Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Outerinfo [RESOLVED]


  • This topic is locked This topic is locked

#1
Helaire

Helaire

    New Member

  • Member
  • Pip
  • 5 posts
Hello!
Thanks so much for this wonderful resource. I found your page after running Registry Mechanic (790 Reg. Errors) and AdAware, but was still receiving many browser hijacks. I have now done these things: 1) checked for the listed suspect programs in Control Panel. There were none. 2) Ran the OIUninstaller 3)Ran SuperAnti Spyware according to instructions 4) In MSCONFIG, checked the "Normal StartUp" radio button and then 5)Ran HiJack This with the following results:
First, at reboot, there was a RUNDLL error message referencing being unable to find Windows\system32\oenixctt.dll
I searched on the net, and am not sure what that is, but no boot problems.
Here is the LogFile (and then the uninstall list follows):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:19 PM, on 4/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Laura\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mygirlyspace....p?id=L728383749
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {29C6CEBF-7E3B-43D7-8AB1-5BADCCEFB7C1} - (no file)
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E3D77C587F472C37C5 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2AB67A8-A240-D6C6-4490-A38F070A2EC3} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F2F38AD7-04B1-43D0-A85A-9FD79361CDE0} - (no file)
O2 - BHO: 0 - {F75C1795-31B9-45B9-7781-6ED7FF353688} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\oenixctt.dll",b
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYMKUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.storageguardsoft.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.com.../vmLauncher.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D3538D36-EEDA-4BC7-9C8D-8C1D066EBC56} (SonicActivator Class) - http://hp.sonic.com/...cActivation.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yayawvv - yayawvv.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12580 bytes

Here is the uninstall list:
2Wire Wireless Client
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Shockwave Player
ALOT Toolbar
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AT&T Connection Services Manager
AT&T Self Support Tool
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Antivirus
Belarc Advisor 7.2
CCScore
CD/DVD Drive Acoustic Silencer
CIF USB CAMERA
Deewoo Network Manager removal
DVD-RAM Driver
DVR-310 Digital Camera Driver
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
EZ Photo Newsletter Creator
Google SketchUp 6
Google SketchUp 6
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Extended Capabilities 5.3
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iPod for Windows 2006-03-23
iTunes
Java™ 6 Update 5
kgcbase
Kodak EasyShare software
KSU
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Small Business Image Uploader
Microsoft Office OneNote 2003
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB936181)
Netflix Movie Viewer
Notebook Maximizer
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Pop-Up Stopper Free Edition
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Registry Mechanic 7.0
SBC Yahoo! Applications
SBC Yahoo! DSL Home Networking Installer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SFR
SHASTA
SKIN0001
SKINXSDK
staticcr
Super GameHouse Solitaire Vol. 1
SUPERAntiSpyware Free Edition
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Ulead VideoStudio 8.0 SE VCD
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
VPRINTOL
WG111v2 Configuration Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WIRELESS
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool

Does it look as though with your help I have slain the dragon? It's sooooo much better than when I got this laptop to work on---never seen one in that bad of shape. It belongs to the daughter of a friend, and when she gets her laptop back, we'll have a little learning session on keeping computers safe. Still some connection dropping issues to resolve, but I'll research that on another board after I do some grunt work first (settings, etal). Here, I just want to check a couple of things---do I seem to have resolved the Outerinfo problem, and any ideas on what the RUNDLL error means and what I should do with that?
**********************************
UPDATE: I found the reference to oenixctt.dll in the registry. It is in HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603. In the block to the right of this key are entries (Default) (value not set), then 000 outer, 001 oenixctt.dll, 002 uninstall, 003 sm55evideox, 004 Yazzle1281, 005 invsecr.exe, 006 motorola, and 007 tattoo. I recall that this computer had something called Invisible Secrets on it, some kind of encryption program, which appears to be 005 listed above and I also recognize that Yazzle was one of the programs to look for when eliminating Outerinfo.

Now, I need to know how much of this key I can delete. Can I delete the entire \Search Assistant folder and all of its contents, including the subfolder ACMru and its subfolders which are 5603 (contents listed above) and another subfolder named 5604, which has (Default) (value not set), then 000 ac/dc and 001 typing. Or shall I just delete everything in the 5603 subfolder in the right hand block of the registry? This looks to me like more of the Outerinfo invasion.
********************************
Many, many thanks---without you, the risk of making a mess of this removal was very high.

Best,
Helaire

Edited by Helaire, 17 April 2008 - 05:23 AM.

  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Helaire and welcome to GTG.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here along with a new HijackThis log.
  • 0

#3
Helaire

Helaire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Sorry for the few days delay. Got very busy. Here are the logs after following your instructions, Greyknight17. Also, Avast! was slowing down the system I was working on---probably something wrong with the install, so I had removed it prior to running SuperAntiSpyware and ComboFix, and reinstalled it after running the SuperAntiSpyware and ComboFix. So, I also attach a screenprint of the boot up Avast! log which was run after I secured the ComboFix and SuperAntiSpyware logs.

ComboFix 08-04-20.5 - Laura 2008-04-21 7:04:51.1 - NTFSx86
Running from: C:\Documents and Settings\Laura\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Extra\Application Data\HbTools
C:\Documents and Settings\Extra\Application Data\HbTools\HbTools.log
C:\Documents and Settings\Family\Application Data\HbTools_Icons
C:\Documents and Settings\Family\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\Family\Application Data\HbTools_Icons\Software_Online_8.ico
C:\Documents and Settings\Family\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\Family\My Documents\ECURIT~1
C:\Documents and Settings\Family\My Documents\ECURIT~1\?ecurity\
C:\Documents and Settings\Friends\Application Data\HbTools_Icons
C:\Documents and Settings\Friends\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\Friends\Application Data\HbTools_Icons\Software_Online_8.ico
C:\Documents and Settings\Friends\Application Data\HbTools_Icons\wallpapere1.ico
C:\Documents and Settings\Laura\Application Data\FunWebProducts
C:\Documents and Settings\Laura\My Documents\YMBOLS~1
C:\Documents and Settings\Parents\Application Data\HbTools_Icons
C:\Documents and Settings\Parents\Application Data\HbTools_Icons\Registryrepair.ico
C:\Documents and Settings\Parents\Application Data\HbTools_Icons\Software_Online_8.ico
C:\Documents and Settings\Parents\Application Data\HbTools_Icons\wallpapere1.ico
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\temp\tn3
C:\WINDOWS\BMb78e940f.xml
C:\WINDOWS\sstem~1
C:\WINDOWS\system32\c4
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\drivers\SjyPktt.sys
C:\WINDOWS\system32\k8
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\s7
C:\WINDOWS\system32\x3

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SjyPktt
-------\Legacy_SjyPktt
-------\Service_SjyPktt


((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 )))))))))))))))))))))))))))))))
.

2008-04-21 00:13 . 2008-04-21 00:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 00:13 . 2008-04-21 00:13 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\Malwarebytes
2008-04-21 00:13 . 2008-04-21 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-18 01:15 . 2008-04-18 01:17 <DIR> d-------- C:\Program Files\DriverGuide Toolkit
2008-04-18 00:46 . 2008-04-18 00:46 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-18 00:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-18 00:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-16 22:07 . 2008-04-16 22:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-16 06:46 . 2008-04-16 06:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-16 06:45 . 2008-04-16 06:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-16 06:45 . 2008-04-16 06:45 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\SUPERAntiSpyware.com
2008-04-16 01:54 . 2008-04-16 01:54 0 --a------ C:\WINDOWS\NDSBrow.INI
2008-04-15 06:09 . 2008-04-15 06:11 <DIR> d-------- C:\Realtek Lan.temp
2008-04-15 05:30 . 2008-04-15 05:30 <DIR> d-------- C:\Program Files\Belarc
2008-04-15 05:30 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-04-14 22:21 . 2008-04-14 22:21 <DIR> d-------- C:\DriverBackup
2008-04-14 22:03 . 2008-04-14 22:03 10,240 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-14 21:12 . 2008-04-14 21:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-14 08:13 . 2008-04-14 08:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-14 06:44 . 2008-04-14 06:43 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-14 06:43 . 2008-04-14 06:47 <DIR> d-------- C:\Documents and Settings\Laura\.housecall6.6
2008-04-14 06:35 . 2008-04-14 06:35 <DIR> d-------- C:\Program Files\Panicware
2008-04-13 19:29 . 2008-04-13 19:29 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-13 19:15 . 2008-04-13 19:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-13 19:14 . 2008-04-13 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 19:12 . 2008-04-16 06:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-13 18:40 . 2008-04-16 06:34 3,139 ---hs---- C:\WINDOWS\system32\ttcxineo.ini
2008-03-25 00:48 . 2008-03-25 00:48 <DIR> d-------- C:\HWSetup.temp
2008-03-25 00:30 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-25 00:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-25 00:06 . 2008-03-25 00:06 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-24 23:47 . 2008-03-24 23:47 10 --a------ C:\WINDOWS\system32\ocntqlwd.exe
2008-03-24 23:46 . 2008-03-25 00:15 2,838 --a------ C:\WINDOWS\machine.ver
2008-03-24 23:29 . 2008-03-24 23:47 67 --a------ C:\WINDOWS\swupdate.INI
2008-03-24 17:27 . 2008-04-14 22:15 <DIR> d-------- C:\PC Diagnostic.temp
2008-03-24 17:24 . 2008-04-14 22:07 <DIR> d-------- C:\ATI Display.temp
2008-03-23 20:48 . 2008-04-14 00:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-23 20:48 . 2008-03-23 20:48 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 13:58 --------- d-----w C:\Documents and Settings\Laura\Application Data\alot
2008-04-17 05:45 12,452 ----a-w C:\Documents and Settings\Laura\Application Data\wklnhst.dat
2008-04-16 08:55 --------- d-----w C:\Documents and Settings\Laura\Application Data\toshiba
2008-04-16 07:37 --------- d-----w C:\Program Files\EPSON
2008-04-15 05:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 05:09 --------- d-----w C:\Program Files\ATI Technologies
2008-04-14 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-14 08:53 --------- d-----w C:\Program Files\Invisible Secrets 4
2008-03-25 09:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-03-25 07:08 --------- d-----w C:\Program Files\Java
2008-03-25 05:46 --------- d--h--r C:\Documents and Settings\Parents\Application Data\yahoo!
2008-03-25 05:46 --------- d--h--r C:\Documents and Settings\Family\Application Data\yahoo!
2008-03-25 05:46 --------- d-----w C:\Documents and Settings\Alicia\Application Data\Yahoo!
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-08 03:00 --------- d-----w C:\Documents and Settings\Alicia\Application Data\Neopets Toolbar
2008-03-08 02:39 --------- d-----w C:\Documents and Settings\Alicia\Application Data\HP
2008-03-06 01:00 --------- d-----w C:\Documents and Settings\Parents\Application Data\HP
2008-03-02 01:55 --------- d-----w C:\Documents and Settings\Family\Application Data\HP
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-14 01:42 155,995 ----a-w C:\WINDOWS\java\Packages\7DR1ZBHN.ZIP
2007-03-20 01:13 322 -c--a-w C:\Documents and Settings\Family\Application Data\wklnhst.dat
2003-11-03 04:52 301,321 -c--a-w C:\Documents and Settings\All Users\Office 2003 Editions 60 Day Trial.exe
2003-02-21 11:42 348,160 -c--a-w C:\Program Files\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29C6CEBF-7E3B-43D7-8AB1-5BADCCEFB7C1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
2007-11-19 10:28 554280 --a------ C:\Program Files\alot\bin\alot.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2AB67A8-A240-D6C6-4490-A38F070A2EC3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2F38AD7-04B1-43D0-A85A-9FD79361CDE0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F75C1795-31B9-45B9-7781-6ED7FF353688}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}"= "C:\Program Files\alot\bin\alot.dll" [2007-11-19 10:28 554280]

[HKEY_CLASSES_ROOT\clsid\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 19:13 68856]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-05 21:05 344064]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40 196608]
"NDSTray.exe"="NDSTray.exe" []
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45 65536]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03 1077301]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-08 15:51 53248]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-05-25 04:24 393216]
"CFSServ.exe"="CFSServ.exe" []
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51 442455]
"b4bda793"="C:\WINDOWS\system32\oenixctt.dll" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayawvv]
yayawvv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]
backup=C:\WINDOWS\pss\MiniMavis.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
backup=C:\WINDOWS\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Laura^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Laura^Start Menu^Programs^Startup^RABCO - Auto Update.lnk]
backup=C:\WINDOWS\pss\RABCO - Auto Update.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Laura^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-04-12 16:17 88358 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b4bda793]
C:\WINDOWS\system32\oenixctt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Invisible Secrets 4]
--a------ 2006-02-28 18:47 814592 C:\PROGRA~1\INVISI~1\invtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
--a------ 2004-05-25 14:35 28672 C:\Program Files\Notebook Maximizer\maximizer_startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2005-03-17 17:37 151552 c:\toshiba\ivp\ism\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-08-16 19:51 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2007-08-20 11:58 2483496 C:\Program Files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-04-26 16:13 122880 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
--a------ 2005-08-05 19:02 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2005-05-31 17:16 282624 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 20:51 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2003-12-09 12:03 57344 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2005-04-22 19:49 397312 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
--a------ 2005-06-06 09:58 24576 C:\WINDOWS\system32\ZoomingHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{DA-A7-73-3C-DW}]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 10:42]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-17 16:25:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 07:15:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\locator.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
.
**************************************************************************
.
Completion time: 2008-04-21 7:24:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-21 14:23:59

Pre-Run: 39,127,883,776 bytes free
Post-Run: 39,608,188,928 bytes free

287 --- E O F --- 2008-04-17 12:09:36


2005-05-31 02:12 25358 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Family\Application Data\HbTools_Icons\wallpapere1.ico.vir
2005-05-31 02:12 25358 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Friends\Application Data\HbTools_Icons\wallpapere1.ico.vir
2005-05-31 02:12 25358 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Parents\Application Data\HbTools_Icons\wallpapere1.ico.vir
2006-01-10 02:16 3262 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Family\Application Data\HbTools_Icons\Registryrepair.ico.vir
2006-01-10 02:16 3262 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Friends\Application Data\HbTools_Icons\Registryrepair.ico.vir
2006-01-10 02:16 3262 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Parents\Application Data\HbTools_Icons\Registryrepair.ico.vir
2006-02-07 06:18 3262 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Family\Application Data\HbTools_Icons\Software_Online_8.ico.vir
2006-02-07 06:18 3262 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Friends\Application Data\HbTools_Icons\Software_Online_8.ico.vir
2006-02-07 06:18 3262 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Parents\Application Data\HbTools_Icons\Software_Online_8.ico.vir
2006-07-03 21:18 2141 --a--c--- C:\Qoobox\Quarantine\C\Documents and Settings\Extra\Application Data\HbTools\HbTools.log.vir
2008-01-08 22:44 28747 --a------ C:\Qoobox\Quarantine\C\Temp\1cb\syscheck.log.vir
2008-02-28 19:50 1858 --a------ C:\Qoobox\Quarantine\C\Temp\sanR24\lDii.log.vir
2008-02-28 19:50 86016 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\SjyPktt.sys.vir
2008-03-24 20:19 117735 --a------ C:\Qoobox\Quarantine\C\WINDOWS\BMb78e940f.xml.vir
2008-04-21 07:09 1016 --a------ C:\Qoobox\Quarantine\Registry_backups\Service_SjyPktt.reg.dat
2008-04-21 07:09 1376 --a------ C:\Qoobox\Quarantine\Registry_backups\Legacy_SjyPktt.reg.dat
2008-04-21 07:11 211 --a------ C:\Qoobox\Quarantine\catchme.log
2008-04-21 07:11 74597 --a------ C:\Qoobox\Quarantine\catchme2008-04-21_ 71131.79.zip

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:26:13 AM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Parents\My Documents\Utilities, etc\HiJackThis.exe
C:\WINDOWS\system32\ipconfig.exe
C:\WINDOWS\system32\cmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mygirlyspace....p?id=L728383749
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {29C6CEBF-7E3B-43D7-8AB1-5BADCCEFB7C1} - (no file)
O2 - BHO: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B2AB67A8-A240-D6C6-4490-A38F070A2EC3} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {F2F38AD7-04B1-43D0-A85A-9FD79361CDE0} - (no file)
O2 - BHO: 0 - {F75C1795-31B9-45B9-7781-6ED7FF353688} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\oenixctt.dll",b
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYMKUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1208435690109
O16 - DPF: {85BA505F-FD01-4A91-836C-F7D502E89C9A} (Image Uploader Control) - http://www.evite.com...geUploader4.cab
O16 - DPF: {87587503-20F0-4FF5-8DA3-0107C4C03FDC} (vmLaunch Class) - http://downloads.com.../vmLauncher.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O16 - DPF: {D3538D36-EEDA-4BC7-9C8D-8C1D066EBC56} (SonicActivator Class) - http://hp.sonic.com/...cActivation.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: yayawvv - yayawvv.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 10571 bytes

HiJack This Uninstall list after ComboFix:
2Wire Wireless Client
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Shockwave Player
ALOT Toolbar
ALPS Touch Pad Driver
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AT&T Connection Services Manager
AT&T Self Support Tool
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Belarc Advisor 7.2
CCScore
CD/DVD Drive Acoustic Silencer
CIF USB CAMERA
DriverGuide Toolkit
DVD-RAM Driver
DVR-310 Digital Camera Driver
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
EZ Photo Newsletter Creator
Google SketchUp 6
Google SketchUp 6
HijackThis 2.0.2
HLPPDOCK
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Extended Capabilities 5.3
HP Imaging Device Functions 7.0
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iPod for Windows 2006-03-23
iTunes
Java™ 6 Update 5
kgcbase
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Small Business Image Uploader
Microsoft Office OneNote 2003
Microsoft Office PowerPoint 2003 Template Pack 3
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (2.0.0.13)
MSXML 4.0 SP2 (KB936181)
Netflix Movie Viewer
Notebook Maximizer
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Pop-Up Stopper Free Edition
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Registry Mechanic 7.0
SBC Yahoo! Applications
SBC Yahoo! DSL Home Networking Installer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
SFR
SHASTA
SKIN0001
SKINXSDK
staticcr
Super GameHouse Solitaire Vol. 1
SUPERAntiSpyware Free Edition
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Ulead VideoStudio 8.0 SE VCD
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Media Player
VPRINTOL
WG111v2 Configuration Utility
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WIRELESS
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool

Note: After all this I reinstalled Avast!, as it had not been a good install and was slowing down the system.
Avast scan log

By the way, regarding the "RUNDLL missing file oenixctt.dll" file that I asked about in the initial post, that entry was showing in the registry in the SuperAntiSpyware folder, so I asked them and they said okay to delete. That part of the question is resolved.

Thanks again!
Helaire

Attached Files


  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hi Helaire, I'm not sure what that antivirus chest files is. Is that like a virus vault where all the files you quarantined goes into?

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Right click on this link http://www.mvps.org/.../DelDomains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

Uninstall the following via the Add/Remove Panel (Start->Settings->Control Panel->Add/Remove Programs) if found:

ALOT Toolbar
Viewpoint Media Player


Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZSYYYYYYMKUS
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.storageguardsoft.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusschlacht.com


Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

DirLook::
C:\HWSetup.temp
C:\PC Diagnostic.temp
C:\ATI Display.temp
FileLook::
C:\WINDOWS\machine.ver
File::
C:\WINDOWS\system32\ttcxineo.ini
C:\WINDOWS\system32\ocntqlwd.exe
C:\WINDOWS\system32\oenixctt.dll
Folder::
C:\Documents and Settings\Laura\Application Data\alot
C:\Program Files\alot\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29C6CEBF-7E3B-43D7-8AB1-5BADCCEFB7C1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2AB67A8-A240-D6C6-4490-A38F070A2EC3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2F38AD7-04B1-43D0-A85A-9FD79361CDE0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F75C1795-31B9-45B9-7781-6ED7FF353688}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}"=-
[-HKEY_CLASSES_ROOT\clsid\{5aa2ba46-9913-4dc7-9620-69ab0fa17ae7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"b4bda793"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayawvv]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b4bda793]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{DA-A7-73-3C-DW}]

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is it running now?
  • 0

#5
Helaire

Helaire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi, Greyknight17,
Here's the log of the scan that I ran after creating the CFScript.txt file and dragging it into ComboFix. ComboFix ran very quickly this time!

In answer to your question about how it's running now, the laptop is running immeasurably better than when I first tried to tackle all these problems! After making sure that this adware/virus issue is resolved, the only thing for which I will still have to find a solution is that the connection drops and reacquires every 15 - 45 seconds (both LAN and wireless), so once I figure that one out (I bet it's settings), I can return the laptop to the young lady with a little instruction on what not to download and where not to save files (like in system folders---actually, I will hide these).

With respect to the antivirus chest, you are correct. . . . that is a vault into which Avast! puts all quarantined files. The infected files are only those with a skull icon next to them. The other 3 are system files, and I don't know why they need to show those in the chest, but they are not shown as infected.

I am most grateful for your help--this system should be pretty much clean as a whistle by now. Let me know if you agree, or if you see more that must be done.
Best,
Helaire


ComboFix 08-04-20.5 - Laura 2008-04-25 11:46:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.561 [GMT -7:00]
Running from: C:\Documents and Settings\Laura\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Laura\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\ocntqlwd.exe
C:\WINDOWS\system32\oenixctt.dll
C:\WINDOWS\system32\ttcxineo.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Family\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\system32\drivers\core.cache(10).dsk
C:\WINDOWS\system32\drivers\core.cache(11).dsk
C:\WINDOWS\system32\drivers\core.cache(12).dsk
C:\WINDOWS\system32\drivers\core.cache(13).dsk
C:\WINDOWS\system32\drivers\core.cache(14).dsk
C:\WINDOWS\system32\drivers\core.cache(15).dsk
C:\WINDOWS\system32\drivers\core.cache(16).dsk
C:\WINDOWS\system32\drivers\core.cache(17).dsk
C:\WINDOWS\system32\drivers\core.cache(18).dsk
C:\WINDOWS\system32\drivers\core.cache(19).dsk
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(20).dsk
C:\WINDOWS\system32\drivers\core.cache(21).dsk
C:\WINDOWS\system32\drivers\core.cache(22).dsk
C:\WINDOWS\system32\drivers\core.cache(23).dsk
C:\WINDOWS\system32\drivers\core.cache(24).dsk
C:\WINDOWS\system32\drivers\core.cache(25).dsk
C:\WINDOWS\system32\drivers\core.cache(26).dsk
C:\WINDOWS\system32\drivers\core.cache(27).dsk
C:\WINDOWS\system32\drivers\core.cache(28).dsk
C:\WINDOWS\system32\drivers\core.cache(29).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(30).dsk
C:\WINDOWS\system32\drivers\core.cache(31).dsk
C:\WINDOWS\system32\drivers\core.cache(32).dsk
C:\WINDOWS\system32\drivers\core.cache(33).dsk
C:\WINDOWS\system32\drivers\core.cache(34).dsk
C:\WINDOWS\system32\drivers\core.cache(35).dsk
C:\WINDOWS\system32\drivers\core.cache(36).dsk
C:\WINDOWS\system32\drivers\core.cache(37).dsk
C:\WINDOWS\system32\drivers\core.cache(38).dsk
C:\WINDOWS\system32\drivers\core.cache(39).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(40).dsk
C:\WINDOWS\system32\drivers\core.cache(41).dsk
C:\WINDOWS\system32\drivers\core.cache(42).dsk
C:\WINDOWS\system32\drivers\core.cache(43).dsk
C:\WINDOWS\system32\drivers\core.cache(44).dsk
C:\WINDOWS\system32\drivers\core.cache(45).dsk
C:\WINDOWS\system32\drivers\core.cache(46).dsk
C:\WINDOWS\system32\drivers\core.cache(47).dsk
C:\WINDOWS\system32\drivers\core.cache(48).dsk
C:\WINDOWS\system32\drivers\core.cache(49).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
C:\WINDOWS\system32\drivers\core.cache(50).dsk
C:\WINDOWS\system32\drivers\core.cache(51).dsk
C:\WINDOWS\system32\drivers\core.cache(52).dsk
C:\WINDOWS\system32\drivers\core.cache(53).dsk
C:\WINDOWS\system32\drivers\core.cache(54).dsk
C:\WINDOWS\system32\drivers\core.cache(55).dsk
C:\WINDOWS\system32\drivers\core.cache(56).dsk
C:\WINDOWS\system32\drivers\core.cache(57).dsk
C:\WINDOWS\system32\drivers\core.cache(58).dsk
C:\WINDOWS\system32\drivers\core.cache(59).dsk
C:\WINDOWS\system32\drivers\core.cache(6).dsk
C:\WINDOWS\system32\drivers\core.cache(60).dsk
C:\WINDOWS\system32\drivers\core.cache(61).dsk
C:\WINDOWS\system32\drivers\core.cache(62).dsk
C:\WINDOWS\system32\drivers\core.cache(63).dsk
C:\WINDOWS\system32\drivers\core.cache(7).dsk
C:\WINDOWS\system32\drivers\core.cache(8).dsk
C:\WINDOWS\system32\drivers\core.cache(9).dsk
C:\WINDOWS\system32\ocntqlwd.exe
C:\WINDOWS\system32\ttcxineo.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-25 to 2008-04-25 )))))))))))))))))))))))))))))))
.

2008-04-25 07:50 . 2008-04-25 07:50 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-23 07:37 . 2008-04-23 07:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-23 07:31 . 2004-08-04 05:00 22,528 --a------ C:\WINDOWS\system32\lpdsvc.dll
2008-04-23 07:31 . 2004-08-04 05:00 22,528 --a--c--- C:\WINDOWS\system32\dllcache\lpdsvc.dll
2008-04-23 07:31 . 2004-08-04 05:00 18,944 --a------ C:\WINDOWS\system32\lprmon.dll
2008-04-23 07:31 . 2004-08-04 05:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\lprmon.dll
2008-04-21 19:13 . 2008-04-21 19:13 <DIR> d-------- C:\Program Files\DriverGuide DriverScan
2008-04-21 19:13 . 2007-08-13 17:37 107,908 --a------ C:\toolkit_widget.gif
2008-04-21 00:13 . 2008-04-21 00:13 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 00:13 . 2008-04-21 00:13 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\Malwarebytes
2008-04-21 00:13 . 2008-04-21 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-18 01:15 . 2008-04-23 06:23 <DIR> d-------- C:\Program Files\DriverGuide Toolkit
2008-04-18 00:46 . 2008-04-18 00:46 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-18 00:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-18 00:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-16 22:07 . 2008-04-16 22:07 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-16 06:46 . 2008-04-16 06:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-16 06:45 . 2008-04-16 06:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-16 06:45 . 2008-04-16 06:45 <DIR> d-------- C:\Documents and Settings\Laura\Application Data\SUPERAntiSpyware.com
2008-04-16 01:54 . 2008-04-16 01:54 0 --a------ C:\WINDOWS\NDSBrow.INI
2008-04-15 06:09 . 2008-04-15 06:11 <DIR> d-------- C:\Realtek Lan.temp
2008-04-15 05:30 . 2008-04-15 05:30 <DIR> d-------- C:\Program Files\Belarc
2008-04-15 05:30 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-04-14 22:21 . 2008-04-14 22:21 <DIR> d-------- C:\DriverBackup
2008-04-14 22:03 . 2008-04-14 22:03 10,240 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-14 21:12 . 2008-04-14 21:12 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-04-14 08:13 . 2008-04-14 08:13 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-14 06:44 . 2008-04-14 06:43 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-14 06:43 . 2008-04-14 06:47 <DIR> d-------- C:\Documents and Settings\Laura\.housecall6.6
2008-04-14 06:35 . 2008-04-14 06:35 <DIR> d-------- C:\Program Files\Panicware
2008-04-13 19:29 . 2008-04-13 19:29 <DIR> d-------- C:\Program Files\Alwil Software
2008-04-13 19:15 . 2008-04-13 19:15 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-13 19:14 . 2008-04-13 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 19:12 . 2008-04-16 06:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-25 00:48 . 2008-03-25 00:48 <DIR> d-------- C:\HWSetup.temp
2008-03-25 00:30 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-03-25 00:09 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-25 00:06 . 2008-03-25 00:06 <DIR> d-------- C:\Program Files\Common Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-25 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-04-17 05:45 12,452 ----a-w C:\Documents and Settings\Laura\Application Data\wklnhst.dat
2008-04-16 08:55 --------- d-----w C:\Documents and Settings\Laura\Application Data\toshiba
2008-04-16 07:37 --------- d-----w C:\Program Files\EPSON
2008-04-15 05:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 05:09 --------- d-----w C:\Program Files\ATI Technologies
2008-04-14 14:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-04-14 08:53 --------- d-----w C:\Program Files\Invisible Secrets 4
2008-03-25 09:04 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-03-25 07:08 --------- d-----w C:\Program Files\Java
2008-03-25 05:46 --------- d--h--r C:\Documents and Settings\Parents\Application Data\yahoo!
2008-03-25 05:46 --------- d--h--r C:\Documents and Settings\Family\Application Data\yahoo!
2008-03-25 05:46 --------- d-----w C:\Documents and Settings\Alicia\Application Data\Yahoo!
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-08 03:00 --------- d-----w C:\Documents and Settings\Alicia\Application Data\Neopets Toolbar
2008-03-08 02:39 --------- d-----w C:\Documents and Settings\Alicia\Application Data\HP
2008-03-06 01:00 --------- d-----w C:\Documents and Settings\Parents\Application Data\HP
2008-03-02 01:55 --------- d-----w C:\Documents and Settings\Family\Application Data\HP
2008-02-26 03:54 105,088 ----a-w C:\WINDOWS\system32\drivers\Rtnicxp.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:32 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-14 01:42 155,995 ----a-w C:\WINDOWS\java\Packages\7DR1ZBHN.ZIP
2007-03-20 01:13 322 -c--a-w C:\Documents and Settings\Family\Application Data\wklnhst.dat
2003-11-03 04:52 301,321 -c--a-w C:\Documents and Settings\All Users\Office 2003 Editions 60 Day Trial.exe
2003-02-21 11:42 348,160 -c--a-w C:\Program Files\msvcr71.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

- Not a PE file.

---- Directory of C:\ATI Display.temp ----

2005-07-20 16:32 37172 --a------ C:\ATI Display.temp\Driver\2KXP_INF\CX_25176.cat
2005-07-20 16:32 112 --a------ C:\ATI Display.temp\Driver\2KXP_INF\atiiseag.ini
2005-07-18 13:48 5847 --a------ C:\ATI Display.temp\CPanel\CPanel.dat
2005-07-18 13:48 5380 --a------ C:\ATI Display.temp\Driver\Driver.dat
2005-07-18 13:48 29622 --a------ C:\ATI Display.temp\Driver\2KXP_INF\CX_25176.inf
2005-07-18 13:48 29608 --a------ C:\ATI Display.temp\Driver\2KXP_INF\C2_25176.inf
2005-07-18 13:48 228 --a------ C:\ATI Display.temp\Driver\INSTALL.INI
2005-07-18 13:47 2595 --a------ C:\ATI Display.temp\CPanel\CP_XP.REG
2005-07-18 13:47 2595 --a------ C:\ATI Display.temp\CPanel\25176_XP.REG
2005-07-18 13:47 1431 --a------ C:\ATI Display.temp\Driver\CX_25176.INI
2005-07-18 13:45 1431 --a------ C:\ATI Display.temp\Driver\C2_25176.INI
2005-07-06 01:18 21488 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ativvpxx.vp
2005-07-06 01:01 307200 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atiiiexx.dll
2005-07-06 00:56 94208 --a------ C:\ATI Display.temp\Driver\Driver.DLL
2005-07-06 00:56 94208 --a------ C:\ATI Display.temp\CPanel\CPANEL.dll
2005-07-06 00:56 45056 --a------ C:\ATI Display.temp\BIN\AtiCIM.dll
2005-07-06 00:56 125440 --a------ C:\ATI Display.temp\BIN\UpdatPnP.exe
2005-07-06 00:55 380928 --a------ C:\ATI Display.temp\BIN\atiicdxx.dll
2005-07-06 00:55 279552 --a------ C:\ATI Display.temp\BIN\atiicdxx.exe
2005-07-06 00:55 121344 --a------ C:\ATI Display.temp\BIN\EnumDev.exe
2005-07-06 00:54 73728 --a--c--- C:\ATI Display.temp\BIN\atricdxx.dft
2005-07-06 00:54 73728 --a------ C:\ATI Display.temp\BIN\atricdxx.enu
2005-07-06 00:54 6656 --a------ C:\ATI Display.temp\BIN\aticd64a.sys
2005-07-06 00:54 6144 --a------ C:\ATI Display.temp\BIN\atiicdxx.sys
2005-07-06 00:54 368640 --a------ C:\ATI Display.temp\BIN\aticds10.dll
2005-07-06 00:53 64512 --a--c--- C:\ATI Display.temp\BIN\atricd6a.dft
2005-07-06 00:53 64512 --a------ C:\ATI Display.temp\BIN\atricd6a.enu
2005-07-06 00:33 96863 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atidemgr.dl_
2005-07-05 23:52 3116916 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atioglx1.dl_
2005-07-05 22:51 2404127 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atioglxx.dl_
2005-07-05 22:36 767822 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati2mtag.sy_
2005-07-05 22:36 149568 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati2dvag.dl_
2005-07-05 22:32 49285 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atipdlxx.dl_
2005-07-05 22:32 40347 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\oemdspif.dl_
2005-07-05 22:31 29742 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati2evxx.dl_
2005-07-05 22:31 26723 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati2edxx.dl_
2005-07-05 22:31 15671 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati2mdxx.ex_
2005-07-05 22:30 28095 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atiddc.dl_
2005-07-05 22:30 199815 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati2evxx.ex_
2005-07-05 22:23 1294458 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati3duag.dl_
2005-07-05 22:18 337408 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ativvaxx.dl_
2005-07-05 22:08 83603 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atikvmag.dl_
2005-07-05 21:46 8346 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atitvo32.dl_
2005-07-05 21:46 10032 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati2erec.dl_
2005-07-05 21:41 121535 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ati2cqag.dl_
2005-07-05 21:05 959 --a------ C:\ATI Display.temp\CPanel\shortcut.iss
2005-07-05 21:05 91440 --a--c--- C:\ATI Display.temp\CPanel\data1.hdr
2005-07-05 21:05 8708314 --a------ C:\ATI Display.temp\CPanel\data2.cab
2005-07-05 21:05 772 --a------ C:\ATI Display.temp\Driver\setup.iss
2005-07-05 21:05 7078 --a------ C:\ATI Display.temp\CPanel\FGL_32.REG
2005-07-05 21:05 69632 --a------ C:\ATI Display.temp\CheckVer.exe
2005-07-05 21:05 65536 --a------ C:\ATI Display.temp\Setup.exe
2005-07-05 21:05 602 --a------ C:\ATI Display.temp\CPanel\install.ini
2005-07-05 21:05 569 --a------ C:\ATI Display.temp\layout.bin
2005-07-05 21:05 512 --a------ C:\ATI Display.temp\Driver\data2.cab
2005-07-05 21:05 512 --a------ C:\ATI Display.temp\data2.cab
2005-07-05 21:05 504 --a--c--- C:\ATI Display.temp\CPanel\layout.bin
2005-07-05 21:05 48849 --a--c--- C:\ATI Display.temp\Driver\data1.hdr
2005-07-05 21:05 482 --a--c--- C:\ATI Display.temp\Driver\layout.bin
2005-07-05 21:05 46737 --a------ C:\ATI Display.temp\data1.hdr
2005-07-05 21:05 452 --a------ C:\ATI Display.temp\Driver\Setup.ini
2005-07-05 21:05 451 --a------ C:\ATI Display.temp\CPanel\Setup.ini
2005-07-05 21:05 446 --a------ C:\ATI Display.temp\Setup.ini
2005-07-05 21:05 344923 --a--c--- C:\ATI Display.temp\Driver\ikernel.ex_
2005-07-05 21:05 344923 --a--c--- C:\ATI Display.temp\CPanel\ikernel.ex_
2005-07-05 21:05 344923 --a------ C:\ATI Display.temp\ikernel.ex_
2005-07-05 21:05 308168 --a--c--- C:\ATI Display.temp\Driver\_setup.bmp
2005-07-05 21:05 3036350 --a------ C:\ATI Display.temp\Driver\data1.cab
2005-07-05 21:05 257 --a------ C:\ATI Display.temp\install.ini
2005-07-05 21:05 2311975 --a------ C:\ATI Display.temp\CPanel\data1.cab
2005-07-05 21:05 18192 --a------ C:\ATI Display.temp\psapi.dll
2005-07-05 21:05 1740351 --a------ C:\ATI Display.temp\data1.cab
2005-07-05 21:05 161555 --a--c--- C:\ATI Display.temp\Driver\setup.inx
2005-07-05 21:05 159610 --a------ C:\ATI Display.temp\setup.inx
2005-07-05 21:05 157279 --a--c--- C:\ATI Display.temp\CPanel\setup.inx
2005-07-05 21:05 154624 --a------ C:\ATI Display.temp\DrvUI64A.exe
2005-07-05 21:05 151552 --a--c--- C:\ATI Display.temp\AtiCim.bin
2005-07-05 21:05 139264 --a------ C:\ATI Display.temp\Driver\Setup.exe
2005-07-05 21:05 139264 --a------ C:\ATI Display.temp\CPanel\Setup.exe
2005-07-05 21:05 127488 --a------ C:\ATI Display.temp\issetup.exe
2005-07-05 21:05 110592 --a------ C:\ATI Display.temp\AtiCimUn.exe
2005-07-05 21:05 1082 --a------ C:\ATI Display.temp\CPanel\setup.iss
2005-06-10 16:59 95617 --a--c--- C:\ATI Display.temp\BIN\atiicdxx.dat
2005-06-10 16:59 95617 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atiicdxx.dat
2005-06-10 16:59 32256 --a------ C:\ATI Display.temp\BIN\atiicdxx.msi
2005-05-09 20:47 5396 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\atifglpf.xml
2005-04-07 11:20 900 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ativcaxx.vp
2005-04-07 11:20 524850 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ativcaxx.cpa
2005-03-17 22:52 94208 --a------ C:\ATI Display.temp\SBDrv\SBDrv.dll
2005-03-17 22:10 679 --a------ C:\ATI Display.temp\SBDrv\setup.iss
2005-03-17 22:10 5889 --a--c--- C:\ATI Display.temp\SBDrv\SBDrv.dat
2005-03-17 22:10 526 --a------ C:\ATI Display.temp\SBDrv\install.ini
2005-03-17 22:10 512 --a------ C:\ATI Display.temp\SBDrv\data2.cab
2005-03-17 22:10 49307 --a--c--- C:\ATI Display.temp\SBDrv\data1.hdr
2005-03-17 22:10 481 --a--c--- C:\ATI Display.temp\SBDrv\layout.bin
2005-03-17 22:10 465 --a------ C:\ATI Display.temp\SBDrv\Setup.ini
2005-03-17 22:10 344923 --a--c--- C:\ATI Display.temp\SBDrv\ikernel.ex_
2005-03-17 22:10 2541137 --a------ C:\ATI Display.temp\SBDrv\data1.cab
2005-03-17 22:10 158136 --a--c--- C:\ATI Display.temp\SBDrv\setup.inx
2005-03-17 22:10 139264 --a------ C:\ATI Display.temp\SBDrv\Setup.exe
2005-03-10 12:00 7591 --a------ C:\ATI Display.temp\SBDrv\SMBUS\SMBusati.cat
2005-03-10 10:52 58521 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ativckxx.vp
2004-12-20 15:16 1829 --a------ C:\ATI Display.temp\SBDrv\SMBUS\SMBUSati.inf
2004-10-12 14:06 97920 --a------ C:\ATI Display.temp\SBDrv\SATARAID\Si3112r.sys
2004-10-12 14:06 69120 --a------ C:\ATI Display.temp\SBDrv\SATARAID\SilSupp.cpl
2004-10-12 14:06 49835 --a------ C:\ATI Display.temp\SBDrv\SATARAID\Si3112r.inf
2004-10-12 14:06 22096 --a------ C:\ATI Display.temp\SBDrv\SATARAID\SiiSupp.vxd
2004-10-12 14:06 19726 --a------ C:\ATI Display.temp\SBDrv\SATARAID\si3112r.cat
2004-10-12 14:06 12855 --a--c--- C:\ATI Display.temp\SBDrv\SATARAID\TxtSetup.oem
2004-10-12 14:06 12362 --a--c--- C:\ATI Display.temp\SBDrv\SATARAID\Si_readme\readme.txt
2004-10-12 14:06 10240 --a------ C:\ATI Display.temp\SBDrv\SATARAID\SIWinAcc.sys
2004-08-23 15:48 7575 --a------ C:\ATI Display.temp\SBDrv\IDEATA133\atihdc.cat
2004-06-16 15:14 8260 --a------ C:\ATI Display.temp\SBDrv\IDE\atiide.cat
2004-06-03 14:34 5312 --a------ C:\ATI Display.temp\SBDrv\IDE\atiide2k.sys
2004-06-01 05:02 6016 --a------ C:\ATI Display.temp\SBDrv\IDE\atiide.sys
2004-05-28 14:34 2376 --a------ C:\ATI Display.temp\SBDrv\IDE\atiide.inf
2004-05-11 11:21 3123 --a------ C:\ATI Display.temp\SBDrv\IDEATA133\Atihdc.inf
2004-04-20 18:08 5219 --a------ C:\ATI Display.temp\GARTnt\GARTnt.dat
2004-03-16 04:21 8084 --a------ C:\ATI Display.temp\GARTnt\atisgkaf.cat
2004-02-11 16:55 3068 --a------ C:\ATI Display.temp\GARTnt\GARTnt.INF
2004-02-09 16:04 37811 --a--c--- C:\ATI Display.temp\GARTnt\Setup.dat
2003-11-25 13:08 90112 --a------ C:\ATI Display.temp\GARTnt\GartNt.dll
2003-11-25 12:46 331776 --a------ C:\ATI Display.temp\GARTnt\atiicdxx.dll
2003-11-25 01:42 94208 --a------ C:\ATI Display.temp\GARTnt\ISLAYER.DLL
2003-11-25 01:42 229376 --a------ C:\ATI Display.temp\GARTnt\ATIIIEXX.DLL
2003-11-25 01:40 61440 --a------ C:\ATI Display.temp\GARTnt\Setup.exe
2003-11-25 01:37 61440 --a--c--- C:\ATI Display.temp\GARTnt\atricdxx.dft
2003-10-27 16:59 13842 --a------ C:\ATI Display.temp\GARTnt\atisgkaf.sys
2003-07-30 18:15 90112 --a------ C:\ATI Display.temp\NetDrv\NetDrv.DLL
2003-07-30 18:15 772 --a------ C:\ATI Display.temp\NetDrv\setup.iss
2003-07-30 18:15 6853 --a--c--- C:\ATI Display.temp\NetDrv\NIC\NETDI90X.DL_
2003-07-30 18:15 57249 --a--c--- C:\ATI Display.temp\NetDrv\NIC\el90xbc4.sy_
2003-07-30 18:15 56586 --a--c--- C:\ATI Display.temp\NetDrv\data1.hdr
2003-07-30 18:15 5541 --a------ C:\ATI Display.temp\NetDrv\NetDrv.dat
2003-07-30 18:15 547 --a------ C:\ATI Display.temp\NetDrv\Setup.ini
2003-07-30 18:15 512 --a------ C:\ATI Display.temp\NetDrv\data2.cab
2003-07-30 18:15 49979 --a------ C:\ATI Display.temp\NetDrv\NIC\W9X90XBC.INF
2003-07-30 18:15 46536 --a--c--- C:\ATI Display.temp\NetDrv\NIC\el90xbc5.sy_
2003-07-30 18:15 462 --a--c--- C:\ATI Display.temp\NetDrv\layout.bin
2003-07-30 18:15 43010 --a--c--- C:\ATI Display.temp\NetDrv\NIC\EL90XBC3.SY_
2003-07-30 18:15 344923 --a--c--- C:\ATI Display.temp\NetDrv\ikernel.ex_
2003-07-30 18:15 2027083 --a------ C:\ATI Display.temp\NetDrv\data1.cab
2003-07-30 18:15 14320 --a------ C:\ATI Display.temp\NetDrv\NIC\INFSETUP.EXE
2003-07-30 18:15 131714 --a--c--- C:\ATI Display.temp\NetDrv\setup.inx
2003-07-30 18:15 12793 --a------ C:\ATI Display.temp\NetDrv\NIC\W9X90XBC.CAT
2003-07-30 18:15 127488 --a------ C:\ATI Display.temp\NetDrv\Setup.exe
2003-07-30 18:15 111 --a------ C:\ATI Display.temp\NetDrv\Install.ini
2003-04-14 20:07 7849 --a------ C:\ATI Display.temp\BIN\atiicdxx.vxd
2001-11-23 15:40 245760 --a------ C:\ATI Display.temp\GARTnt\ATIGART.EXE
2001-11-09 11:01 12614 --a------ C:\ATI Display.temp\Driver\2KXP_INF\B_25177\ativcoxx.dl_
2001-01-18 00:05 7849 --a------ C:\ATI Display.temp\GARTnt\atiicdxx.vxd
2000-03-29 12:24 4557 --a------ C:\ATI Display.temp\GARTnt\ATIICDXX.SYS
2000-02-05 13:02 11 --a------ C:\ATI Display.temp\BIN\atiicdxx.ini

---- Directory of C:\HWSetup.temp ----

2005-08-05 00:03 14573453 --a------ C:\HWSetup.temp\setup.exe
2005-04-28 16:45 447 --a--c--- C:\HWSetup.temp\setup.iss
2001-12-17 12:06 1191 --a--c--- C:\HWSetup.temp\silent.txt

---- Directory of C:\PC Diagnostic.temp ----

2005-07-14 21:14 93 --a------ C:\PC Diagnostic.temp\setup.lid
2005-07-14 21:14 788809 --a------ C:\PC Diagnostic.temp\_sys1.cab
2005-07-14 21:14 7736 --a------ C:\PC Diagnostic.temp\_user1.hdr
2005-07-14 21:14 735 --a------ C:\PC Diagnostic.temp\layout.bin
2005-07-14 21:14 71 --a------ C:\PC Diagnostic.temp\SETUP.INI
2005-07-14 21:14 6563 --a------ C:\PC Diagnostic.temp\_sys1.hdr
2005-07-14 21:14 4326326 --a------ C:\PC Diagnostic.temp\data1.cab
2005-07-14 21:14 3532 --a------ C:\PC Diagnostic.temp\_user1.cab
2005-07-14 21:14 21277 --a------ C:\PC Diagnostic.temp\data1.hdr
2005-07-14 21:14 120 --a------ C:\PC Diagnostic.temp\DATA.TAG
2005-05-09 17:37 58975 --a------ C:\PC Diagnostic.temp\setup.ins
2004-01-19 10:27 429 --a------ C:\PC Diagnostic.temp\setup.iss
2001-12-17 12:06 1191 --a--c--- C:\PC Diagnostic.temp\silent.txt
1999-07-15 15:38 34816 --a------ C:\PC Diagnostic.temp\setupdir\0011\_Setup.dll
1999-02-23 11:45 296674 --a------ C:\PC Diagnostic.temp\_inst32i.ex_
1999-01-12 12:42 73728 --a------ C:\PC Diagnostic.temp\Setup.exe
1999-01-12 11:34 23541 --a--c--- C:\PC Diagnostic.temp\lang.dat
1998-10-27 13:06 27648 --a------ C:\PC Diagnostic.temp\_ISDel.exe
1998-10-08 18:20 34816 --a------ C:\PC Diagnostic.temp\setupdir\0804\_Setup.dll
1998-10-08 18:19 34816 --a------ C:\PC Diagnostic.temp\setupdir\0404\_Setup.dll
1998-10-08 17:45 34816 --a------ C:\PC Diagnostic.temp\setupdir\0012\_Setup.dll
1998-09-29 17:34 34816 --a------ C:\PC Diagnostic.temp\setupdir\0009\_Setup.dll
1998-07-27 17:41 450 --a------ C:\PC Diagnostic.temp\os.dat


((((((((((((((((((((((((((((( [email protected]_ 7.23.36.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-26 15:16:01 851,968 ----a-w C:\WINDOWS\$hf_mig$\KB938127\SP2QFE\vgx.dll
+ 2005-10-12 23:12:25 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spmsg.dll
+ 2005-10-12 23:12:26 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB938127\spuninst.exe
+ 2005-10-12 23:12:25 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\spcustom.dll
+ 2005-10-12 23:12:29 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\update.exe
+ 2005-10-12 23:12:34 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB938127\update\updspapi.dll
+ 2007-12-18 14:32:13 450,560 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\jscript.dll
+ 2007-12-18 14:32:13 417,792 ----a-w C:\WINDOWS\$hf_mig$\KB944338\SP2QFE\vbscript.dll
+ 2007-03-06 01:22:36 14,048 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:22:41 213,216 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:22:34 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:22:59 716,000 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:23:51 371,424 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\updspapi.dll
- 2008-04-21 14:14:56 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-25 10:08:30 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-03-04 22:04:30 580,848 ----a-w C:\WINDOWS\Downloaded Program Files\sabminf.dll
- 2008-02-01 02:41:18 167,936 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2008-04-24 14:12:11 167,936 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\accicons.exe
- 2008-02-01 02:41:18 2,560 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2008-04-24 14:12:11 2,560 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-02-01 02:41:17 34,304 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2008-04-24 14:12:11 34,304 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-02-01 02:41:18 8,192 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2008-04-24 14:12:17 8,192 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-02-01 02:41:18 3,584 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2008-04-24 14:12:18 3,584 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-02-01 02:41:19 114,688 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2008-04-24 14:12:18 114,688 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\outicon.exe
- 2008-02-01 02:41:17 16,384 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2008-04-24 14:12:11 16,384 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-02-01 02:41:18 30,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2008-04-24 14:12:11 30,720 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\pptico.exe
- 2008-02-01 02:41:19 22,528 -c--a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2008-04-24 14:12:18 22,528 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-02-01 02:41:17 45,056 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2008-04-24 14:12:11 45,056 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2008-02-01 02:41:17 90,112 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-04-24 14:12:11 90,112 ----a-r C:\WINDOWS\Installer\{91110409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
+ 2008-03-29 18:45:49 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-03-29 18:23:22 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2006-10-23 15:34:19 1,022,976 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2006-10-23 15:34:19 151,040 -c--a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2006-10-23 15:34:20 1,054,208 -c--a-w C:\WINDOWS\system32\danim.dll
+ 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2006-10-23 15:34:19 1,022,976 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-02-16 09:32:03 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2006-10-23 15:34:19 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-02-16 09:32:03 151,040 -c--a-w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-10-23 15:34:20 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-02-16 09:32:03 1,054,208 -c--a-w C:\WINDOWS\system32\dllcache\danim.dll
- 2006-10-23 15:34:20 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-02-16 09:32:04 357,888 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-10-23 15:34:20 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-02-16 09:32:04 205,312 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-10-23 15:34:20 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-02-16 09:32:04 55,808 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-10-23 11:02:37 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-02-15 09:07:53 18,432 -c--a-w C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-10-23 15:34:20 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-02-16 09:32:04 251,904 -c--a-w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-10-23 15:34:20 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-02-16 09:32:04 96,256 -c--a-w C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-05-18 05:24:25 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2007-12-18 14:40:58 450,560 -c--a-w C:\WINDOWS\system32\dllcache\jscript.dll
- 2006-10-23 15:34:20 15,872 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-02-16 09:32:04 16,384 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-10-23 15:34:22 3,061,248 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-02-16 09:32:06 3,066,880 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-10-23 15:34:21 448,512 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-02-16 09:32:06 449,024 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-10-23 15:34:21 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-02-16 09:32:06 146,432 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-10-23 15:34:21 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-02-16 09:32:07 532,480 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-10-23 15:34:21 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-02-16 09:32:07 39,424 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-10-23 15:34:22 1,497,600 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-02-16 09:32:08 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-10-23 15:34:22 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-02-16 09:32:08 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-10-23 15:34:22 615,936 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-02-16 09:32:08 618,496 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2007-12-18 14:40:58 417,792 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
- 2006-12-19 18:08:07 852,480 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
+ 2007-06-26 15:13:22 851,968 -c--a-w C:\WINDOWS\system32\dllcache\vgx.dll
- 2006-10-23 15:34:22 664,576 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-02-16 09:32:09 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-03-29 18:26:52 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
+ 2008-03-29 18:35:49 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 15:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-03-29 18:35:21 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-03-29 18:29:08 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-03-29 18:31:34 75,856 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-03-29 18:27:33 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2006-10-23 15:34:20 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2006-10-23 15:34:20 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2006-10-23 15:34:20 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2003-08-03 17:56:16 1,146,184 -c--a-w C:\WINDOWS\system32\FM20.DLL
+ 2003-09-25 19:07:00 1,139,472 ----a-w C:\WINDOWS\system32\FM20.DLL
- 2003-07-15 05:57:04 32,584 -c--a-w C:\WINDOWS\system32\FM20ENU.DLL
+ 2003-08-18 21:26:32 25,872 ----a-w C:\WINDOWS\system32\FM20ENU.DLL
- 2006-10-23 15:34:20 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2006-10-23 15:34:20 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2006-05-18 05:24:25 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript.dll
- 2006-10-23 15:34:20 15,872 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-10-11 21:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-21 01:06:36 1,480,232 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2006-10-23 15:34:22 3,061,248 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2006-10-23 15:34:21 448,512 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2006-10-23 15:34:21 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2006-10-23 15:34:21 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-20 16:47:36 54,478 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-23 14:31:49 54,478 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-20 16:47:36 384,834 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-23 14:31:49 384,834 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2006-10-23 15:34:21 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2004-06-28 17:35:24 69,760 ----a-w C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\Rtlnicxp.sys
- 2006-10-23 15:34:22 1,497,600 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2006-10-23 15:34:22 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-10-08 21:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2008-03-20 21:41:20 14,640 ------w C:\WINDOWS\system32\spmsg.dll
- 2006-10-23 15:34:22 615,936 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2004-08-04 12:00:00 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript.dll
- 2007-10-29 10:04:03 350,720 -c--a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-25 10:08:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_624.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 00:32 65536]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 19:13 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-05 21:05 344064]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-23 22:40 196608]
"NDSTray.exe"="NDSTray.exe" []
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 13:45 28672]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 13:45 65536]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-05 16:25 73728]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 14:03 1077301]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-08 15:51 53248]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2004-05-25 04:24 393216]
"CFSServ.exe"="CFSServ.exe" []
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51 442455]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 11:37 79224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniMavis.lnk]
backup=C:\WINDOWS\pss\MiniMavis.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=C:\WINDOWS\pss\RAMASST.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WG111v2 Smart Wizard Wireless Setting.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WG111v2 Smart Wizard Wireless Setting.lnk
backup=C:\WINDOWS\pss\WG111v2 Smart Wizard Wireless Setting.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Laura^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
backup=C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Laura^Start Menu^Programs^Startup^RABCO - Auto Update.lnk]
backup=C:\WINDOWS\pss\RABCO - Auto Update.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Laura^Start Menu^Programs^Startup^wkcalrem.LNK]
backup=C:\WINDOWS\pss\wkcalrem.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2005-04-12 16:17 88358 C:\WINDOWS\agrsmmsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Invisible Secrets 4]
--a------ 2006-02-28 18:47 814592 C:\PROGRA~1\INVISI~1\invtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-09-26 14:42 267064 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
--a------ 2004-05-25 14:35 28672 C:\Program Files\Notebook Maximizer\maximizer_startup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2005-03-17 17:37 151552 c:\toshiba\ivp\ism\pinger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2005-08-16 19:51 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
--a------ 2007-08-20 11:58 2483496 C:\Program Files\Registry Mechanic\RegMech.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2005-04-26 16:13 122880 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TCtryIOHook]
--a------ 2005-08-05 19:02 28672 C:\WINDOWS\system32\TCtrlIOHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFncKy]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2005-05-31 17:16 282624 C:\WINDOWS\system32\TPSMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-11-06 20:51 3810544 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2003-12-09 12:03 57344 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2005-04-22 19:49 397312 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoomingHook]
--a------ 2005-06-06 09:58 24576 C:\WINDOWS\system32\ZoomingHook.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 11:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35]
R2 EAPPkt;Realtek EAPPkt Protocol;C:\WINDOWS\system32\DRIVERS\EAPPkt.sys [2005-04-01 10:42]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 15:25:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-25 11:48:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-25 11:50:17
ComboFix-quarantined-files.txt 2008-04-25 18:50:02
ComboFix2.txt 2008-04-21 14:24:11

Pre-Run: 37,991,796,736 bytes free
Post-Run: 38,012,137,472 bytes free

625 --- E O F --- 2008-04-24 14:12:43
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#7
Helaire

Helaire

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
:) Yay!! Could'na done it without all your awesome help. Many thanks. Getting busy with the maintenance instructions. . . . . Helaire, with a new aka. . . . SpywareNinjette!

Thanks, again!

Edited by Helaire, 26 April 2008 - 08:34 AM.

  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP