Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

more Trojan Zlob [RESOLVED]

Started by fjchild , Jan 05 2008 04:42 PM

  • This topic is locked This topic is locked

#16
fjchild
Posted 08 January 2008 - 12:05 PM

fjchild

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nope. I even tried going Internet Settings before opening IE and changed it there to my desired local file. Still toshibadirect.com.

Last night I regedit-ed and changed all examples there to the local file. It changes back before I close regedit. There's a C:\WINDOWS\ToshibaDirect directory but renaming it just stops IE from loading some of the graphics.

I take it I'm completely de-Zlobbed now? I must say, I'm really impressed with the time & effort you've put into that.

I can live with the IE thing - it's just very annoying that someone else is dictating the way MY computer works. But like I said, I don't use IE much.
  • 0

Advertisements

#17
Rorschach112
Posted 08 January 2008 - 01:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

I take it I'm completely de-Zlobbed now? I must say, I'm really impressed with the time & effort you've put into that.

Thank you :) Your PC is indeed de-Zlobbed

Lets see if we can fix this problem though.


Download WinPFind35U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.
  • Open the WinPFind35u folder and double-click on WinPFind35U.exe to start the program.
  • Under Rootkit Search on the left change it to Yes
  • Under Additional Scans check the box beside Reg - Disabled MS Config Items.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.
  • 0

#18
fjchild
Posted 08 January 2008 - 04:26 PM

fjchild

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK. This is a lot of junk but maybe I shoulda said, I'm still rebuilding after needing a new HD. Happily, I was up to date with a full drive simple copy that day (done monthly) as well as daily backups. One of the reasons SUPERAntiSpyware took so long was I made it do E: as well.

WinPFind35 logfile created on: 1/8/2008 5:13:47 PM
WinPFind35U Version Beta21 Folder = C:\Downloads\WinPFind\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

494.77 Mb Total Physical Memory | 71.42 Mb Available Physical Memory | 14.44% Memory free
1.13 Gb Paging File | 0.76 Gb Available in Paging File | 67.18% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 39.06 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 189.87 Gb Total Space | 91.69 Gb Free Space | 48.29% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded

Computer Name: MURGATROID
Current User Name: Abby Sale
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 4:44:54 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 4:44:48 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 155648 bytes | Modified Date = 1/26/2004 9:03:20 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 118784 bytes | Modified Date = 1/26/2004 9:03:08 PM | Attr = ]
stacmon.exe -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 8/3/2003 6:01:14 PM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Modified Date = 10/30/2003 6:46:18 PM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 2/20/2004 5:00:28 PM | Attr = ]
00thotkey.exe -> %System32%\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 24 | Size = 258048 bytes | Modified Date = 6/28/2004 7:24:28 PM | Attr = ]
tpsmain.exe -> %System32%\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 278528 bytes | Modified Date = 6/1/2004 10:43:28 PM | Attr = ]
tfnf5.exe -> %System32%\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 6, 0, 0 | Size = 73728 bytes | Modified Date = 12/2/2003 4:15:46 PM | Attr = ]
smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 3/2/2004 3:45:28 PM | Attr = ]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 8:00:06 PM | Attr = ]
ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 57 | Size = 892928 bytes | Modified Date = 7/13/2004 11:51:04 PM | Attr = ]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.03.01 | Size = 102400 bytes | Modified Date = 3/3/2004 5:48:58 PM | Attr = ]
tmerzctl.exe -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 15 | Size = 77824 bytes | Modified Date = 5/26/2004 3:04:08 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 7/20/2004 3:04:00 AM | Attr = ]
sdpin.exe -> %ProgramFiles%\WinMagic\SecureDoc-NT\SDPin.exe -> Winmagic Inc. [Ver = 4.1.060601.1 | Size = 425984 bytes | Modified Date = 6/1/2006 11:55:20 AM | Attr = ]
ad-watch.exe -> %SystemDrive%\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 538112 bytes | Modified Date = 9/16/2004 4:15:00 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 66680 bytes | Modified Date = 2/29/2004 4:44:46 PM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 3:18:32 PM | Attr = ]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 5:24:46 AM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 1:08:42 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr = ]
ramasst.exe -> %System32%\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 1:38:12 PM | Attr = ]
tpsbattm.exe -> %System32%\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Modified Date = 6/1/2004 10:43:10 PM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 6/16/2004 6:44:06 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 3:17:10 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 3:38:26 PM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
retrorun.exe -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 29184 bytes | Modified Date = 1/3/2003 11:20:48 AM | Attr = ]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 3:17:46 PM | Attr = ]
tmesrv31.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 3/25/2004 5:36:58 PM | Attr = ]
tmeejme.exe -> %ProgramFiles%\Toshiba\TME3\TMEEJME.exe -> TOSHIBA [Ver = 1, 0, 0, 19 | Size = 77824 bytes | Modified Date = 1/30/2004 6:36:34 PM | Attr = ]
notes.exe -> %ProgramFiles%\AlotNotes\notes.exe -> [Ver = | Size = 1234432 bytes | Modified Date = 3/11/2004 5:29:14 PM | Attr = ]
netscape.exe -> %SystemDrive%\INTERNET\Netscape\Netscape Browser\netscape.exe -> Netscape [Ver = 8.1.3 | Size = 103496 bytes | Modified Date = 3/22/2007 4:53:40 PM | Attr = ]
winpfind35u.exe -> %SystemDrive%\Downloads\WinPFind\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294912 bytes | Modified Date = 1/5/2008 10:54:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(bepprldr) BCL easyPDF SDK Loader [Win32_Shared | On_Demand | Stopped] -> %CommonProgramFiles%\BCL Technologies\easyPDF 4\bepprldr.exe -> [Ver = 1, 2, 0, 4 | Size = 77824 bytes | Modified Date = 11/11/2005 11:03:06 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 4:44:48 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 87160 bytes | Modified Date = 2/29/2004 4:44:52 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 4:44:54 PM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 6/16/2004 6:44:06 PM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 3:17:10 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 3:38:26 PM | Attr = ]
(GoogleDesktopManager-121207-085209) Google Desktop Manager 5.7.712.12266 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.712.12266 | Size = 29744 bytes | Modified Date = 12/15/2007 12:37:05 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 5:24:18 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(RetroLauncher) Retrospect Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 29184 bytes | Modified Date = 1/3/2003 11:20:48 AM | Attr = ]
(Retrospect Helper) Retrospect Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Dantz\Retrospect\rthlpsvc.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 57344 bytes | Modified Date = 1/3/2003 11:20:48 AM | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 1.5.0.0 | Size = 169192 bytes | Modified Date = 3/12/2004 3:18:06 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.3.0.46 | Size = 193760 bytes | Modified Date = 3/11/2004 2:58:32 PM | Attr = ]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 3:17:46 PM | Attr = ]
(Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 3/25/2004 5:36:58 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
000StTHK -> %System32%\000StTHK.exe -> [Ver = | Size = 24576 bytes | Modified Date = 6/23/2001 10:28:06 PM | Attr = ]
00THotkey -> %System32%\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 24 | Size = 258048 bytes | Modified Date = 6/28/2004 7:24:28 PM | Attr = ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 2/20/2004 5:00:28 PM | Attr = ]
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Modified Date = 10/30/2003 6:46:18 PM | Attr = ]
AWMON -> %SystemDrive%\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 538112 bytes | Modified Date = 9/16/2004 4:15:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 66680 bytes | Modified Date = 2/29/2004 4:44:46 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 7/20/2004 3:04:00 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 118784 bytes | Modified Date = 1/26/2004 9:03:08 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 155648 bytes | Modified Date = 1/26/2004 9:03:20 PM | Attr = ]
LtMoh -> %ProgramFiles%\ltmoh\Ltmoh.exe -> File not found
NDSTray.exe -> NDSTray.exe -> File not found
Pinger -> %SystemDrive%\toshiba\ivp\ism\pinger.exe -> File not found
SigmaTel StacMon -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 8/3/2003 6:01:14 PM | Attr = ]
SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 3/2/2004 3:45:28 PM | Attr = ]
StartSecurDoc -> %ProgramFiles%\WinMagic\SecureDoc-NT\SDPin.exe -> Winmagic Inc. [Ver = 4.1.060601.1 | Size = 425984 bytes | Modified Date = 6/1/2006 11:55:20 AM | Attr = ]
TFncKy -> TFncKy.exe -> File not found
TFNF5 -> %System32%\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 6, 0, 0 | Size = 73728 bytes | Modified Date = 12/2/2003 4:15:46 PM | Attr = ]
TMERzCtl.EXE -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 15 | Size = 77824 bytes | Modified Date = 5/26/2004 3:04:08 PM | Attr = ]
TMESRV.EXE -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 3/25/2004 5:36:58 PM | Attr = ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 8:00:06 PM | Attr = ]
TPSMain -> %System32%\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 278528 bytes | Modified Date = 6/1/2004 10:43:28 PM | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 3:18:32 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 5:24:46 AM | Attr = ]
*MultiFile Done* -> ->
< Abby Sale Startup Folder > -> C:\Documents and Settings\Abby Sale\Start Menu\Programs\Startup ->
%UserStartup%\Microsoft Outlook 2000.lnk -> -> File not found
-> %UserStartup%\TODAYME (autoexec.nt) -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr = ]
%AllUsersStartup%\RAMASST.lnk -> %System32%\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 1:38:12 PM | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.712.12266 | Size = 107008 bytes | Modified Date = 12/15/2007 12:37:13 PM | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
SDocGina.dll -> %System32%\SDocGina.dll -> Winmagic Inc. [Ver = 4.1.051210.4 | Size = 254976 bytes | Modified Date = 5/5/2006 5:26:48 PM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2331 | Size = 323584 bytes | Modified Date = 1/26/2004 9:03:20 PM | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 9.0.0.338 | Size = 83176 bytes | Modified Date = 3/12/2004 3:17:24 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://toshibadirect.com/ ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://toshibadirect.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> [] ->
HKEY_CURRENT_USER\: ProxyEnable -> 1 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
www.agencyportal_newyorklife.com [https] -> Local intranet ->
www.authsm_newyorklife.com [https] -> Local intranet ->
www.ftisweb_newyorklife.com [https] -> Local intranet ->
www.fts_newyorklife.com [https] -> Local intranet ->
www.mcs_newyorklife.com [https] -> Local intranet ->
www.riat_newyorklife.com [https] -> Local intranet ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
www_newyorklife.com [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 7/20/2004 3:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 434279 bytes | Modified Date = 9/7/2006 6:06:08 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 69746 bytes | Modified Date = 9/7/2006 6:06:08 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 434279 bytes | Modified Date = 9/7/2006 6:06:08 PM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 69746 bytes | Modified Date = 9/7/2006 6:06:08 PM | Attr = ]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
Extension\.htm -> %SystemDrive%\INTERNET\Netscape\Netscape Browser\plugins\npTrident.dll [Trident Plugin for Netscape] -> Netscape Communications Corp. [Ver = 2004, 0, 0, 1 | Size = 202752 bytes | Modified Date = 3/21/2007 8:04:01 PM | Attr = ]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{21A9C25E-88EB-41DD-9FF1-F5FA8F4D8685} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{6BF608AB-20F2-42EF-9A2D-128E4B2F56A9} -> (Intel® PRO/Wireless 2915ABG Network Connection) ->
{AA7ACF33-5CE6-42E9-A9B4-BF89A61CCDAA} -> (Intel® PRO/100 VE Network Connection) ->
{C5163358-394B-4925-B69F-89004AF65996} -> (Intel® PRO/Wireless 2100A LAN Mini PCI Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{49232000-16E4-426C-A231-62846947304B}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp...ads/sysinfo.cab[SysData Class] ->
{5EF90065-A2C4-4C6D-993E-40EE010EBA3D}[HKEY_LOCAL_MACHINE] -> https://www.fts.newy.../FTWebUtils.CAB[FTWebUtils.Redirecter] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.mi...b?1193761944346[WUWebControl Class] ->
{88D969C0-F192-11D4-A65F-0040963251E5}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp...oads/msxml4.cab[XML DOM Document 4.0] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_09] ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.4.2_05] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_09] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
LtMoh hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ltmoh\Ltmoh.exe -> File not found
Pinger hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemDrive%\toshiba\ivp\ism\pinger.exe -> File not found


[Files/Folders - Created Within 30 days]
)Changed files -> %SystemDrive%\)Changed files -> [Folder | Created Date = 12/14/2007 5:24:09 PM | Attr = ]
00 -> %SystemDrive%\00 -> [Folder | Created Date = 12/21/2007 4:20:24 AM | Attr = ]
0Backup -> %SystemDrive%\0Backup -> [Folder | Created Date = 1/3/2008 12:13:03 PM | Attr = ]
Almanac -> %SystemDrive%\Almanac -> [Folder | Created Date = 12/15/2007 10:02:25 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 12/14/2007 3:21:18 PM | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/5/2008 10:45:57 PM | Attr = ]
Deltemp.bat -> %SystemDrive%\Deltemp.bat -> [Ver = | Size = 1283 bytes | Created Date = 12/16/2007 7:07:34 PM | Attr = ]
Del_Temp_Folders.bat -> %SystemDrive%\Del_Temp_Folders.bat -> [Ver = | Size = 5124 bytes | Created Date = 12/16/2007 7:07:34 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 12/13/2007 12:44:09 PM | Attr = ]
e.bat -> %SystemDrive%\e.bat -> [Ver = | Size = 6 bytes | Created Date = 1/1/2008 11:29:52 AM | Attr = ]
fc2tree.dat -> %SystemDrive%\fc2tree.dat -> [Ver = | Size = 583 bytes | Created Date = 1/3/2008 3:33:56 PM | Attr = H ]
GRULE -> %SystemDrive%\GRULE -> [Folder | Created Date = 12/13/2007 5:12:33 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 518868992 bytes | Created Date = 1/6/2008 5:39:22 PM | Attr = HS]
JEWISH -> %SystemDrive%\JEWISH -> [Folder | Created Date = 12/28/2007 9:39:28 AM | Attr = ]
Medical - Our -> %SystemDrive%\Medical - Our -> [Folder | Created Date = 12/14/2007 10:12:30 PM | Attr = ]
MUSIC -> %SystemDrive%\MUSIC -> [Folder | Created Date = 12/18/2007 8:31:28 AM | Attr = ]
Music-New Downloads -> %SystemDrive%\Music-New Downloads -> [Folder | Created Date = 12/14/2007 5:25:57 PM | Attr = ]
Pictures -> %SystemDrive%\Pictures -> [Folder | Created Date = 1/3/2008 3:31:41 PM | Attr = ]
Purchases -> %SystemDrive%\Purchases -> [Folder | Created Date = 12/14/2007 11:05:15 PM | Attr = ]
Raleigh -> %SystemDrive%\Raleigh -> [Folder | Created Date = 12/14/2007 11:06:35 PM | Attr = ]
Skating -> %SystemDrive%\Skating -> [Folder | Created Date = 12/14/2007 11:06:56 PM | Attr = ]
Tasks (not scheduled) -> %SystemDrive%\Tasks (not scheduled) -> [Folder | Created Date = 12/14/2007 9:28:25 PM | Attr = ]
Tech Stuff -> %SystemDrive%\Tech Stuff -> [Folder | Created Date = 12/14/2007 11:13:38 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Created Date = 12/14/2007 10:14:47 PM | Attr = ]
Utils -> %SystemDrive%\Utils -> [Folder | Created Date = 12/13/2007 3:04:10 PM | Attr = ]
Viewers -> %SystemDrive%\Viewers -> [Folder | Created Date = 12/15/2007 10:09:39 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 1/7/2008 2:46:16 PM | Attr = ]
HPZid412.sys -> %System32%\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Created Date = 12/14/2007 3:26:44 PM | Attr = R ]
HPZipr12.sys -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Created Date = 12/14/2007 3:26:46 PM | Attr = R ]
HPZius12.sys -> %System32%\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Created Date = 12/14/2007 3:26:20 PM | Attr = R ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.4.0.6 | Size = 82832 bytes | Created Date = 12/15/2007 7:54:21 PM | Attr = ]
CONFIG-original.NT -> %System32%\CONFIG-original.NT -> [Ver = | Size = 2577 bytes | Created Date = 1/1/2008 11:24:22 AM | Attr = ]
hpovst08.dll -> %System32%\hpovst08.dll -> Hewlett-Packard Co. [Ver = 45.0.99.000 | Size = 229376 bytes | Created Date = 12/14/2007 10:18:44 PM | Attr = ]
HPZidr12.dll -> %System32%\HPZidr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 278584 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZinw12.exe -> %System32%\HPZinw12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 61440 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZipr12.dll -> %System32%\HPZipr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 204800 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZipt12.dll -> %System32%\HPZipt12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 94208 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZisn12.dll -> %System32%\HPZisn12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 57344 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
hpzlnt12.dll -> %System32%\hpzlnt12.dll -> HP [Ver = 2.335.5.0 | Size = 139345 bytes | Created Date = 12/14/2007 10:17:37 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 11.4.0.11 | Size = 83168 bytes | Created Date = 12/15/2007 7:54:21 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3420 bytes | Created Date = 1/6/2008 5:30:17 PM | Attr = ]
Abby_wa3-HP.bmp -> %SystemRoot%\Abby_wa3-HP.bmp -> [Ver = | Size = 393334 bytes | Created Date = 12/12/2007 9:03:46 PM | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 429 bytes | Created Date = 1/1/2008 12:43:27 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 12/28/2007 8:40:35 AM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 1/5/2008 10:48:39 PM | Attr = ]
Ernie.jpg -> %SystemRoot%\Ernie.jpg -> [Ver = | Size = 218214 bytes | Created Date = 12/13/2007 12:41:39 PM | Attr = ]
FontsAb -> %SystemRoot%\FontsAb -> [Folder | Created Date = 12/15/2007 10:14:15 AM | Attr = ]
FontsFS-from_Fontsmart -> %SystemRoot%\FontsFS-from_Fontsmart -> [Folder | Created Date = 12/15/2007 10:14:19 AM | Attr = ]
FontsTc -> %SystemRoot%\FontsTc -> [Folder | Created Date = 12/15/2007 10:14:28 AM | Attr = ]
FONTS_UN -> %SystemRoot%\FONTS_UN -> [Folder | Created Date = 12/15/2007 10:14:02 AM | Attr = ]
hpoins05.dat -> %SystemRoot%\hpoins05.dat -> [Ver = | Size = 69454 bytes | Created Date = 12/15/2007 10:27:33 AM | Attr = ]
hpomdl05.dat -> %SystemRoot%\hpomdl05.dat -> [Ver = | Size = 19696 bytes | Created Date = 12/15/2007 10:27:33 AM | Attr = ]
hpqEmlSz.INI -> %SystemRoot%\hpqEmlSz.INI -> [Ver = | Size = 0 bytes | Created Date = 12/27/2007 4:27:46 PM | Attr = ]
hpqins13.dat -> %SystemRoot%\hpqins13.dat -> [Ver = | Size = 102364 bytes | Created Date = 12/17/2007 3:29:54 PM | Attr = ]
hpqins13.dat.temp -> %SystemRoot%\hpqins13.dat.temp -> [Ver = | Size = 102364 bytes | Created Date = 12/22/2007 11:38:50 PM | Attr = ]
Iconmgr -> %SystemRoot%\Iconmgr -> [Folder | Created Date = 12/15/2007 12:48:51 PM | Attr = ]
Icons -> %SystemRoot%\Icons -> [Folder | Created Date = 12/15/2007 12:48:51 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 1/3/2008 7:54:16 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/16/2007 8:15:22 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/16/2007 8:15:22 PM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 12/23/2007 8:51:43 PM | Attr = ]
Tinker~1.Bmp -> %SystemRoot%\Tinker~1.Bmp -> [Ver = | Size = 308278 bytes | Created Date = 12/13/2007 12:38:18 PM | Attr = ]
VPC32.INI -> %SystemRoot%\VPC32.INI -> [Ver = | Size = 0 bytes | Created Date = 12/15/2007 5:08:28 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
)Changed files -> %SystemDrive%\)Changed files -> [Folder | Modified Date = 1/7/2008 5:07:30 PM | Attr = ]
00 -> %SystemDrive%\00 -> [Folder | Modified Date = 12/27/2007 10:50:58 PM | Attr = ]
0Backup -> %SystemDrive%\0Backup -> [Folder | Modified Date = 1/3/2008 12:13:03 PM | Attr = ]
Almanac -> %SystemDrive%\Almanac -> [Folder | Modified Date = 1/7/2008 2:32:48 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/4/2008 12:16:31 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/7/2008 6:40:05 PM | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/5/2008 10:45:57 PM | Attr = ]
Del_Temp_Folders.bat -> %SystemDrive%\Del_Temp_Folders.bat -> [Ver = | Size = 5124 bytes | Modified Date = 12/31/2007 3:28:27 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 12/25/2007 2:08:47 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 1/8/2008 5:11:49 PM | Attr = ]
e.bat -> %SystemDrive%\e.bat -> [Ver = | Size = 6 bytes | Modified Date = 1/1/2008 11:30:03 AM | Attr = ]
fc2tree.dat -> %SystemDrive%\fc2tree.dat -> [Ver = | Size = 583 bytes | Modified Date = 1/3/2008 3:39:49 PM | Attr = H ]
GRULE -> %SystemDrive%\GRULE -> [Folder | Modified Date = 12/13/2007 5:14:41 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 518868992 bytes | Modified Date = 1/8/2008 12:43:00 PM | Attr = HS]
INSURANCE -> %SystemDrive%\INSURANCE -> [Folder | Modified Date = 12/27/2007 12:17:59 PM | Attr = ]
INTERNET -> %SystemDrive%\INTERNET -> [Folder | Modified Date = 1/5/2008 7:01:44 PM | Attr = ]
JEWISH -> %SystemDrive%\JEWISH -> [Folder | Modified Date = 12/28/2007 9:39:34 AM | Attr = ]
Medical - Our -> %SystemDrive%\Medical - Our -> [Folder | Modified Date = 12/18/2007 10:05:33 AM | Attr = ]
MUSIC -> %SystemDrive%\MUSIC -> [Folder | Modified Date = 1/1/2008 10:43:40 AM | Attr = ]
Music-New Downloads -> %SystemDrive%\Music-New Downloads -> [Folder | Modified Date = 12/16/2007 10:49:44 AM | Attr = ]
Pictures -> %SystemDrive%\Pictures -> [Folder | Modified Date = 1/3/2008 3:36:58 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/7/2008 4:53:46 PM | Attr = R ]
Purchases -> %SystemDrive%\Purchases -> [Folder | Modified Date = 12/30/2007 12:35:05 PM | Attr = ]
QuickenW -> %SystemDrive%\QuickenW -> [Folder | Modified Date = 12/18/2007 6:28:47 PM | Attr = ]
Raleigh -> %SystemDrive%\Raleigh -> [Folder | Modified Date = 1/2/2008 1:03:03 PM | Attr = ]
Skating -> %SystemDrive%\Skating -> [Folder | Modified Date = 12/14/2007 11:07:08 PM | Attr = ]
Tasks (not scheduled) -> %SystemDrive%\Tasks (not scheduled) -> [Folder | Modified Date = 1/5/2008 9:52:21 AM | Attr = ]
Tech Stuff -> %SystemDrive%\Tech Stuff -> [Folder | Modified Date = 12/17/2007 10:17:32 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 1/5/2008 7:24:36 PM | Attr = ]
Trbck -> %SystemDrive%\Trbck -> [Folder | Modified Date = 1/6/2008 5:02:29 PM | Attr = ]
Utils -> %SystemDrive%\Utils -> [Folder | Modified Date = 1/7/2008 10:58:54 PM | Attr = ]
Viewers -> %SystemDrive%\Viewers -> [Folder | Modified Date = 12/15/2007 10:09:39 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/8/2008 1:02:56 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 1/7/2008 2:46:16 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 12/15/2007 10:29:44 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/8/2008 5:03:35 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2612 bytes | Modified Date = 1/1/2008 11:25:46 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/15/2007 2:55:24 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 12/15/2007 7:54:21 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 268600 bytes | Modified Date = 12/22/2007 1:39:14 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 12/28/2007 9:56:50 AM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 1/1/2008 12:34:01 PM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 1/1/2008 12:34:04 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 1/1/2008 12:34:04 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 12/15/2007 4:53:19 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/15/2007 10:09:06 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2846 | Size = 185688 bytes | Modified Date = 1/1/2008 12:34:19 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3420 bytes | Modified Date = 1/6/2008 5:31:56 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 1/1/2008 9:26:46 AM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/25/2007 10:06:43 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/8/2008 12:43:03 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 429 bytes | Modified Date = 1/1/2008 12:43:27 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 12/16/2007 8:28:42 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 12/28/2007 8:40:35 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/5/2008 10:50:14 PM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 12/17/2007 8:27:04 AM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 1/5/2008 10:48:39 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/22/2007 12:54:06 AM | Attr = R S]
FontsAb -> %SystemRoot%\FontsAb -> [Folder | Modified Date = 12/15/2007 10:14:16 AM | Attr = ]
FontsFS-from_Fontsmart -> %SystemRoot%\FontsFS-from_Fontsmart -> [Folder | Modified Date = 12/15/2007 10:14:20 AM | Attr = ]
FontsTc -> %SystemRoot%\FontsTc -> [Folder | Modified Date = 12/15/2007 10:14:36 AM | Attr = ]
FONTS_UN -> %SystemRoot%\FONTS_UN -> [Folder | Modified Date = 12/15/2007 10:14:02 AM | Attr = ]
ftsl -> %SystemRoot%\ftsl -> [Folder | Modified Date = 12/15/2007 7:59:45 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/6/2008 8:34:34 PM | Attr = ]
hpoins05.dat -> %SystemRoot%\hpoins05.dat -> [Ver = | Size = 69454 bytes | Modified Date = 12/15/2007 4:03:16 PM | Attr = ]
hpqEmlSz.INI -> %SystemRoot%\hpqEmlSz.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2007 4:27:46 PM | Attr = ]
hpqins13.dat -> %SystemRoot%\hpqins13.dat -> [Ver = | Size = 102364 bytes | Modified Date = 12/17/2007 3:31:43 PM | Attr = ]
hpqins13.dat.temp -> %SystemRoot%\hpqins13.dat.temp -> [Ver = | Size = 102364 bytes | Modified Date = 12/17/2007 3:31:43 PM | Attr = ]
Iconmgr -> %SystemRoot%\Iconmgr -> [Folder | Modified Date = 12/15/2007 12:48:51 PM | Attr = ]
Icons -> %SystemRoot%\Icons -> [Folder | Modified Date = 12/15/2007 12:49:00 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/15/2007 5:46:15 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/7/2008 6:40:05 PM | Attr = HS]
machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 3691 bytes | Modified Date = 12/28/2007 7:36:13 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 3597 bytes | Modified Date = 1/8/2008 5:05:29 PM | Attr = ]
MXOALDR.EXE -> %SystemRoot%\MXOALDR.EXE -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 12/15/2007 4:51:00 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/8/2008 5:11:26 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/3/2008 7:57:05 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/16/2007 8:15:22 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/1/2008 2:11:06 PM | Attr = H ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 12/23/2007 1:04:06 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 12/23/2007 8:51:43 PM | Attr = ]
swupdate.INI -> %SystemRoot%\swupdate.INI -> [Ver = | Size = 67 bytes | Modified Date = 12/28/2007 7:38:05 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/4/2008 12:16:31 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/6/2008 5:36:58 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/8/2008 12:43:37 PM | Attr = ]
ToshibaDirect -> %SystemRoot%\ToshibaDirect -> [Folder | Modified Date = 1/8/2008 12:07:26 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 12/15/2007 11:11:33 AM | Attr = ]
VPC32.INI -> %SystemRoot%\VPC32.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/15/2007 5:08:28 PM | Attr = ]
wcds.ini -> %SystemRoot%\wcds.ini -> [Ver = | Size = 2162 bytes | Modified Date = 12/30/2007 1:30:30 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 662 bytes | Modified Date = 1/4/2008 12:16:31 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 217 bytes | Modified Date = 1/6/2008 12:04:29 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/17/2007 3:52:49 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/8/2008 12:43:05 PM | Attr = H ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\VALUEADD\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
scan completed successfully
hidden files: 0

< End of report >
  • 0

#19
Rorschach112
Posted 08 January 2008 - 04:48 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok try this

First off make sure Ad-Aware is totally closed

Start WinPFind35U. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LtMoh -> %ProgramFiles%\ltmoh\Ltmoh.exe
YN -> NDSTray.exe -> NDSTray.exe
YN -> Pinger -> %SystemDrive%\toshiba\ivp\ism\pinger.exe
YN -> TFncKy -> TFncKy.exe
< Abby Sale Startup Folder > -> C:\Documents and Settings\Abby Sale\Start Menu\Programs\Startup
YN -> %UserStartup%\Microsoft Outlook 2000.lnk ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://toshibadirect.com/
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\Start Page -> http://toshibadirect.com/
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> LtMoh hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ltmoh\Ltmoh.exe
YN -> Pinger hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemDrive%\toshiba\ivp\ism\pinger.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back .

I will review the information when it comes back in.


Also tell me if the problem remains
  • 0

#20
fjchild
Posted 08 January 2008 - 05:45 PM

fjchild

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
WinPFind35 logfile created on: 1/8/2008 5:13:47 PM
WinPFind35U Version Beta21 Folder = C:\Downloads\WinPFind\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)

494.77 Mb Total Physical Memory | 71.42 Mb Available Physical Memory | 14.44% Memory free
1.13 Gb Paging File | 0.76 Gb Available in Paging File | 67.18% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.70 Gb Total Space | 39.06 Gb Free Space | 74.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 189.87 Gb Total Space | 91.69 Gb Free Space | 48.29% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded

Computer Name: MURGATROID
Current User Name: Abby Sale
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Processes - Non-Microsoft Only]
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 4:44:54 PM | Attr = ]
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 4:44:48 PM | Attr = ]
igfxtray.exe -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 155648 bytes | Modified Date = 1/26/2004 9:03:20 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 118784 bytes | Modified Date = 1/26/2004 9:03:08 PM | Attr = ]
stacmon.exe -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 8/3/2003 6:01:14 PM | Attr = ]
apoint.exe -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Modified Date = 10/30/2003 6:46:18 PM | Attr = ]
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 2/20/2004 5:00:28 PM | Attr = ]
00thotkey.exe -> %System32%\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 24 | Size = 258048 bytes | Modified Date = 6/28/2004 7:24:28 PM | Attr = ]
tpsmain.exe -> %System32%\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 278528 bytes | Modified Date = 6/1/2004 10:43:28 PM | Attr = ]
tfnf5.exe -> %System32%\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 6, 0, 0 | Size = 73728 bytes | Modified Date = 12/2/2003 4:15:46 PM | Attr = ]
smoothview.exe -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 3/2/2004 3:45:28 PM | Attr = ]
touched.exe -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 8:00:06 PM | Attr = ]
ndstray.exe -> %ProgramFiles%\Toshiba\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 57 | Size = 892928 bytes | Modified Date = 7/13/2004 11:51:04 PM | Attr = ]
tfncky.exe -> %ProgramFiles%\Toshiba\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.03.01 | Size = 102400 bytes | Modified Date = 3/3/2004 5:48:58 PM | Attr = ]
tmerzctl.exe -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 15 | Size = 77824 bytes | Modified Date = 5/26/2004 3:04:08 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 7/20/2004 3:04:00 AM | Attr = ]
sdpin.exe -> %ProgramFiles%\WinMagic\SecureDoc-NT\SDPin.exe -> Winmagic Inc. [Ver = 4.1.060601.1 | Size = 425984 bytes | Modified Date = 6/1/2006 11:55:20 AM | Attr = ]
ad-watch.exe -> %SystemDrive%\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 538112 bytes | Modified Date = 9/16/2004 4:15:00 PM | Attr = ]
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 66680 bytes | Modified Date = 2/29/2004 4:44:46 PM | Attr = ]
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 3:18:32 PM | Attr = ]
toscdspd.exe -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 5:24:46 AM | Attr = ]
apntex.exe -> %ProgramFiles%\Apoint2K\ApntEx.exe -> Alps Electric Co., Ltd. [Ver = 5.0.1.15 | Size = 45056 bytes | Modified Date = 2/26/2003 1:08:42 PM | Attr = ]
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr = ]
ramasst.exe -> %System32%\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 1:38:12 PM | Attr = ]
tpsbattm.exe -> %System32%\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Modified Date = 6/1/2004 10:43:10 PM | Attr = ]
cfsvcs.exe -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 6/16/2004 6:44:06 PM | Attr = ]
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 3:17:10 PM | Attr = ]
dvdramsv.exe -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 3:38:26 PM | Attr = ]
hpzipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
retrorun.exe -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 29184 bytes | Modified Date = 1/3/2003 11:20:48 AM | Attr = ]
swupdtmr.exe -> %SystemDrive%\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr = ]
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 3:17:46 PM | Attr = ]
tmesrv31.exe -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 3/25/2004 5:36:58 PM | Attr = ]
tmeejme.exe -> %ProgramFiles%\Toshiba\TME3\TMEEJME.exe -> TOSHIBA [Ver = 1, 0, 0, 19 | Size = 77824 bytes | Modified Date = 1/30/2004 6:36:34 PM | Attr = ]
notes.exe -> %ProgramFiles%\AlotNotes\notes.exe -> [Ver = | Size = 1234432 bytes | Modified Date = 3/11/2004 5:29:14 PM | Attr = ]
netscape.exe -> %SystemDrive%\INTERNET\Netscape\Netscape Browser\netscape.exe -> Netscape [Ver = 8.1.3 | Size = 103496 bytes | Modified Date = 3/22/2007 4:53:40 PM | Attr = ]
winpfind35u.exe -> %SystemDrive%\Downloads\WinPFind\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294912 bytes | Modified Date = 1/5/2008 10:54:28 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(bepprldr) BCL easyPDF SDK Loader [Win32_Shared | On_Demand | Stopped] -> %CommonProgramFiles%\BCL Technologies\easyPDF 4\bepprldr.exe -> [Ver = 1, 2, 0, 4 | Size = 77824 bytes | Modified Date = 11/11/2005 11:03:06 PM | Attr = ]
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 255096 bytes | Modified Date = 2/29/2004 4:44:48 PM | Attr = ]
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 87160 bytes | Modified Date = 2/29/2004 4:44:52 PM | Attr = ]
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 242808 bytes | Modified Date = 2/29/2004 4:44:54 PM | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 7 | Size = 36864 bytes | Modified Date = 6/16/2004 6:44:06 PM | Attr = ]
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 29928 bytes | Modified Date = 3/12/2004 3:17:10 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ]
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %System32%\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 3:38:26 PM | Attr = ]
(GoogleDesktopManager-121207-085209) Google Desktop Manager 5.7.712.12266 [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.7.712.12266 | Size = 29744 bytes | Modified Date = 12/15/2007 12:37:05 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 5:24:18 AM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 12:14:36 PM | Attr = ]
(RetroLauncher) Retrospect Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 29184 bytes | Modified Date = 1/3/2003 11:20:48 AM | Attr = ]
(Retrospect Helper) Retrospect Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Dantz\Retrospect\rthlpsvc.exe -> Dantz Development Corporation [Ver = 6.0.222 | Size = 57344 bytes | Modified Date = 1/3/2003 11:20:48 AM | Attr = ]
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> symantec [Ver = 1.5.0.0 | Size = 169192 bytes | Modified Date = 3/12/2004 3:18:06 PM | Attr = ]
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.3.0.46 | Size = 193760 bytes | Modified Date = 3/11/2004 2:58:32 PM | Attr = ]
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\Ivp\Swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr = ]
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 1221864 bytes | Modified Date = 3/12/2004 3:17:46 PM | Attr = ]
(Tmesrv) Tmesrv3 [Win32_Own | Auto | Running] -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 3/25/2004 5:36:58 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> -> File not found
000StTHK -> %System32%\000StTHK.exe -> [Ver = | Size = 24576 bytes | Modified Date = 6/23/2001 10:28:06 PM | Attr = ]
00THotkey -> %System32%\00THotkey.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 24 | Size = 258048 bytes | Modified Date = 6/28/2004 7:24:28 PM | Attr = ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.38 2.1.38 02/20/2004 15:00:27 | Size = 88363 bytes | Modified Date = 2/20/2004 5:00:28 PM | Attr = ]
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.180 | Size = 192512 bytes | Modified Date = 10/30/2003 6:46:18 PM | Attr = ]
AWMON -> %SystemDrive%\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe -> Lavasoft Sweden [Ver = 3.1.2.17 | Size = 538112 bytes | Modified Date = 9/16/2004 4:15:00 PM | Attr = ]
ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 2.2.0.577 | Size = 66680 bytes | Modified Date = 2/29/2004 4:44:46 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 7/20/2004 3:04:00 AM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 118784 bytes | Modified Date = 1/26/2004 9:03:08 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.2331 | Size = 155648 bytes | Modified Date = 1/26/2004 9:03:20 PM | Attr = ]
LtMoh -> %ProgramFiles%\ltmoh\Ltmoh.exe -> File not found
NDSTray.exe -> NDSTray.exe -> File not found
Pinger -> %SystemDrive%\toshiba\ivp\ism\pinger.exe -> File not found
SigmaTel StacMon -> %ProgramFiles%\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe -> SigmaTel Inc. [Ver = 1, 0, 0, 3 | Size = 86073 bytes | Modified Date = 8/3/2003 6:01:14 PM | Attr = ]
SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 3/2/2004 3:45:28 PM | Attr = ]
StartSecurDoc -> %ProgramFiles%\WinMagic\SecureDoc-NT\SDPin.exe -> Winmagic Inc. [Ver = 4.1.060601.1 | Size = 425984 bytes | Modified Date = 6/1/2006 11:55:20 AM | Attr = ]
TFncKy -> TFncKy.exe -> File not found
TFNF5 -> %System32%\TFNF5.exe -> TOSHIBA Corp. [Ver = 2, 6, 0, 0 | Size = 73728 bytes | Modified Date = 12/2/2003 4:15:46 PM | Attr = ]
TMERzCtl.EXE -> %ProgramFiles%\Toshiba\TME3\TMERzCtl.exe -> TOSHIBA [Ver = 1, 0, 2, 15 | Size = 77824 bytes | Modified Date = 5/26/2004 3:04:08 PM | Attr = ]
TMESRV.EXE -> %ProgramFiles%\Toshiba\TME3\TMESRV31.exe -> TOSHIBA [Ver = 3, 1, 45, 0 | Size = 126976 bytes | Modified Date = 3/25/2004 5:36:58 PM | Attr = ]
TouchED -> %ProgramFiles%\Toshiba\TouchED\TouchED.exe -> TOSHIBA Corporation [Ver = 2, 5, 0, 0 | Size = 126976 bytes | Modified Date = 1/21/2003 8:00:06 PM | Attr = ]
TPSMain -> %System32%\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 0 | Size = 278528 bytes | Modified Date = 6/1/2004 10:43:28 PM | Attr = ]
vptray -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 9.0.0.338 | Size = 124128 bytes | Modified Date = 3/12/2004 3:18:32 PM | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 5:24:46 AM | Attr = ]
*MultiFile Done* -> ->
< Abby Sale Startup Folder > -> C:\Documents and Settings\Abby Sale\Start Menu\Programs\Startup ->
%UserStartup%\Microsoft Outlook 2000.lnk -> -> File not found
-> %UserStartup%\TODAYME (autoexec.nt) -> File not found
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 45.4.157.000 | Size = 258048 bytes | Modified Date = 11/4/2004 7:28:24 PM | Attr = ]
%AllUsersStartup%\RAMASST.lnk -> %System32%\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 1:38:12 PM | Attr = ]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.7.712.12266 | Size = 107008 bytes | Modified Date = 12/15/2007 12:37:13 PM | Attr = ]
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 1:55:48 PM | Attr = ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
SDocGina.dll -> %System32%\SDocGina.dll -> Winmagic Inc. [Ver = 4.1.051210.4 | Size = 254976 bytes | Modified Date = 5/5/2006 5:26:48 PM | Attr = ]
*MultiFile Done* -> ->
*MultiFile Done* -> ->
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ]
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.2331 | Size = 323584 bytes | Modified Date = 1/26/2004 9:03:20 PM | Attr = ]
NavLogon -> %System32%\NavLogon.dll -> Symantec Corporation [Ver = 9.0.0.338 | Size = 83176 bytes | Modified Date = 3/12/2004 3:17:24 PM | Attr = ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://toshibadirect.com/ ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft...p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\Start Page -> http://toshibadirect.com/ ->
HKEY_CURRENT_USER\: SearchURL\\ -> [] ->
HKEY_CURRENT_USER\: ProxyEnable -> 1 ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
www.agencyportal_newyorklife.com [https] -> Local intranet ->
www.authsm_newyorklife.com [https] -> Local intranet ->
www.ftisweb_newyorklife.com [https] -> Local intranet ->
www.fts_newyorklife.com [https] -> Local intranet ->
www.mcs_newyorklife.com [https] -> Local intranet ->
www.riat_newyorklife.com [https] -> Local intranet ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
www_newyorklife.com [https] -> Trusted sites ->
2 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 1:56:50 AM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Reg Error: Value does not exist or could not be read.] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 7/20/2004 3:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 434279 bytes | Modified Date = 9/7/2006 6:06:08 PM | Attr = ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 69746 bytes | Modified Date = 9/7/2006 6:06:08 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.5.0_09\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 434279 bytes | Modified Date = 9/7/2006 6:06:08 PM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_09\bin\NPJPI150_09.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.90.1 | Size = 69746 bytes | Modified Date = 9/7/2006 6:06:08 PM | Attr = ]
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.micro...d...=%s&mime=%s ->
Extension\.htm -> %SystemDrive%\INTERNET\Netscape\Netscape Browser\plugins\npTrident.dll [Trident Plugin for Netscape] -> Netscape Communications Corp. [Ver = 2004, 0, 0, 1 | Size = 202752 bytes | Modified Date = 3/21/2007 8:04:01 PM | Attr = ]
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{21A9C25E-88EB-41DD-9FF1-F5FA8F4D8685} -> (Intel® PRO/Wireless 2200BG Network Connection) ->
{6BF608AB-20F2-42EF-9A2D-128E4B2F56A9} -> (Intel® PRO/Wireless 2915ABG Network Connection) ->
{AA7ACF33-5CE6-42E9-A9B4-BF89A61CCDAA} -> (Intel® PRO/100 VE Network Connection) ->
{C5163358-394B-4925-B69F-89004AF65996} -> (Intel® PRO/Wireless 2100A LAN Mini PCI Adapter) ->
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{49232000-16E4-426C-A231-62846947304B}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp...ads/sysinfo.cab[SysData Class] ->
{5EF90065-A2C4-4C6D-993E-40EE010EBA3D}[HKEY_LOCAL_MACHINE] -> https://www.fts.newy.../FTWebUtils.CAB[FTWebUtils.Redirecter] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.mi...b?1193761944346[WUWebControl Class] ->
{88D969C0-F192-11D4-A65F-0040963251E5}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp...oads/msxml4.cab[XML DOM Document 4.0] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_09] ->
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.4.2_05] ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/...indows-i586.cab[Java Plug-in 1.5.0_09] ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
LtMoh hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\ltmoh\Ltmoh.exe -> File not found
Pinger hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemDrive%\toshiba\ivp\ism\pinger.exe -> File not found


[Files/Folders - Created Within 30 days]
)Changed files -> %SystemDrive%\)Changed files -> [Folder | Created Date = 12/14/2007 5:24:09 PM | Attr = ]
00 -> %SystemDrive%\00 -> [Folder | Created Date = 12/21/2007 4:20:24 AM | Attr = ]
0Backup -> %SystemDrive%\0Backup -> [Folder | Created Date = 1/3/2008 12:13:03 PM | Attr = ]
Almanac -> %SystemDrive%\Almanac -> [Folder | Created Date = 12/15/2007 10:02:25 AM | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 12/14/2007 3:21:18 PM | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 1/5/2008 10:45:57 PM | Attr = ]
Deltemp.bat -> %SystemDrive%\Deltemp.bat -> [Ver = | Size = 1283 bytes | Created Date = 12/16/2007 7:07:34 PM | Attr = ]
Del_Temp_Folders.bat -> %SystemDrive%\Del_Temp_Folders.bat -> [Ver = | Size = 5124 bytes | Created Date = 12/16/2007 7:07:34 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 12/13/2007 12:44:09 PM | Attr = ]
e.bat -> %SystemDrive%\e.bat -> [Ver = | Size = 6 bytes | Created Date = 1/1/2008 11:29:52 AM | Attr = ]
fc2tree.dat -> %SystemDrive%\fc2tree.dat -> [Ver = | Size = 583 bytes | Created Date = 1/3/2008 3:33:56 PM | Attr = H ]
GRULE -> %SystemDrive%\GRULE -> [Folder | Created Date = 12/13/2007 5:12:33 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 518868992 bytes | Created Date = 1/6/2008 5:39:22 PM | Attr = HS]
JEWISH -> %SystemDrive%\JEWISH -> [Folder | Created Date = 12/28/2007 9:39:28 AM | Attr = ]
Medical - Our -> %SystemDrive%\Medical - Our -> [Folder | Created Date = 12/14/2007 10:12:30 PM | Attr = ]
MUSIC -> %SystemDrive%\MUSIC -> [Folder | Created Date = 12/18/2007 8:31:28 AM | Attr = ]
Music-New Downloads -> %SystemDrive%\Music-New Downloads -> [Folder | Created Date = 12/14/2007 5:25:57 PM | Attr = ]
Pictures -> %SystemDrive%\Pictures -> [Folder | Created Date = 1/3/2008 3:31:41 PM | Attr = ]
Purchases -> %SystemDrive%\Purchases -> [Folder | Created Date = 12/14/2007 11:05:15 PM | Attr = ]
Raleigh -> %SystemDrive%\Raleigh -> [Folder | Created Date = 12/14/2007 11:06:35 PM | Attr = ]
Skating -> %SystemDrive%\Skating -> [Folder | Created Date = 12/14/2007 11:06:56 PM | Attr = ]
Tasks (not scheduled) -> %SystemDrive%\Tasks (not scheduled) -> [Folder | Created Date = 12/14/2007 9:28:25 PM | Attr = ]
Tech Stuff -> %SystemDrive%\Tech Stuff -> [Folder | Created Date = 12/14/2007 11:13:38 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Created Date = 12/14/2007 10:14:47 PM | Attr = ]
Utils -> %SystemDrive%\Utils -> [Folder | Created Date = 12/13/2007 3:04:10 PM | Attr = ]
Viewers -> %SystemDrive%\Viewers -> [Folder | Created Date = 12/15/2007 10:09:39 AM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 1/7/2008 2:46:16 PM | Attr = ]
HPZid412.sys -> %System32%\drivers\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Created Date = 12/14/2007 3:26:44 PM | Attr = R ]
HPZipr12.sys -> %System32%\drivers\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Created Date = 12/14/2007 3:26:46 PM | Attr = R ]
HPZius12.sys -> %System32%\drivers\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Created Date = 12/14/2007 3:26:20 PM | Attr = R ]
SYMEVENT.SYS -> %System32%\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.4.0.6 | Size = 82832 bytes | Created Date = 12/15/2007 7:54:21 PM | Attr = ]
CONFIG-original.NT -> %System32%\CONFIG-original.NT -> [Ver = | Size = 2577 bytes | Created Date = 1/1/2008 11:24:22 AM | Attr = ]
hpovst08.dll -> %System32%\hpovst08.dll -> Hewlett-Packard Co. [Ver = 45.0.99.000 | Size = 229376 bytes | Created Date = 12/14/2007 10:18:44 PM | Attr = ]
HPZidr12.dll -> %System32%\HPZidr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 278584 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZinw12.exe -> %System32%\HPZinw12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 61440 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZipm12.exe -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZipr12.dll -> %System32%\HPZipr12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 204800 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZipt12.dll -> %System32%\HPZipt12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 94208 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
HPZisn12.dll -> %System32%\HPZisn12.dll -> HP [Ver = 9, 0, 0, 0 | Size = 57344 bytes | Created Date = 12/14/2007 3:24:29 PM | Attr = ]
hpzlnt12.dll -> %System32%\hpzlnt12.dll -> HP [Ver = 2.335.5.0 | Size = 139345 bytes | Created Date = 12/14/2007 10:17:37 PM | Attr = ]
S32EVNT1.DLL -> %System32%\S32EVNT1.DLL -> Symantec Corporation [Ver = 11.4.0.11 | Size = 83168 bytes | Created Date = 12/15/2007 7:54:21 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3420 bytes | Created Date = 1/6/2008 5:30:17 PM | Attr = ]
Abby_wa3-HP.bmp -> %SystemRoot%\Abby_wa3-HP.bmp -> [Ver = | Size = 393334 bytes | Created Date = 12/12/2007 9:03:46 PM | Attr = ]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 429 bytes | Created Date = 1/1/2008 12:43:27 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 12/28/2007 8:40:35 AM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 1/5/2008 10:48:39 PM | Attr = ]
Ernie.jpg -> %SystemRoot%\Ernie.jpg -> [Ver = | Size = 218214 bytes | Created Date = 12/13/2007 12:41:39 PM | Attr = ]
FontsAb -> %SystemRoot%\FontsAb -> [Folder | Created Date = 12/15/2007 10:14:15 AM | Attr = ]
FontsFS-from_Fontsmart -> %SystemRoot%\FontsFS-from_Fontsmart -> [Folder | Created Date = 12/15/2007 10:14:19 AM | Attr = ]
FontsTc -> %SystemRoot%\FontsTc -> [Folder | Created Date = 12/15/2007 10:14:28 AM | Attr = ]
FONTS_UN -> %SystemRoot%\FONTS_UN -> [Folder | Created Date = 12/15/2007 10:14:02 AM | Attr = ]
hpoins05.dat -> %SystemRoot%\hpoins05.dat -> [Ver = | Size = 69454 bytes | Created Date = 12/15/2007 10:27:33 AM | Attr = ]
hpomdl05.dat -> %SystemRoot%\hpomdl05.dat -> [Ver = | Size = 19696 bytes | Created Date = 12/15/2007 10:27:33 AM | Attr = ]
hpqEmlSz.INI -> %SystemRoot%\hpqEmlSz.INI -> [Ver = | Size = 0 bytes | Created Date = 12/27/2007 4:27:46 PM | Attr = ]
hpqins13.dat -> %SystemRoot%\hpqins13.dat -> [Ver = | Size = 102364 bytes | Created Date = 12/17/2007 3:29:54 PM | Attr = ]
hpqins13.dat.temp -> %SystemRoot%\hpqins13.dat.temp -> [Ver = | Size = 102364 bytes | Created Date = 12/22/2007 11:38:50 PM | Attr = ]
Iconmgr -> %SystemRoot%\Iconmgr -> [Folder | Created Date = 12/15/2007 12:48:51 PM | Attr = ]
Icons -> %SystemRoot%\Icons -> [Folder | Created Date = 12/15/2007 12:48:51 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Created Date = 1/3/2008 7:54:16 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 12/16/2007 8:15:22 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 12/16/2007 8:15:22 PM | Attr = H ]
Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 12/23/2007 8:51:43 PM | Attr = ]
Tinker~1.Bmp -> %SystemRoot%\Tinker~1.Bmp -> [Ver = | Size = 308278 bytes | Created Date = 12/13/2007 12:38:18 PM | Attr = ]
VPC32.INI -> %SystemRoot%\VPC32.INI -> [Ver = | Size = 0 bytes | Created Date = 12/15/2007 5:08:28 PM | Attr = ]

[Files/Folders - Modified Within 30 days]
)Changed files -> %SystemDrive%\)Changed files -> [Folder | Modified Date = 1/7/2008 5:07:30 PM | Attr = ]
00 -> %SystemDrive%\00 -> [Folder | Modified Date = 12/27/2007 10:50:58 PM | Attr = ]
0Backup -> %SystemDrive%\0Backup -> [Folder | Modified Date = 1/3/2008 12:13:03 PM | Attr = ]
Almanac -> %SystemDrive%\Almanac -> [Folder | Modified Date = 1/7/2008 2:32:48 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 1/4/2008 12:16:31 PM | Attr = RHS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/7/2008 6:40:05 PM | Attr = H ]
Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 1/5/2008 10:45:57 PM | Attr = ]
Del_Temp_Folders.bat -> %SystemDrive%\Del_Temp_Folders.bat -> [Ver = | Size = 5124 bytes | Modified Date = 12/31/2007 3:28:27 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 12/25/2007 2:08:47 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 1/8/2008 5:11:49 PM | Attr = ]
e.bat -> %SystemDrive%\e.bat -> [Ver = | Size = 6 bytes | Modified Date = 1/1/2008 11:30:03 AM | Attr = ]
fc2tree.dat -> %SystemDrive%\fc2tree.dat -> [Ver = | Size = 583 bytes | Modified Date = 1/3/2008 3:39:49 PM | Attr = H ]
GRULE -> %SystemDrive%\GRULE -> [Folder | Modified Date = 12/13/2007 5:14:41 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 518868992 bytes | Modified Date = 1/8/2008 12:43:00 PM | Attr = HS]
INSURANCE -> %SystemDrive%\INSURANCE -> [Folder | Modified Date = 12/27/2007 12:17:59 PM | Attr = ]
INTERNET -> %SystemDrive%\INTERNET -> [Folder | Modified Date = 1/5/2008 7:01:44 PM | Attr = ]
JEWISH -> %SystemDrive%\JEWISH -> [Folder | Modified Date = 12/28/2007 9:39:34 AM | Attr = ]
Medical - Our -> %SystemDrive%\Medical - Our -> [Folder | Modified Date = 12/18/2007 10:05:33 AM | Attr = ]
MUSIC -> %SystemDrive%\MUSIC -> [Folder | Modified Date = 1/1/2008 10:43:40 AM | Attr = ]
Music-New Downloads -> %SystemDrive%\Music-New Downloads -> [Folder | Modified Date = 12/16/2007 10:49:44 AM | Attr = ]
Pictures -> %SystemDrive%\Pictures -> [Folder | Modified Date = 1/3/2008 3:36:58 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/7/2008 4:53:46 PM | Attr = R ]
Purchases -> %SystemDrive%\Purchases -> [Folder | Modified Date = 12/30/2007 12:35:05 PM | Attr = ]
QuickenW -> %SystemDrive%\QuickenW -> [Folder | Modified Date = 12/18/2007 6:28:47 PM | Attr = ]
Raleigh -> %SystemDrive%\Raleigh -> [Folder | Modified Date = 1/2/2008 1:03:03 PM | Attr = ]
Skating -> %SystemDrive%\Skating -> [Folder | Modified Date = 12/14/2007 11:07:08 PM | Attr = ]
Tasks (not scheduled) -> %SystemDrive%\Tasks (not scheduled) -> [Folder | Modified Date = 1/5/2008 9:52:21 AM | Attr = ]
Tech Stuff -> %SystemDrive%\Tech Stuff -> [Folder | Modified Date = 12/17/2007 10:17:32 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 1/5/2008 7:24:36 PM | Attr = ]
Trbck -> %SystemDrive%\Trbck -> [Folder | Modified Date = 1/6/2008 5:02:29 PM | Attr = ]
Utils -> %SystemDrive%\Utils -> [Folder | Modified Date = 1/7/2008 10:58:54 PM | Attr = ]
Viewers -> %SystemDrive%\Viewers -> [Folder | Modified Date = 12/15/2007 10:09:39 AM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/8/2008 1:02:56 PM | Attr = ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 1/7/2008 2:46:16 PM | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 12/15/2007 10:29:44 AM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/8/2008 5:03:35 PM | Attr = ]
CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2612 bytes | Modified Date = 1/1/2008 11:25:46 AM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/15/2007 2:55:24 PM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 12/15/2007 7:54:21 PM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 268600 bytes | Modified Date = 12/22/2007 1:39:14 PM | Attr = ]
FxsTmp -> %System32%\FxsTmp -> [Folder | Modified Date = 12/28/2007 9:56:50 AM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 1/1/2008 12:34:01 PM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 1/1/2008 12:34:04 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 1/1/2008 12:34:04 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 12/15/2007 4:53:19 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 12/15/2007 10:09:06 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2846 | Size = 185688 bytes | Modified Date = 1/1/2008 12:34:19 PM | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 3420 bytes | Modified Date = 1/6/2008 5:31:56 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 1/1/2008 9:26:46 AM | Attr = ]
assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 12/25/2007 10:06:43 AM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/8/2008 12:43:03 PM | Attr = S]
cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 429 bytes | Modified Date = 1/1/2008 12:43:27 PM | Attr = ]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 12/16/2007 8:28:42 PM | Attr = ]
Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 12/28/2007 8:40:35 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/5/2008 10:50:14 PM | Attr = S]
Driver Cache -> %SystemRoot%\Driver Cache -> [Folder | Modified Date = 12/17/2007 8:27:04 AM | Attr = ]
ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 1/5/2008 10:48:39 PM | Attr = ]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 12/22/2007 12:54:06 AM | Attr = R S]
FontsAb -> %SystemRoot%\FontsAb -> [Folder | Modified Date = 12/15/2007 10:14:16 AM | Attr = ]
FontsFS-from_Fontsmart -> %SystemRoot%\FontsFS-from_Fontsmart -> [Folder | Modified Date = 12/15/2007 10:14:20 AM | Attr = ]
FontsTc -> %SystemRoot%\FontsTc -> [Folder | Modified Date = 12/15/2007 10:14:36 AM | Attr = ]
FONTS_UN -> %SystemRoot%\FONTS_UN -> [Folder | Modified Date = 12/15/2007 10:14:02 AM | Attr = ]
ftsl -> %SystemRoot%\ftsl -> [Folder | Modified Date = 12/15/2007 7:59:45 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/6/2008 8:34:34 PM | Attr = ]
hpoins05.dat -> %SystemRoot%\hpoins05.dat -> [Ver = | Size = 69454 bytes | Modified Date = 12/15/2007 4:03:16 PM | Attr = ]
hpqEmlSz.INI -> %SystemRoot%\hpqEmlSz.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/27/2007 4:27:46 PM | Attr = ]
hpqins13.dat -> %SystemRoot%\hpqins13.dat -> [Ver = | Size = 102364 bytes | Modified Date = 12/17/2007 3:31:43 PM | Attr = ]
hpqins13.dat.temp -> %SystemRoot%\hpqins13.dat.temp -> [Ver = | Size = 102364 bytes | Modified Date = 12/17/2007 3:31:43 PM | Attr = ]
Iconmgr -> %SystemRoot%\Iconmgr -> [Folder | Modified Date = 12/15/2007 12:48:51 PM | Attr = ]
Icons -> %SystemRoot%\Icons -> [Folder | Modified Date = 12/15/2007 12:49:00 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 12/15/2007 5:46:15 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/7/2008 6:40:05 PM | Attr = HS]
machine.ver -> %SystemRoot%\machine.ver -> [Ver = | Size = 3691 bytes | Modified Date = 12/28/2007 7:36:13 PM | Attr = ]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 3597 bytes | Modified Date = 1/8/2008 5:05:29 PM | Attr = ]
MXOALDR.EXE -> %SystemRoot%\MXOALDR.EXE -> Cypress Semiconductor [Ver = 6.01.1000.0 | Size = 94208 bytes | Modified Date = 12/15/2007 4:51:00 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/8/2008 5:11:26 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 1/3/2008 7:57:05 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 12/16/2007 8:15:22 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 1/1/2008 2:11:06 PM | Attr = H ]
SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 12/23/2007 1:04:06 PM | Attr = ]
Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 12/23/2007 8:51:43 PM | Attr = ]
swupdate.INI -> %SystemRoot%\swupdate.INI -> [Ver = | Size = 67 bytes | Modified Date = 12/28/2007 7:38:05 PM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 1/4/2008 12:16:31 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 1/6/2008 5:36:58 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/8/2008 12:43:37 PM | Attr = ]
ToshibaDirect -> %SystemRoot%\ToshibaDirect -> [Folder | Modified Date = 1/8/2008 12:07:26 AM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 12/15/2007 11:11:33 AM | Attr = ]
VPC32.INI -> %SystemRoot%\VPC32.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/15/2007 5:08:28 PM | Attr = ]
wcds.ini -> %SystemRoot%\wcds.ini -> [Ver = | Size = 2162 bytes | Modified Date = 12/30/2007 1:30:30 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 662 bytes | Modified Date = 1/4/2008 12:16:31 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 217 bytes | Modified Date = 1/6/2008 12:04:29 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/17/2007 3:52:49 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/8/2008 12:43:05 PM | Attr = H ]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\VALUEADD\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
scan completed successfully
hidden files: 0

< End of report >

FWIW, no text file came up. It had to reboot to finish cleaning all. But here's the text file from the program directory.

Problel not solved.

BTW, I don't think Ad-Aware was at fault - I did close it. It does have a home page guard but seems to default to msn.com. Pushing its Read Current Settings link showed toshibadirect.com. Obviously, I tried & failed to change it to my desired page before closing Ad-Aware.

This seems to be an issue that has been discussed at Toshiba forums http://community.com...ebtag=ws-laptop but I can't get back there to read it.

Abby
  • 0

#21
Rorschach112
Posted 09 January 2008 - 07:45 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Can you post a new DSS log please and give me a list of all your problems.
  • 0

#22
fjchild
Posted 09 January 2008 - 01:16 PM

fjchild

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Can you post a new DSS log please and ...


Deckard's System Scanner v20071014.68
Run by Abby Sale on 2008-01-09 13:54:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 495 MiB (512 MiB recommended).


-- HijackThis (run as Abby Sale.exe) -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:12 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe
C:\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Abby Sale\Desktop\dss.exe
C:\Internet\HIJACK~1\ABBYSA~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StartSecurDoc] C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe
O4 - HKLM\..\Run: [AWMON] "C:\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-20 Startup: ConfigureBJMK1.lnk = C:\Program Files\Boldon James\Messaging and Directory\MasterKey\configurebjmk1.exe (User 'NETWORK SERVICE')
O4 - Startup: TODAYME (autoexec.nt).PIF = C:\Almanac\TODAYME\TODAYME.BAT
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .htm: C:\INTERNET\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5EF90065-A2C4-4C6D-993E-40EE010EBA3D} (FTWebUtils.Redirecter) - https://www.fts.newy.../FTWebUtils.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1193761944346
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp...oads/msxml4.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Desktop Manager 5.7.712.12266 (GoogleDesktopManager-121207-085209) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

--
End of file - 8661 bytes

-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-09 08:08:56 0 dr-h----- C:\Documents and Settings\Abby Sale\Recent
2008-01-07 16:54:02 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-07 16:53:46 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-07 16:53:46 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\SUPERAntiSpyware.com
2008-01-06 17:30:17 3420 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-03 22:41:51 0 --a------ C:\Documents and Settings\Abby Sale\LOG
2008-01-03 15:33:56 583 ---h----- C:\fc2tree.dat
2008-01-03 15:31:41 0 d-------- C:\Pictures
2008-01-03 12:13:03 0 d-------- C:\0Backup
2008-01-03 07:54:16 0 d-------- C:\WINDOWS\pss
2008-01-01 12:34:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-01 11:29:52 6 --a------ C:\e.bat
2007-12-28 09:39:28 0 d-------- C:\JEWISH
2007-12-28 08:40:35 0 d-------- C:\WINDOWS\Downloaded Installations
2007-12-23 20:51:43 0 d-------- C:\WINDOWS\Sun
2007-12-22 23:42:28 0 d-------- C:\Program Files\Trillian
2007-12-21 04:20:24 0 d-------- C:\00
2007-12-19 17:24:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-12-18 08:31:28 0 d-------- C:\MUSIC
2007-12-17 15:29:54 102364 -----n--- C:\WINDOWS\hpqins13.dat
2007-12-16 20:27:38 0 d-------- C:\Program Files\CCleaner
2007-12-16 19:07:34 1283 --a------ C:\Deltemp.bat
2007-12-16 19:07:34 5124 --a------ C:\Del_Temp_Folders.bat
2007-12-15 20:43:40 0 d-------- C:\Program Files\Dantz
2007-12-15 19:53:43 0 d-------- C:\Program Files\Symantec AntiVirus
2007-12-15 16:52:55 0 d-------- C:\Program Files\Maxtor
2007-12-15 16:34:28 0 d-------- C:\Program Files\AlotNotes
2007-12-15 12:48:51 0 d-------- C:\WINDOWS\Icons
2007-12-15 12:48:51 0 d-------- C:\WINDOWS\Iconmgr
2007-12-15 12:37:04 0 d-------- C:\Program Files\Google
2007-12-15 10:55:14 0 d-------- C:\Program Files\Common Files\HP
2007-12-15 10:33:22 0 d-------- C:\Program Files\Hewlett-Packard
2007-12-15 10:27:33 19696 -----n--- C:\WINDOWS\hpomdl05.dat
2007-12-15 10:27:33 69454 --a------ C:\WINDOWS\hpoins05.dat
2007-12-15 10:14:28 0 d-------- C:\WINDOWS\FontsTc
2007-12-15 10:14:19 0 d-------- C:\WINDOWS\FontsFS-from_Fontsmart
2007-12-15 10:14:15 0 d-------- C:\WINDOWS\FontsAb
2007-12-15 10:14:02 0 d-------- C:\WINDOWS\FONTS_UN
2007-12-15 10:09:39 0 d-------- C:\Viewers
2007-12-15 10:02:25 0 d-------- C:\Almanac
2007-12-14 23:13:38 0 d-------- C:\Tech Stuff
2007-12-14 23:06:56 0 d-------- C:\Skating
2007-12-14 23:06:35 0 d-------- C:\Raleigh
2007-12-14 23:05:15 0 d-------- C:\Purchases
2007-12-14 22:14:47 0 d-------- C:\temp
2007-12-14 22:12:30 0 d-------- C:\Medical - Our
2007-12-14 21:28:25 0 d-------- C:\Tasks (not scheduled)
2007-12-14 17:25:57 0 d-------- C:\Music-New Downloads
2007-12-14 17:24:09 0 d-------- C:\)Changed files
2007-12-14 17:16:32 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-12-14 17:16:32 0 dr------- C:\Documents and Settings\LocalService\My Documents
2007-12-14 17:14:45 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-12-14 17:02:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-12-14 16:54:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-14 16:53:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Gtek
2007-12-14 16:53:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-14 16:53:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Retrospect
2007-12-14 16:53:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-14 16:51:46 28672 --a------ C:\Documents and Settings\Abby Sale\atwbxdet.dll <Not Verified; ; atwbxdet Module>
2007-12-14 16:45:25 10 --a------ C:\Documents and Settings\Abby Sale\usb002
2007-12-14 16:45:25 10 --a------ C:\Documents and Settings\Abby Sale\usb
2007-12-14 16:45:25 0 d-------- C:\Documents and Settings\Abby Sale\.jpi_cache
2007-12-14 16:45:25 0 d-------- C:\Documents and Settings\Abby Sale\.java
2007-12-14 16:45:25 0 d-------- C:\Documents and Settings\Abby Sale\.GalleryRemote
2007-12-14 16:45:22 630784 --a------ C:\Documents and Settings\Abby Sale\GoToAssist_chat2way__317_en.exe <Not Verified; Citrix Online; GoToAssist>
2007-12-14 16:45:22 630784 --a------ C:\Documents and Settings\Abby Sale\chatlnk.exe <Not Verified; Citrix Online; GoToAssist>
2007-12-14 15:56:12 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-12-14 15:24:29 57344 --a------ C:\WINDOWS\system32\HPZisn12.dll <Not Verified; HP; HP SNMP Windows>
2007-12-14 15:24:29 94208 --a------ C:\WINDOWS\system32\HPZipt12.dll <Not Verified; HP; HP SNMP Windows>
2007-12-14 15:24:29 204800 --a------ C:\WINDOWS\system32\HPZipr12.dll <Not Verified; HP; HP PmlRtl>
2007-12-14 15:24:29 69632 --a------ C:\WINDOWS\system32\HPZipm12.exe <Not Verified; HP; HP PML>
2007-12-14 15:24:29 61440 --a------ C:\WINDOWS\system32\HPZinw12.exe <Not Verified; HP; HP Dot4Net Windows>
2007-12-14 15:24:29 278584 --a------ C:\WINDOWS\system32\HPZidr12.dll <Not Verified; HP; HP Dot4Rtl>
2007-12-14 15:22:12 0 d-------- C:\Program Files\HP
2007-12-13 17:12:33 0 d-------- C:\GRULE
2007-12-13 15:04:10 0 d-------- C:\Utils
2007-12-13 14:37:31 0 d-------- C:\Program Files\Common Files\BCL Technologies
2007-12-13 14:37:31 0 d-------- C:\Program Files\BCL Technologies
2007-12-13 14:37:15 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 12:44:09 0 d-------- C:\Downloads
2007-12-13 11:17:56 0 d-------- C:\Documents and Settings\All Users\Templates
2007-12-12 21:08:44 0 d-------- C:\Documents and Settings\tinker\Application Data\Intuit


-- Find3M Report ---------------------------------------------------------------

2008-01-09 13:07:18 3597 --a------ C:\WINDOWS\mozver.dat
2008-01-05 13:32:32 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Image Zone Express
2008-01-04 13:15:18 0 d-------- C:\Program Files\ltmoh
2008-01-04 08:11:01 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Adobe
2008-01-03 13:33:41 0 d-------- C:\Program Files\Common Files\Scanner
2008-01-01 12:34:31 0 d-------- C:\Program Files\Common Files
2008-01-01 12:34:27 0 d-------- C:\Program Files\Common Files\Real
2007-12-15 19:55:08 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-15 19:54:27 0 d-------- C:\Program Files\Symantec
2007-12-15 16:53:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-07 23:32:01 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\AdobeUM
2007-12-07 23:32:00 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Macromedia
2007-12-07 23:32:00 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Intuit
2007-12-07 23:31:54 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Mozilla
2007-12-07 23:31:52 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\toshiba
2007-12-07 22:49:12 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Netscape
2007-12-07 22:06:40 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Forte
2007-12-07 21:26:43 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Real
2007-12-07 21:26:42 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Printer Info Cache
2007-12-07 21:26:42 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Nvu
2007-12-07 21:26:27 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Learn2.com
2007-12-07 21:26:26 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\InstallShield
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Hewlett-Packard
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\GTek
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Google
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\eRoom
2007-12-07 21:26:25 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Apple Computer
2007-12-07 21:26:24 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\RegClean
2007-12-07 21:26:24 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Paltalk
2007-12-07 21:26:24 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\IndividualMedical
2007-12-07 21:26:24 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Help
2007-12-07 21:26:23 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Uniblue
2007-12-07 13:32:05 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Lavasoft
2007-11-14 17:36:43 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Template
2007-11-13 11:23:23 0 d-------- C:\Documents and Settings\Abby Sale\Application Data\Sonic


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/26/2004 09:03 PM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/26/2004 09:03 PM]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [08/03/2003 06:01 PM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [10/30/2003 06:46 PM]
"AGRSMMSG"="AGRSMMSG.exe" [02/20/2004 05:00 PM C:\WINDOWS\agrsmmsg.exe]
"00THotkey"="C:\WINDOWS\system32\00THotkey.exe" [06/28/2004 07:24 PM]
"000StTHK"="000StTHK.exe" [06/23/2001 10:28 PM C:\WINDOWS\system32\000StTHK.exe]
"TPSMain"="TPSMain.exe" [06/01/2004 10:43 PM C:\WINDOWS\system32\TPSMain.exe]
"TFNF5"="TFNF5.exe" [12/02/2003 04:15 PM C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [03/02/2004 03:45 PM]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [01/21/2003 08:00 PM]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [03/25/2004 05:36 PM]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [05/26/2004 03:04 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [07/20/2004 03:04 AM]
"StartSecurDoc"="C:\Program Files\WinMagic\SecureDoc-NT\SDPin.exe" [06/01/2006 11:55 AM]
"@"="" []
"AWMON"="C:\INTERNET\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" [09/16/2004 04:15 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/29/2004 04:44 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/12/2004 03:18 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" []
"NDSTray.exe"="NDSTray.exe" []
"TFncKy"="TFncKy.exe" []
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [09/05/2003 05:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]

C:\Documents and Settings\Abby Sale\Start Menu\Programs\Startup\
TODAYME (autoexec.nt).PIF [1/29/2006 10:33:12 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/4/2004 7:28:24 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1/21/2000 3:15:54 AM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [9/22/2004 5:42:27 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
c:\toshiba\ivp\ism\pinger.exe /run


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\Z]
AutoRun\command- Z:\INSTALL.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51fe75d1-96c4-11dc-8621-000e7be50164}]
AutoRun\command- E:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-01-09 13:55:38 ------------


...and give me a list of all your problems.


Whew! That's harder. Aside from IE home page
Netscape homepage (actually my bookmark file) won't take the fonts designation correctly even though they are correctly set in the Browser and all the indicated fonts are registered.
The computer volume (computer speaker or attached plugged-in speakers) is suddenly too low. Dealer thinks it's the sound card. Maybe.

That's all the computer problems I can think of but if you actually meant all my problems, I may need more space...
My wife doesn't understand me
My back hurts
A feller whom I already paid is asking for the money again
President Bush (he's everyone's problem)
Our daughter is divorcing and moving home
Doctor says I need to go on a diet

I'm not sure how much you need to know -- should I go on?
  • 0

#23
Rorschach112
Posted 10 January 2008 - 09:53 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Well this isn't a malware problem it seems, more of a software/hardware issue.

Do you recognise these files

C:\Almanac\TODAYME\TODAYME.BAT
C:\e.bat

If not, do the following

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Almanac\TODAYME\TODAYME.BAT

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

Repeat it for this file as well

C:\e.bat




Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, do the following

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




My wife doesn't understand me
My back hurts
A feller whom I already paid is asking for the money again
President Bush (he's everyone's problem)
Our daughter is divorcing and moving home
Doctor says I need to go on a diet


Something for me to look forward to when I'm older no doubt :)


Post a new HijackThis log after that
  • 0

#24
fjchild
Posted 10 January 2008 - 10:42 PM

fjchild

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ooo! Oooo! I found it, I found it. Egad & Good gosh! It was Ad-Watch. It wasn't it's Option of things to protect (like in Super Antispyware) but somehow in its desire to protect protected system settings. Haven't a clue where this was set but on re-boot, Ad-Watch indicated it was blocking certain Registry changes.

I disabled internet then disabled Ad-watch then did what you said, changing it with HJT in safe Mode. This also allowed me to turn of a couple of other Windows things used to enjoy but I couldn't convince them to go away.

Simply Fixing them in HJT in Safe Mode didn't work, of course.

I thought I had the answer before when I noticed the following in HJT:

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

Earlier on I fixed it along with the other two toshiba.com lines. It stayed fixed even though the other two came back (until I turned off Ad-Watch.)

You don't think I should put it back, do you?

Netscape still being recalcitrant but I don't care.

Do you recognise these files
C:\Almanac\TODAYME\TODAYME.BAT
C:\e.bat


Yep, they're mine. A basicA thing I made to run on boot for reminding me which friends/relatives are having birthdays tomorrow. Getting harder to convince it to run under Windows but it does work.
  • 0

#25
Rorschach112
Posted 11 January 2008 - 07:35 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
I knew it was Ad-Aware ! It's always something simple !! Congratulations on finding that out.

O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com

Earlier on I fixed it along with the other two toshiba.com lines. It stayed fixed even though the other two came back (until I turned off Ad-Watch.)

You don't think I should put it back, do you?

No need


Few things to do then we are all done


Some clean up :

Please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot


You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html



Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here


Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

Advertisements

#26
Rorschach112
Posted 16 January 2008 - 09:14 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP