Hello John.
I completed all your instructions. Here are the results, starting with a little about the process.
I didn't have any trouble until I tried to download the JRE upgrade. IE kept stalling and would never complete the download. I tried to use the Java Download Manager, but it would not start because it could not parse the certificate associated with the
Windows Offline Installation item.
Finally I started Firefox. The whole system slowed to a crawl, but I was finally able to get JRE 6 downloaded.
Here are the scans:
- - -
Kaspersky log
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 14, 2007 4:05:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 14/01/2007
Kaspersky Anti-Virus database records: 243913
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
Scan Statistics:
Total number of scanned objects: 141037
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:39:29
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12142006-224210.log Object is locked skipped
C:\Documents and Settings\Glen Stewart\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Glen Stewart\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\ApplicationHistory\TCServer.exe.7c11743d.ini.inuse Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.10.Crwl Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\GatherLogs\MyIndex\MyIndex.10.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\CiST0000.000 Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\Build\Indexer\NlFiles\DocId.Map Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl203.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl205.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl206.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl210.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl211.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl212.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl213.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl214.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl215.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl216.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Crwl217.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Projects\MyIndex\MyIndex.Ntfy11.gthr Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\MSS.log Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\RSApp.edb Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Applications\RSApp\Properties\tmp.edb Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Logs\MAPI.txt Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf7.tmp Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Ntf8.tmp Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Desktop Search\Temp\rssgthrsvc\Perflib_Perfdata_12d4.dat Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\History\History.IE5\MSHist012007011420070115\index.dat Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Temp\~DF166C.tmp Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Glen Stewart\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Glen Stewart\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Glen Stewart\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\Log\CHANNEL.LOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnn1_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnn1_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnn3dot1_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnn3dot1_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnn3test3_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnn3test3_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnnexp_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnnexp_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnnj_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\dnnj_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\northwnd.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\OnTimeDB1.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\OnTimeDB1_log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\pubs_log.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\RecordsNetDB_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\RecordsNetDB_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\skintester2_Data.MDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\skintester2_Log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\ReportServer$MSSQLServer2005.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\ReportServer$MSSQLServer2005TempDB.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\ReportServer$MSSQLServer2005TempDB_log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\ReportServer$MSSQLServer2005_log.LDF Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_271.trc Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Log\FlightRecorderCurrent.trc Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Log\msmdsrv.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\LogFiles\ReportServerService__01_14_2007_11_35_33.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\LogFiles\ReportServerService__main_01_14_2007_11_35_31.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C74F877F-F337-4115-9A47-B71C0D9BB1C7}\RP489\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\GANDALF.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{727451E8-2EB6-4394-880D-25BF0B18FDC3}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_674.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0031b.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
- - -
gmer log one
GMER 1.0.12.12011 -
http://www.gmer.net
Rootkit scan 2007-01-14 16:51:29
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
---- User code sections - GMER 1.0.12 ----
.text C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe[4820] kernel32.dll!WriteFile 7C810D87 7 Bytes JMP 00A2E8D9 C:\Program Files\Windows Desktop Search\mssrch.dll
.text C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe[5744] kernel32.dll!SetErrorMode 7C80AC0F 4 Bytes [ C2, 04, 00, 90 ]
.text C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe[5744] USER32.dll!MessageBoxA 77D804EA 1 Byte [ CC ]
.text C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe[6108] kernel32.dll!SetErrorMode 7C80AC0F 4 Bytes [ C2, 04, 00, 90 ]
.text C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe[6108] USER32.dll!MessageBoxA 77D804EA 1 Byte [ CC ]
---- Devices - GMER 1.0.12 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F54B1800] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F54B1800] vsdatant.sys
---- Files - GMER 1.0.12 ----
ADS C:\Documents and Settings\Glen Stewart\Favorites\Development\Security\Alliance of Security Analysis Professionals:favicon
ADS C:\Documents and Settings\Glen Stewart\Favorites\Development\Security\Malware Removal.url:favicon
ADS C:\Documents and Settings\Glen Stewart\Favorites\Development\Security\Security Central.url:favicon
ADS C:\Documents and Settings\Glen Stewart\Favorites\Links\EmigrantDirect.com.url:favicon
ADS C:\Documents and Settings\Glen Stewart\Favorites\Links\My Yahoo!.url:favicon
ADS C:\Documents and Settings\Glen Stewart\My Documents\Downloads\DNN\3.1.0\DotNetNuke_3.1.0_Install.zip:SummaryInformation
ADS C:\Documents and Settings\Glen Stewart\My Documents\Downloads\DNN\3.1.0\DotNetNuke_3.1.0_Install.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\Glen Stewart\My Documents\Downloads\DNN\LegacyDownloads\DotNetNuke_3.0.13.zip:SummaryInformation
ADS C:\Documents and Settings\Glen Stewart\My Documents\Downloads\DNN\LegacyDownloads\DotNetNuke_3.0.13.zip:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
---- EOF - GMER 1.0.12 ----
- - -
gmer log two
GMER 1.0.12.12011 -
http://www.gmer.net
Autostart scan 2007-01-14 16:53:03
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
loginkey@DLLName = C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
TabBtnWL@DLLName = TabBtnWL.dll
tpgwlnotify@DLLName = tpgwlnot.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
CAISafe /*CAISafe*/@ = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
CFSvcs /*ConfigFree Service*/@ = C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
DVD-RAM_Service /*DVD-RAM_Service*/@ = C:\WINDOWS\system32\DVDRAMSV.exe
Fax /*Fax*/@ = %systemroot%\system32\fxssvc.exe
IISADMIN /*IIS Admin*/@ = C:\WINDOWS\system32\inetsrv\inetinfo.exe
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
MsDtsServer /*SQL Server Integration Services*/@ = "C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe"
msftesql$MSSQLSERVER2005 /*SQL Server FullText Search (MSSQLSERVER2005)*/@ = "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER2005
MSOLAP$MSSQLSERVER2005 /*SQL Server Analysis Services (MSSQLSERVER2005)*/@ = "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config"
MSSQL$MSSQLSERVER2005 /*SQL Server (MSSQLSERVER2005)*/@ = "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER2005
MSSQLSERVER /*MSSQLSERVER*/@ = C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
NVSvc /*NVIDIA Driver Helper Service*/@ = %SystemRoot%\system32\nvsvc32.exe
Pml Driver HPZ12 /*Pml Driver HPZ12*/@ = C:\WINDOWS\system32\HPZipm12.exe
ReportServer$MSSQLSERVER2005 /*SQL Server Reporting Services (MSSQLSERVER2005)*/@ = "C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe"
SMTPSVC /*Simple Mail Transfer Protocol (SMTP)*/@ = C:\WINDOWS\system32\inetsrv\inetinfo.exe
SoundMAX Agent Service (default) /*SoundMAX Agent Service*/@ = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
SQLBrowser /*SQL Server Browser*/@ = "C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
Swupdtmr /*Swupdtmr*/@ = c:\Toshiba\IVP\swupdate\swupdtmr.exe
Tmesrv /*Tmesrv3*/@ = "C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
VETMSGNT /*VET Message Service*/@ = C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
W3SVC /*World Wide Web Publishing*/@ = %SystemRoot%\system32\inetsrv\inetinfo.exe
WinDefend /*Windows Defender*/@ = "C:\Program Files\Windows Defender\MsMpEng.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /installquiet = nwiz.exe /installquiet
@SoundMAXPnPC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
@SoundMAXC:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray /*file not found*/ = C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray /*file not found*/
@ApointC:\Program Files\Apoint2K\Apoint.exe = C:\Program Files\Apoint2K\Apoint.exe
@LtMohC:\Program Files\ltmoh\Ltmoh.exe = C:\Program Files\ltmoh\Ltmoh.exe
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@00THotkeyC:\WINDOWS\system32\00THotkey.exe = C:\WINDOWS\system32\00THotkey.exe
@CrossMenuC:\Program Files\Toshiba\CrossMenu\CrossMenu.exe = C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
@TapButtC:\Program Files\Toshiba\TapButton\TapButt.exe = C:\Program Files\Toshiba\TapButton\TapButt.exe
@000StTHK000StTHK.exe = 000StTHK.exe
@TAcelMgrC:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe = C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
@TSkrMainC:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe = C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
@TPSMainTPSMain.exe = TPSMain.exe
@TFNF5TFNF5.exe = TFNF5.exe
@TosHKCW.exe"C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" = "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
@TMESRV.EXEC:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon /*file not found*/ = C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon /*file not found*/
@TMERzCtl.EXEC:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service /*file not found*/ = C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service /*file not found*/
@TosRotation"C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" = "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
@TAudEffectC:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run /*file not found*/ = C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run /*file not found*/
@SmoothViewC:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe = C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
@NDSTray.exeNDSTray.exe /*file not found*/ = NDSTray.exe /*file not found*/
@Sensiva"C:\Symbol Commander\Sensiva.exe" = "C:\Symbol Commander\Sensiva.exe"
@TouchEDC:\Program Files\TOSHIBA\TouchED\TouchED.Exe = C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
@PingerC:\TOSHIBA\IVP\ISM\pinger.exe /run = C:\TOSHIBA\IVP\ISM\pinger.exe /run
@TabletWizardC:\WINDOWS\help\SplshWrp.exe = C:\WINDOWS\help\SplshWrp.exe
@TabletTip"C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume = "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
@CFSServ.exeCFSServ.exe -NoClient /*file not found*/ = CFSServ.exe -NoClient /*file not found*/
@CaAvTray"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" = "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
@CAVRID"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" = "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
@eTrustPPAP"C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe" = "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
@Zone Labs Client"C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe" = "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
@HP Software Updatec:\Program Files\HP\HP Software Update\HPWuSchd2.exe = c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@ISUSPM StartupC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
@ISUSScheduler"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@Windows Defender"C:\Program Files\Windows Defender\MSASCui.exe" -hide = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
@H/PC Connection Agent"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WIFD1F~1\MpShHook.dll = C:\PROGRA~1\WIFD1F~1\MpShHook.dll
@{56F9679E-7826-4C84-81F3-532071A8BCC5}C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll = C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{C4213067-97B3-4929-9B98-B5600FBBBA13} /*TouchED*/C:\Program Files\TOSHIBA\TouchED\TouchED.dll = C:\Program Files\TOSHIBA\TouchED\TouchED.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{5a61f7a0-cde1-11cf-9113-00aa00425c62} /*IIS Shell Extension*/C:\WINDOWS\system32\inetsrv\w3ext.dll = C:\WINDOWS\system32\inetsrv\w3ext.dll
@{AC0B5D2E-B691-4E12-A4F9-CA88492579A2} /*Zinio Shell Extension*/C:\Program Files\Common Files\Zinio\ZSHExt.dll = C:\Program Files\Common Files\Zinio\ZSHExt.dll
@{A9AACA72-1C51-4F84-804D-90EDBA0D58F4} /*Zinio Magazine Column Provider*/C:\Program Files\Common Files\Zinio\ZSHExt.dll = C:\Program Files\Common Files\Zinio\ZSHExt.dll
@{091D66CD-24B7-4210-A790-78463B1B3D7A} /*Zinio Shell Extension UI Object*/C:\Program Files\Common Files\Zinio\ZSHExt.dll = C:\Program Files\Common Files\Zinio\ZSHExt.dll
@{506F4668-F13E-4AA1-BB04-B43203AB3CC0} /*{506F4668-F13E-4AA1-BB04-B43203AB3CC0}*/C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL = C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
@{D66DC78C-4F61-447F-942B-3FB6980118CF} /*{D66DC78C-4F61-447F-942B-3FB6980118CF}*/C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL = C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL
@{8932AEFE-9DB6-4f43-AFB2-5682F55E773A} /*VPCHostCopyHook*/C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL = C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
@{7D5C4BDD-B015-4401-8731-1507B87DE297} /*QBVersionTool*/C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll = C:\Program Files\Common Files\Intuit\QuickBooks\QBVersionTool.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{1CE2AA40-1317-11D3-9922-00104B0AD431} /*CA_AntiVirus*/C:\WINDOWS\avshlext.dll = C:\WINDOWS\avshlext.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MICROS~4\Wcesview.dll = C:\PROGRA~1\MICROS~4\Wcesview.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{97090E2F-3062-4459-855B-014F0D3CDBB1} /*Windows Deskbar*/(null) =
@{13E7F612-F261-4391-BEA2-39DF4F3FA311} /*Windows Desktop Search*/C:\Program Files\Windows Desktop Search\msnlExt.dll = C:\Program Files\Windows Desktop Search\msnlExt.dll
@{D426CFD0-87FC-4906-98D9-A23F5D515D61} /*Windows Desktop Search Outlook Express ISearchFolder Class*/C:\Program Files\Windows Desktop Search\OEPH.dll = C:\Program Files\Windows Desktop Search\OEPH.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{8C504614-A455-4CBA-81B4-D279644B8A7D} = tfaxext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus@{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{2F85D76C-0569-466F-A488-493E6BD0E955}C:\Program Files\Windows Desktop Search\dsWebAllow.dll = C:\Program Files\Windows Desktop Search\dsWebAllow.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\Windows Live Toolbar\msntb.dll = C:\Program Files\Windows Live Toolbar\msntb.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157
@Start
Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://www.live.com =
http://www.live.com
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010@PackedCatalogItem = C:\WINDOWS\system32\VetRedir.dll
C:\Documents and Settings\Glen Stewart\Start Menu\Programs\Startup = Microsoft Office OneNote 2003 Quick Launch.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Adobe Reader Speed Launch.lnk = Adobe Reader Speed Launch.lnk
Bluetooth Manager.lnk = Bluetooth Manager.lnk
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
QuickBooks Delivery Agent.lnk = QuickBooks Delivery Agent.lnk
QuickBooks Update Agent.lnk = QuickBooks Update Agent.lnk
RAMASST.lnk = RAMASST.lnk
Service Manager.lnk = Service Manager.lnk
Vital Archives.lnk = Vital Archives.lnk
Windows Desktop Search.lnk = Windows Desktop Search.lnk
---- EOF - GMER 1.0.12 ----
- - -
New Hijack This Scan
Logfile of HijackThis v1.99.1
Scan saved at 5:53:23 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Vital Archives\sdbackup.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPV5Updater.exe
C:\Documents and Settings\Glen Stewart\Desktop\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Firewall\ca.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickBooks Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Pro\Components\QBAgent\QBDAgent.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Vital Archives.lnk = C:\Program Files\Vital Archives\sdbackup.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search -
res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in default aggregator - C:\Documents and Settings\Glen Stewart\Application Data\RssBandit\iecontext_subscribefeed.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 1309563415
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/softwa ... Plugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -
http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: loginkey - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server FullText Search (MSSQLSERVER2005) (msftesql$MSSQLSERVER2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER2005 (file missing)
O23 - Service: SQL Server Analysis Services (MSSQLSERVER2005) (MSOLAP$MSSQLSERVER2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config (file missing)
O23 - Service: SQL Server (MSSQLSERVER2005) (MSSQL$MSSQLSERVER2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER2005 (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SQL Server Agent (MSSQLSERVER2005) (SQLAgent$MSSQLSERVER2005) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER2005 (file missing)
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe