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37D90572.exe Infected: Trojan-Spy.Win32.GhostKeyLogger.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E7062D5.exe Infected: not-a-virus:RiskTool.Win32.Hooker.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40097073.exe Infected: Email-Worm.Win32.Zhelatin.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40266A52.exe Infected: Trojan-Proxy.Win32.Lager.dp 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4029144F.exe Infected: Email-Worm.Win32.Zhelatin.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\402D3E4B.exe Infected: Email-Worm.Win32.Zhelatin.k 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40852BEA.exe Infected: Email-Worm.Win32.Zhelatin.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42967D8F.exe Infected: Email-Worm.Win32.Zhelatin.ab 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54B74A74.pif Infected: Email-Worm.Win32.Warezov.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57052DB3.pif Infected: Email-Worm.Win32.Warezov.eu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59350EF0.zlq Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59A74C72.zlq Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59DF1635.zlq Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E9142B.zlq Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B945931.zm9 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD94AE6.zm9 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BFD18BE.zlq Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C346281.zm9 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CBA1BEE.zm9 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60365EA8.EXE Infected: Exploit.HTML.Agent.am 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\603908A4.EXE Infected: Email-Worm.Win32.Rays 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60E30FE9.htt Infected: Trojan.VBS.Starter.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60F70BD4.exe Infected: Email-Worm.Win32.Rays 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61352990.bat Infected: Email-Worm.Win32.Rays 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61352990.htt Infected: Trojan.VBS.Zapchast.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\618D172E.htm Infected: Trojan.VBS.Zapchast.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E8323B Infected: Trojan-Spy.Win32.GhostKeyLogger.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F486AC9.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12A56.exe Infected: Email-Worm.Win32.Zhelatin.o 1
C:\Documents and Settings\Gregorio Andre\My Documents\My Downloads\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Documents and Settings\Gregorio Andre\My Documents\My Downloads\sspsetup1_(2).exe Infected: Backdoor.Win32.Delf.jgi 1
C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Program Files\nero8-fdb.iso Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 2
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\ATTACH\Bill_Tax.zip Infected: Trojan-Spy.Win32.Zbot.dkx 1
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
C:\Program Files\xp-utilities\madCHook.dll Infected: not-a-virus:RiskTool.Win32.Hooker.a 1
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP834\A0299645.exe Infected: Trojan-Downloader.Win32.Zlob.sfv 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\000C41F1.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00B97333.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05BC67AF.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A281A2D.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1149093B.zm9 Infected: Email-Worm.Win32.Sober.y 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11700110.zm9 Infected: Email-Worm.Win32.Sober.y 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BC9221F.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20CA7F67.exe Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37D90572.exe Infected: Trojan-Spy.Win32.GhostKeyLogger.c 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E7062D5.exe Infected: not-a-virus:RiskTool.Win32.Hooker.a 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40097073.exe Infected: Email-Worm.Win32.Zhelatin.a 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40266A52.exe Infected: Trojan-Proxy.Win32.Lager.dp 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4029144F.exe Infected: Email-Worm.Win32.Zhelatin.h 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\402D3E4B.exe Infected: Email-Worm.Win32.Zhelatin.k 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40852BEA.exe Infected: Email-Worm.Win32.Zhelatin.h 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42967D8F.exe Infected: Email-Worm.Win32.Zhelatin.ab 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54B74A74.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57052DB3.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59350EF0.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59A74C72.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59DF1635.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E9142B.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B945931.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD94AE6.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BFD18BE.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C346281.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CBA1BEE.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60365EA8.EXE Infected: Exploit.HTML.Agent.am 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\603908A4.EXE Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60E30FE9.htt Infected: Trojan.VBS.Starter.a 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60F70BD4.exe Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61352990.bat Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61352990.htt Infected: Trojan.VBS.Zapchast.b 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\618D172E.htm Infected: Trojan.VBS.Zapchast.b 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E8323B Infected: Trojan-Spy.Win32.GhostKeyLogger.c 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F486AC9.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1
F:\Cobian Backup\C 2008-07-06 17;51;01\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12A56.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\000C41F1.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00B97333.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05BC67AF.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A281A2D.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1149093B.zm9 Infected: Email-Worm.Win32.Sober.y 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11700110.zm9 Infected: Email-Worm.Win32.Sober.y 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BC9221F.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20CA7F67.exe Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37D90572.exe Infected: Trojan-Spy.Win32.GhostKeyLogger.c 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E7062D5.exe Infected: not-a-virus:RiskTool.Win32.Hooker.a 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40097073.exe Infected: Email-Worm.Win32.Zhelatin.a 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40266A52.exe Infected: Trojan-Proxy.Win32.Lager.dp 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4029144F.exe Infected: Email-Worm.Win32.Zhelatin.h 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\402D3E4B.exe Infected: Email-Worm.Win32.Zhelatin.k 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40852BEA.exe Infected: Email-Worm.Win32.Zhelatin.h 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42967D8F.exe Infected: Email-Worm.Win32.Zhelatin.ab 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54B74A74.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57052DB3.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59350EF0.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59A74C72.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59DF1635.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E9142B.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B945931.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD94AE6.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BFD18BE.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C346281.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CBA1BEE.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60365EA8.EXE Infected: Exploit.HTML.Agent.am 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\603908A4.EXE Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60E30FE9.htt Infected: Trojan.VBS.Starter.a 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60F70BD4.exe Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61352990.bat Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61352990.htt Infected: Trojan.VBS.Zapchast.b 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\618D172E.htm Infected: Trojan.VBS.Zapchast.b 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E8323B Infected: Trojan-Spy.Win32.GhostKeyLogger.c 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F486AC9.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1
F:\Cobian Backup\C 2008-07-07 17;43;38\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12A56.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\000C41F1.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00B97333.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05BC67AF.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A281A2D.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1149093B.zm9 Infected: Email-Worm.Win32.Sober.y 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11700110.zm9 Infected: Email-Worm.Win32.Sober.y 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BC9221F.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\20CA7F67.exe Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37D90572.exe Infected: Trojan-Spy.Win32.GhostKeyLogger.c 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E7062D5.exe Infected: not-a-virus:RiskTool.Win32.Hooker.a 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40097073.exe Infected: Email-Worm.Win32.Zhelatin.a 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40266A52.exe Infected: Trojan-Proxy.Win32.Lager.dp 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4029144F.exe Infected: Email-Worm.Win32.Zhelatin.h 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\402D3E4B.exe Infected: Email-Worm.Win32.Zhelatin.k 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40852BEA.exe Infected: Email-Worm.Win32.Zhelatin.h 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42967D8F.exe Infected: Email-Worm.Win32.Zhelatin.ab 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54B74A74.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57052DB3.pif Infected: Email-Worm.Win32.Warezov.eu 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59350EF0.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59A74C72.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59DF1635.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59E9142B.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B945931.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BD94AE6.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BFD18BE.zlq Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C346281.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CBA1BEE.zm9 Infected: Email-Worm.Win32.NetSky.q 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60365EA8.EXE Infected: Exploit.HTML.Agent.am 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\603908A4.EXE Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60E30FE9.htt Infected: Trojan.VBS.Starter.a 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60F70BD4.exe Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61352990.bat Infected: Email-Worm.Win32.Rays 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61352990.htt Infected: Trojan.VBS.Zapchast.b 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\618D172E.htm Infected: Trojan.VBS.Zapchast.b 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E8323B Infected: Trojan-Spy.Win32.GhostKeyLogger.c 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F486AC9.exe Infected: Trojan-Downloader.Win32.Tibs.kj 1
F:\Cobian Backup\Documents and Settings 2008-07-06 18;09;01\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FB12A56.exe Infected: Email-Worm.Win32.Zhelatin.o 1
F:\Cobian Backup\Qualcomm 2008-07-11 17;41;41\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-11 17;41;41\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-11 17;41;41\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-11 17;41;41\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-11 17;41;41\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-11 17;41;41\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-11 17;41;41\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-13 17;41;33\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-13 17;41;33\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-13 17;41;33\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-13 17;41;33\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-13 17;41;33\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-13 17;41;33\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-13 17;41;33\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-14 17;41;33\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-14 17;41;33\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-14 17;41;33\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-14 17;41;33\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-14 17;41;33\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-14 17;41;33\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-14 17;41;33\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-16 17;41;39\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-16 17;41;39\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-16 17;41;39\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-16 17;41;39\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-16 17;41;39\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-16 17;41;39\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-16 17;41;39\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-17 17;41;40\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-17 17;41;40\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-17 17;41;40\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-17 17;41;40\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-17 17;41;40\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-17 17;41;40\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-17 17;41;40\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-18 17;41;47\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-18 17;41;47\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-18 17;41;47\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-18 17;41;47\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-18 17;41;47\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-18 17;41;47\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-18 17;41;47\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-20 17;41;29\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-20 17;41;29\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-20 17;41;29\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-20 17;41;29\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-20 17;41;29\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-20 17;41;29\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-20 17;41;29\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-22 17;45;34\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-22 17;45;34\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-22 17;45;34\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-22 17;45;34\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-22 17;45;34\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-22 17;45;34\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-22 17;45;34\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-23 17;41;37\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-23 17;41;37\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-23 17;41;37\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-23 17;41;37\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-23 17;41;37\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-23 17;41;37\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-23 17;41;37\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-24 17;42;17\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-24 17;42;17\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-24 17;42;17\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-24 17;42;17\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-24 17;42;17\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-24 17;42;17\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-24 17;42;17\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35\Eudorapro\Eudora~1\ATTACH\Bill_Tax.zip Infected: Trojan-Spy.Win32.Zbot.dkx 1
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35\Eudorapro\Eudora~1\EMBEDDED\andiron.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35\Eudorapro\Eudora~1\EMBEDDED\arise.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35\Eudorapro\Eudora~1\EMBEDDED\blonde.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35\Eudorapro\Eudora~1\EMBEDDED\buenos.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35\Eudorapro\Eudora~1\EMBEDDED\collard.gif Infected: Trojan-Spy.HTML.Bankfraud.ri 1
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx Infected: IRC-Worm.HTML.Generic 1
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35\Eudorapro\Eudora~1\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 18
F:\RECYCLER\S-1-5-21-4254365012-3848109449-2333181463-1005\Df123.exe Infected: Trojan-Downloader.MSIL.Agent.ah 1

The selected area was scanned.
------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:39 AM, on 7/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\IBM\Security\certtool.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\WINDOWS\system32\PGPserv.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Locate\Locate32.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\HFXP2\hfxp.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.0.3:8080;http=192.168.0.3:8080;ftp=192.168.0.3:8080;gopher=192.168.0.3:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lmon Class - {1B7445F8-3774-4E7D-AF54-8B933C554B1C} - C:\Program Files\LeechVideoConvert\leechmon.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [ISS_Certtool] "C:\Program Files\IBM\Security\certtool.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DataLayer] "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'Default user')
O4 - S-1-5-18 Startup: Locate32 Autorun.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Locate32 Autorun.lnk = ? (User 'Default user')
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: SymmTime.lnk = ?
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE426EC-486E-4E21-A004-5D91CFB6E052}: NameServer = 58.69.254.3,58.69.254.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 16096 bytes
phrenkat
Active Member
 
Posts: 11
Joined: July 23rd, 2008, 6:23 am

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby Shaba » July 26th, 2008, 5:02 am

Hi

Empty these folders:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine
F:\Cobian Backup\C 2008-07-06 17;51;01 (infected, if you need backup, then just delete bad files from kaspersky log)
F:\Cobian Backup\Qualcomm 2008-07-11 17;41;41 (see above for all these)
F:\Cobian Backup\Qualcomm 2008-07-13 17;41;33
F:\Cobian Backup\Qualcomm 2008-07-14 17;41;33
F:\Cobian Backup\Qualcomm 2008-07-16 17;41;39
F:\Cobian Backup\Qualcomm 2008-07-17 17;41;40
F:\Cobian Backup\Qualcomm 2008-07-18 17;41;47
F:\Cobian Backup\Qualcomm 2008-07-20 17;41;29
F:\Cobian Backup\Qualcomm 2008-07-22 17;45;34
F:\Cobian Backup\Qualcomm 2008-07-23 17;41;37
F:\Cobian Backup\Qualcomm 2008-07-24 17;42;17
F:\Cobian Backup\Qualcomm 2008-07-25 17;41;35

Delete these:

C:\Documents and Settings\Gregorio Andre\My Documents\My Downloads\sspsetup1_(2).exe
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\ATTACH\Bill_Tax.zip
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\andiron.gif
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\arise.gif
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\blonde.gif
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\buenos.gif
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\EMBEDDED\collard.gif
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\Mailing lists.FOL\Listsforums.mbx
C:\Program Files\Qualcomm\Eudorapro\Eudora~1\Trash.mbx

Empty Recycle Bin.

Still problems?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby phrenkat » July 27th, 2008, 1:20 am

Things are looking very good. Many thanks for your excellent and persistent help.
Bests,
Andre
phrenkat
Active Member
 
Posts: 11
Joined: July 23rd, 2008, 6:23 am

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby Shaba » July 27th, 2008, 4:49 am

Hi

Before all clean, have you uninstalled all Norton products?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby phrenkat » July 28th, 2008, 4:08 am

Hi,

Yeah, last to go was their "Live Update Notice." The Symantec Quarantine file got deleted after the final scan yesterday. Their stuff isn't easy to remove, but I think I got it all. I never want to see another trace of NAV on my computer again.
phrenkat
Active Member
 
Posts: 11
Joined: July 23rd, 2008, 6:23 am

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby Shaba » July 28th, 2008, 4:48 am

Hi

Please post back a fresh hijackthis log that we can see if there is still something left from Norton :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: missing exiplorer.exe error aka XPBAGUIO.A work

Unread postby phrenkat » July 28th, 2008, 7:07 am

Hi,
Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:40 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IBM\Security\certtool.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Cobian Backup 9\cbService.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\IBM\Security\uvmserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\MXOALDR.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\ibmsmbus.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\WINDOWS\system32\PGPserv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Symmetricom\SymmTime\SymmTime.exe
C:\Program Files\WordWeb\wweb32.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Locate\Locate32.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\HFXP2\hfxp.exe
C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\ClipCache\clipc.exe
C:\Program Files\Qualcomm\Eudorapro\Eudora\Eudora.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=192.168.0.3:8080;http=192.168.0.3:8080;ftp=192.168.0.3:8080;gopher=192.168.0.3:8080
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lmon Class - {1B7445F8-3774-4E7D-AF54-8B933C554B1C} - C:\Program Files\LeechVideoConvert\leechmon.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] "C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE"
O4 - HKLM\..\Run: [BMMMONWND] "rundll32.exe" C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] "C:\Program Files\IBM\Updater\\ucstartup.exe"
O4 - HKLM\..\Run: [ibmmessages] "C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [ISS_Certtool] "C:\Program Files\IBM\Security\certtool.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DataLayer] "C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SetDefPrt] "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe"
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Global Network Client\NetSP.exe" -show
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue ProcessQuickLink 2] "C:\Program Files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" /autostart
O4 - HKUS\S-1-5-18\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s (User 'Default user')
O4 - S-1-5-18 Startup: Locate32 Autorun.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Locate32 Autorun.lnk = ? (User 'Default user')
O4 - Startup: Locate32 Autorun.lnk = ?
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: PGPtray.lnk = C:\Program Files\PGP Corporation\PGP for Windows XP\PGPtray.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: SymmTime.lnk = ?
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.01\RadioHelper.dll
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE426EC-486E-4E21-A004-5D91CFB6E052}: NameServer = 58.69.254.3,58.69.254.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Unknown owner - C:\Program Files\ewido anti-spyware 4.0\guard.exe (file missing)
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM User Verification Manager - IBM - C:\Program Files\IBM\Security\uvmserv.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: SMBus Upgrade Service for Windows 2000 and above (ibmsmbus) - International Business Machines Corp. - C:\WINDOWS\System32\ibmsmbus.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGL~1\netcfgsvr.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\system32\PGPserv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SystemSuite Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 16105 bytes
phrenkat
Active Member
 
Posts: 11
Joined: July 23rd, 2008, 6:23 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 507 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware