Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help..............


  • This topic is locked This topic is locked
9 replies to this topic

#1 mattyb

mattyb

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 20 July 2007 - 02:20 AM

Hi guys,

Any help would be aprreciated, i am running Vista Business and am getting over run by pop up advertising, i have run Adaware and Spybot with no success?????

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:46 PM, on 20/07/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\MATHEW~1.INT\AppData\Local\Temp\Rar$EX00.683\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\mathewb.INTEGRAL\Desktop\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [bone thunk axis copy] "C:\ProgramData\Default Bash Htm.0lydlhn"
O4 - HKLM\..\Run: [EACH STUPID BOOB COPY] "C:\ProgramData\load intra atom.uh4yg9"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Integral.local
O17 - HKLM\Software\..\Telephony: DomainName = Integral.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Integral.local
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7072 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 20 July 2007 - 08:53 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum mattyb :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

We first need to be able to see 'Hidden Files and Folders',please follow the info in the link below.
How to see hidden files in Windows Vista:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows-vista/

Now find and delete:
C:\ProgramData\Default Bash Htm.0lydlhn
C:\ProgramData\load intra atom.uh4yg9

-------------------------------------------------

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O4 - HKLM\..\Run: [bone thunk axis copy] "C:\ProgramData\Default Bash Htm.0lydlhn"
O4 - HKLM\..\Run: [EACH STUPID BOOB COPY] "C:\ProgramData\load intra atom.uh4yg9"

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.
Also post a new Hijackthis log,let me know how your pc is running now.

Posted Image
Posted Image

#3 mattyb

mattyb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 22 July 2007 - 08:36 PM

Thanks some much RichieUK, i have followed your instructions and this appears to have been succesful as pop up are no longer, i have pasted the logs below as requested. I have noted in the progam data folder there is lots of other files starting with remotebashbash, should i delete these also?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/23/2007 at 09:28 AM

Application Version : 3.9.1008

Core Rules Database Version : 3272
Trace Rules Database Version: 1283

Scan type : Complete Scan
Total Scan Time : 01:03:29

Memory items scanned : 777
Memory threats detected : 0
Registry items scanned : 7582
Registry threats detected : 0
File items scanned : 63424
File threats detected : 88

Adware.Tracking Cookie
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\mathewb@ad.zanox[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\mathewb@eas.apm.emediate[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\mathewb@precisionclick[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\mathewb@azjmp[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ad.abum[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ad.bannerconnect[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ad.media-servers[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ad.scanmedios[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ad.uk.tangozebra[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ad.zanox[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@adecn[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@adinterax[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ads.hairboutique[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ads.mediamayhemcorp[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ads1.partnerlogic[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@adultadworld[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@apmebf[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@atdmt[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@atwola[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@au.hwstats[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@azjmp[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@bizrate[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@centrebet.advertserve[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@clickaider[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@clicksor[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@clicktorrent[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@cracker.com[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@crackserialkeygen[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ddl.warezamp[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@drivecleaner[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@eas.apm.emediate[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@easy-hit-counters[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@easywarez[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ffxcam.cracker.com[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@imrworldwide[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@incutrack.getprice.com[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@indexstats[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@indextools[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@itxt.vibrantmedia[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@jamster.com[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@medbanner[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@media.sensis.com[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@mediaonenetwork[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@msnportal.112.2o7[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@mtr.splash.sexsearch[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@ninacamic.freestats[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@overture[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@pamedia.com[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@partypoker[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@pornorip[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@precisionclick[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@roiservice[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@rotator.adjuggler[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@sensismediasmart.com[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@sexotorrent[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@shippers.advertserve[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@spanishtracker[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@stats.drivecleaner[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@stats.sitesuite[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@track.webgains[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@tracker.mediatracker.co[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@tripod[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@usenext[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@warezfiend[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@warezleak[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@warez[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@webstats.thefa[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@wotifcom.112.2o7[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@wt.sexsearchcom[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.addfreestats[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.drivecleaner[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.drivecleaner[3].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.fullreleases[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.googleadservices[10].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.googleadservices[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.googleadservices[3].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.googleadservices[4].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.googleadservices[5].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.googleadservices[8].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.q-warez[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www.softlinkers[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www2.addfreestats[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@www8.addfreestats[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@xiti[1].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\Low\mathewb@xpmediacentre.com[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\mathewb@imrworldwide[2].txt
C:\Users\mathewb.INTEGRAL\AppData\Roaming\Microsoft\Windows\Cookies\mathewb@stats.drivecleaner[2].txt

Adware.WhenU
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:22 AM, on 23/07/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Windows\System32\notepad.exe
C:\Users\mathewb.INTEGRAL\Desktop\IT\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Integral.local
O17 - HKLM\Software\..\Telephony: DomainName = Integral.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Integral.local
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6793 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 23 July 2007 - 03:43 AM

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

* Close all other windows before proceeding.
* Double-click on dss.exe and follow the prompts.
* When it has finished, DSS will open two Notepads: main.txt and extra.txt
* Use 'Save As' to save both Notepad files to your Desktop and post them in your next reply.
Posted Image
Posted Image

#5 mattyb

mattyb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 23 July 2007 - 06:20 PM

Hi RichieUK,

Logs below as requested



Deckard's System Scanner v20070711.54
Run by MathewB on 2007-07-24 at 08:43:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
23: 2007-07-23 06:54:51 UTC - RP198 - manual restoe point 23rd July 2007
22: 2007-07-22 22:48:17 UTC - RP197 - Installed SUPERAntiSpyware Free Edition
21: 2007-07-21 02:36:21 UTC - RP196 - Scheduled Checkpoint
20: 2007-07-20 04:29:37 UTC - RP195 - before jas changes
19: 2007-07-20 01:03:50 UTC - RP194 - Removed Simply Budgets 1st Steps


-- First Restore Point --
1: 2007-07-18 01:24:34 UTC - RP169 - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-07-24 08:46:21
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\mathewb.INTEGRAL\Desktop\dss.exe
C:\Windows\System32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - (file missing)
O15 - Trusted Zone: https://gatekeeper.esign.com.au (HKCU)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O17 - HKLM\Software\..\Telephony: DomainName = Integral.local
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = Integral.local
O17 - HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: Domain = Integral.local
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = Integral.local
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: psfus - C:\Windows\System32\psqlpwd.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - "C:\Program Files\CA\eTrust Antivirus\InoRT.exe"
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - "C:\Program Files\CA\eTrust Antivirus\InoTask.exe"
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 INO_FLPY - c:\windows\system32\drivers\ino_flpy.sys <Not Verified; Computer Associates; CA eTrust eTrust Antivirus/InoculateIT version 7.X/6.X/4.X>
R1 SASDIFSV - \??\c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - \??\c:\program files\superantispyware\saskutil.sys
R2 INO_FLTR - \??\c:\windows\system32\drivers\ino_fltr.sys
R3 SASENUM - \??\c:\program files\superantispyware\sasenum.sys

S3 IO_Memory (Access Io_Memory Driver) - c:\windows\system32\drivers\io_memory.sys <Not Verified; Quanta Inc.; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 InoRPC (eTrust Antivirus RPC Server) - "c:\program files\ca\etrust antivirus\inorpc.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoRT (eTrust Antivirus Realtime Server) - "c:\program files\ca\etrust antivirus\inort.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 InoTask (eTrust Antivirus Job Server) - "c:\program files\ca\etrust antivirus\inotask.exe" <Not Verified; Computer Associates International, Inc.; eTrust Antivirus>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
R2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA>


-- Scheduled Tasks -------------------------------------------------------------

2007-07-24 08:45:25 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{FC58CB48-DB56-4B85-9FD3-F0A2B1F2FE3F}.job
2007-07-23 14:26:34 422 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{8B431EE4-054C-4694-9ED5-E00768CDA864}.job


-- Files created between 2007-06-24 and 2007-07-24 -----------------------------

2007-07-23 08:19:06 0 d-------- C:\Users\All Users\SUPERAntiSpyware.com
2007-07-23 08:18:39 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-07-23 08:18:02 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-20 14:06:01 0 d-------- C:\LSPFIX
2007-07-20 11:11:50 0 d-------- C:\IT
2007-07-20 10:47:22 0 d-------- C:\Users\All Users\NVIDIA
2007-07-20 10:16:17 0 d-------- C:\Program Files\InterMute
2007-07-19 11:21:46 0 d-------- C:\Users\All Users\Avg7
2007-07-19 08:51:25 0 d-------- C:\Users\All Users\Grisoft
2007-07-18 13:47:15 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2007-07-18 11:56:30 0 d-------- C:\Program Files\Lavasoft
2007-07-18 11:56:29 0 d-------- C:\Users\All Users\Lavasoft
2007-07-18 11:46:44 0 d-------- C:\Operations
2007-07-18 11:02:23 0 d-------- C:\Program Files\iPod(107)
2007-07-18 11:02:21 0 d-------- C:\Program Files\iTunes(108)
2007-07-18 10:59:01 0 d-------- C:\Program Files\QuickTime(112)
2007-07-18 10:54:07 0 d-------- C:\Program Files\Common Files\Apple
2007-07-17 19:05:13 0 d-------- C:\Users\All Users\Enc Size Copy Pure
2007-07-17 19:04:48 0 d-------- C:\Program Files\eqidolscr
2007-07-17 19:04:47 0 d-------- C:\Users\All Users\eqidolscr
2007-07-16 16:51:55 0 d-------- C:\Program Files\GSpot
2007-07-16 16:49:16 0 d-------- C:\Program Files\VideoLAN
2007-07-11 12:25:48 0 d--h----- C:\Users\mathewb.INTEGRAL\Temp
2007-07-10 10:35:27 0 d-------- C:\Program Files\AC3Filter
2007-07-09 11:40:07 0 d-------- C:\Digital Certificate
2007-07-05 16:32:50 0 d-------- C:\Users\All Users\ediTariff
2007-07-05 14:39:40 0 d-------- C:\Program Files\Microsoft Encarta
2007-07-04 16:48:42 6141 --a------ C:\Users\mathewb.INTEGRAL\1183533522-(null)
2007-07-04 16:48:42 16476 --a------ C:\Users\mathewb.INTEGRAL\1183533522-(null) - Copy
2007-07-04 16:48:42 20848 --a------ C:\Users\mathewb.INTEGRAL\1183533522-(null) - Copy (5)
2007-07-04 16:48:42 9232 --a------ C:\Users\mathewb.INTEGRAL\1183533522-(null) - Copy (4)
2007-07-04 16:48:42 15980 --a------ C:\Users\mathewb.INTEGRAL\1183533522-(null) - Copy (3)
2007-07-04 16:48:42 5960 --a------ C:\Users\mathewb.INTEGRAL\1183533522-(null) - Copy (2)
2007-07-04 16:48:42 16532 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy (9)
2007-07-04 16:48:42 5880 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy (8)
2007-07-04 16:48:41 6989 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null)
2007-07-04 16:48:41 8888 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy
2007-07-04 16:48:41 18512 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy (7)
2007-07-04 16:48:41 7201 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy (6)
2007-07-04 16:48:41 20708 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy (5)
2007-07-04 16:48:41 9913 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy (4)
2007-07-04 16:48:41 8400 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy (3)
2007-07-04 16:48:41 4477 --a------ C:\Users\mathewb.INTEGRAL\1183533521-(null) - Copy (2)
2007-07-04 15:58:26 7201 --a------ C:\Users\mathewb.INTEGRAL\1183530506-(null)
2007-07-04 15:58:26 18512 --a------ C:\Users\mathewb.INTEGRAL\1183530506-(null) - Copy
2007-07-04 15:41:58 0 d-------- C:\Program Files\Avanquest update
2007-07-04 15:40:28 0 d-------- C:\Users\All Users\BVRP Software
2007-07-04 15:38:53 20708 --a------ C:\Users\mathewb.INTEGRAL\1183529332-(null) - Copy (7)
2007-07-04 15:38:52 92312 --a------ C:\Users\mathewb.INTEGRAL\1183529332-(null) - Copy
2007-07-04 15:38:52 9913 --a------ C:\Users\mathewb.INTEGRAL\1183529332-(null) - Copy (6)
2007-07-04 15:38:52 8400 --a------ C:\Users\mathewb.INTEGRAL\1183529332-(null) - Copy (5)
2007-07-04 15:38:52 4477 --a------ C:\Users\mathewb.INTEGRAL\1183529332-(null) - Copy (4)
2007-07-04 15:38:52 8888 --a------ C:\Users\mathewb.INTEGRAL\1183529332-(null) - Copy (3)
2007-07-04 15:38:52 6989 --a------ C:\Users\mathewb.INTEGRAL\1183529332-(null) - Copy (2)
2007-07-04 15:06:09 0 d-------- C:\Program Files\Common Files\Motorola Shared
2007-07-04 15:06:07 0 d-------- C:\Program Files\Motorola
2007-07-03 15:34:31 0 d-------- C:\Users\All Users\Ahead
2007-07-03 15:28:32 0 d-------- C:\Users\All Users\Nero
2007-07-03 15:16:34 0 d-------- C:\Program Files\DAEMON Tools
2007-07-03 15:05:20 682232 --a------ C:\Windows\system32\drivers\sptd.sys
2007-07-03 14:29:36 0 d-------- C:\Program Files\Alcohol Soft
2007-07-03 05:11:13 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-07-03 05:07:41 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-03 05:07:41 73728 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-03 05:07:35 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-03 05:07:35 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-03 05:07:35 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-03 05:07:35 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-03 05:06:50 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-07-02 11:32:01 0 d-------- C:\Program Files\jetpcl
2007-07-02 11:32:00 221184 -ra------ C:\Windows\system32\tiff32.dll <Not Verified; Black Ice Software, Inc.; Black Ice Software, Inc. Tiff32>
2007-07-02 11:32:00 110592 -ra------ C:\Windows\system32\Jpeg32.dll
2007-07-02 11:32:00 219648 --a------ C:\Windows\system32\image32.dll
2007-07-02 11:32:00 237568 -ra------ C:\Windows\system32\Bitmani.dll <Not Verified; Black Ice Software, Inc.; Black Ice Software, Inc. Bitmani>
2007-07-02 11:23:16 1769472 --a------ C:\Windows\system32\vfpoledb.dll <Not Verified; Microsoft Corporation; Microsoft Visual FoxPro>
2007-07-02 11:23:16 3776512 --a------ C:\Windows\system32\VFP8T.DLL <Not Verified; Microsoft Corporation; Microsoft Visual FoxPro>
2007-07-02 11:23:16 1150976 --a------ C:\Windows\system32\VFP8RENU.DLL <Not Verified; Microsoft Corporation; Microsoft Visual FoxPro>
2007-07-02 11:23:16 4300800 --a------ C:\Windows\system32\VFP8R.DLL <Not Verified; Microsoft Corporation; Microsoft Visual FoxPro>
2007-07-02 11:23:14 1700352 --a------ C:\Windows\system32\GDIPLUS.DLL <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-02 11:23:14 1257472 --a------ C:\Windows\system32\exgrid.dll <Not Verified; Exontrol Inc.; ExGrid Module>
2007-07-02 11:05:55 0 d-------- C:\Program Files\Citrix
2007-06-29 13:52:37 0 d-------- C:\Windows\Lhsp
2007-06-29 13:49:09 0 d-------- C:\Windows\system32\URTTEMP
2007-06-29 09:47:54 0 d-------- C:\Program Files\Microsoft IntelliType Pro
2007-06-28 14:42:50 5880 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null)
2007-06-28 14:42:50 16532 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy
2007-06-28 14:42:50 8888 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (9)
2007-06-28 14:42:50 6989 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (8)
2007-06-28 14:42:50 20848 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (7)
2007-06-28 14:42:50 9232 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (6)
2007-06-28 14:42:50 15884 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (5)
2007-06-28 14:42:50 5813 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (4)
2007-06-28 14:42:50 16572 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (3)
2007-06-28 14:42:50 6209 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (2)
2007-06-28 14:42:50 20708 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (13)
2007-06-28 14:42:50 9913 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (12)
2007-06-28 14:42:50 8400 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (11)
2007-06-28 14:42:50 4477 --a------ C:\Users\mathewb.INTEGRAL\1183007570-(null) - Copy (10)
2007-06-28 14:42:50 7201 --a------ C:\Users\mathewb.INTEGRAL\1183007569-(null)
2007-06-28 14:42:50 18512 --a------ C:\Users\mathewb.INTEGRAL\1183007569-(null) - Copy
2007-06-28 14:28:43 0 d-------- C:\Program Files\Motorola Phone Tools
2007-06-28 14:25:50 25600 --a------ C:\Users\mathewb.INTEGRAL\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-06-28 14:25:50 5936 --a------ C:\Users\mathewb.INTEGRAL\mqdmwhnt.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-06-28 14:25:50 79328 --a------ C:\Users\mathewb.INTEGRAL\mqdmserd.sys <Not Verified; MCCI; Motorola USB Diag>
2007-06-28 14:25:50 92064 --a------ C:\Users\mathewb.INTEGRAL\mqdmmdm.sys <Not Verified; MCCI; Motorola USB Modem>
2007-06-28 14:25:50 9232 --a------ C:\Users\mathewb.INTEGRAL\mqdmmdfl.sys <Not Verified; MCCI; Motorola USB Modem Filter>
2007-06-28 14:25:50 4048 --a------ C:\Users\mathewb.INTEGRAL\mqdmcr.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-06-28 14:25:50 6208 --a------ C:\Users\mathewb.INTEGRAL\mqdmcmnt.sys <Not Verified; MCCI; Motorola USB DIAG>
2007-06-28 14:25:50 66656 --a------ C:\Users\mathewb.INTEGRAL\mqdmbus.sys <Not Verified; MCCI; Motorola DM Composite Driver>
2007-06-28 14:25:48 22768 --a------ C:\Users\mathewb.INTEGRAL\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2007-06-28 10:16:55 0 d-------- C:\Personal
2007-06-28 09:10:00 0 d-------- C:\Scanned Documnets
2007-06-28 08:38:58 0 d-------- C:\Program Files\iPod
2007-06-28 08:38:56 0 d-------- C:\Program Files\iTunes
2007-06-28 08:37:31 0 d-------- C:\Program Files\QuickTime
2007-06-28 08:36:29 0 d-------- C:\Program Files\Apple Software Update
2007-06-28 08:36:03 0 d-------- C:\Users\All Users\Apple Computer
2007-06-28 08:33:50 0 d-------- C:\Program Files\Microsoft IntelliPoint
2007-06-28 08:24:56 0 d-------- C:\Program Files\Nero
2007-06-28 08:24:56 0 d-------- C:\Program Files\Common Files\Ahead
2007-06-28 08:12:58 0 d-------- C:\Program Files\DivX
2007-06-27 21:09:17 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-27 21:09:12 0 d-------- C:\Users\All Users\Adobe
2007-06-27 20:32:38 0 d-------- C:\Users\All Users\Azureus
2007-06-27 20:31:59 0 d-------- C:\Program Files\Azureus
2007-06-27 20:07:41 0 d-------- C:\Windows\Sun
2007-06-27 15:50:09 0 dr------- C:\Users\Mathewb.MathewB-PC\Searches
2007-06-27 15:49:55 0 dr------- C:\Users\Mathewb.MathewB-PC\Contacts
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\Templates
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\Start Menu
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\SendTo
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\Recent
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\PrintHood
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\NetHood
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\My Documents
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\Local Settings
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\Cookies
2007-06-27 15:49:45 0 d--hs---- C:\Users\Mathewb.MathewB-PC\Application Data
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Videos
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Saved Games
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Pictures
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Music
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Links
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Favorites
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Downloads
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Documents
2007-06-27 15:49:44 0 dr------- C:\Users\Mathewb.MathewB-PC\Desktop
2007-06-27 15:49:44 0 d--h----- C:\Users\Mathewb.MathewB-PC\AppData
2007-06-27 15:49:43 786432 --ahs---- C:\Users\Mathewb.MathewB-PC\ntuser.dat
2007-06-27 15:24:50 0 d-------- C:\Program Files\Eagle Datamation International
2007-06-27 12:26:28 0 d-------- C:\Administration and Accounts
2007-06-27 12:20:19 0 d-------- C:\Adam Internet
2007-06-27 12:11:07 0 d-------- C:\Program Files\Panasonic
2007-06-27 12:11:00 0 d-------- C:\Panasonic
2007-06-27 12:06:21 0 d-------- C:\Clients
2007-06-27 11:55:56 0 d-------- C:\Program Files\CA
2007-06-27 10:29:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-06-27 10:27:26 0 d-------- C:\Windows\PCHEALTH
2007-06-27 10:27:26 0 d-------- C:\Program Files\Microsoft.NET
2007-06-27 10:24:40 0 dr-h----- C:\MSOCache
2007-06-27 10:08:34 0 d-------- C:\Windows\system32\appmgmt
2007-06-27 09:42:07 0 dr------- C:\Users\mathewb.INTEGRAL\Searches
2007-06-27 09:41:51 0 dr------- C:\Users\mathewb.INTEGRAL\Contacts
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\Templates
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\Start Menu
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\SendTo
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\Recent
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\PrintHood
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\NetHood
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\My Documents
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\Local Settings
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\Cookies
2007-06-27 09:41:31 0 d--hs---- C:\Users\mathewb.INTEGRAL\Application Data
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Videos
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Saved Games
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Pictures
2007-06-27 09:41:29 3145728 --ahs---- C:\Users\mathewb.INTEGRAL\ntuser.dat
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Music
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Links
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Favorites
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Downloads
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Documents
2007-06-27 09:41:29 0 dr------- C:\Users\mathewb.INTEGRAL\Desktop
2007-06-27 09:41:29 0 d--h----- C:\Users\mathewb.INTEGRAL\AppData
2007-06-27 09:03:02 0 d-------- C:\Program Files\MSXML 4.0
2007-06-27 08:47:11 0 d-------- C:\Program Files\Synaptics
2007-06-27 08:46:23 0 d-------- C:\Program Files\Protector Suite QL
2007-06-27 08:46:14 0 d-------- C:\Users\All Users\UIB
2007-06-27 08:42:12 12 --a------ C:\Windows\bthservsdp.dat
2007-06-27 08:41:59 106496 --a------ C:\Windows\system32\tosmreg.exe <Not Verified; Toshiba; Tosmreg>
2007-06-27 08:41:59 45056 --a------ C:\Windows\system32\csellang.dll
2007-06-27 08:41:59 491520 --a------ C:\Windows\system32\cselect.exe <Not Verified; Toshiba Corporation; toshiba cselect>
2007-06-27 08:38:15 0 d-------- C:\Windows\SoftwareDistribution
2007-06-27 08:37:47 0 d-------- C:\Windows\CSC


-- Find3M Report ---------------------------------------------------------------

2007-07-24 08:46:33 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Azureus
2007-07-23 13:01:19 56405 --a------ C:\Users\mathewb.INTEGRAL\AppData\Roaming\nvModes.001
2007-07-23 08:18:39 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\SUPERAntiSpyware.com
2007-07-20 10:33:31 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Grisoft
2007-07-20 08:30:52 56405 --a------ C:\Users\mathewb.INTEGRAL\AppData\Roaming\nvModes.dat
2007-07-19 14:34:45 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Uniblue
2007-07-18 14:12:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-18 11:10:33 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Apple Computer
2007-07-16 16:50:32 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\vlc
2007-07-11 16:40:16 0 d-------- C:\Program Files\Windows Mail
2007-07-10 19:47:56 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\DivX
2007-07-04 15:49:33 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\InstallShield
2007-07-03 21:13:55 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Ahead
2007-06-29 19:54:28 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\InterVideo
2007-06-29 13:52:46 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Macromedia
2007-06-27 21:03:25 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Adobe
2007-06-27 21:01:15 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\AdobeUM
2007-06-27 14:10:02 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\WinRAR
2007-06-27 09:41:54 0 d-------- C:\Users\mathewb.INTEGRAL\AppData\Roaming\Identities
2007-06-27 09:11:57 0 d-------- C:\Program Files\Windows Defender
2007-06-27 08:42:18 0 d-------- C:\Program Files\TOSHIBA
2007-06-27 08:41:41 0 d-------- C:\Program Files\CONEXANT
2007-06-26 16:51:42 0 d-------- C:\Program Files\InterVideo


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,57,69,\
"NDSTray.exe"="NDSTray.exe"
"TOSHIBA Volume Indicator"="\"C:\\Program Files\\Toshiba\\Utilities\\VolControl.exe\""
"TPwrMain"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,54,4f,53,48,49,\
"HSON"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,54,4f,53,48,49,42,\
"SmoothView"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,54,6f,73,68,\
"00TCrdMain"=hex(2):25,50,72,6f,67,72,61,6d,46,69,6c,65,73,25,5c,54,4f,53,48,\
"PSQLLauncher"="\"C:\\Program Files\\Protector Suite QL\\launcher.exe\" /startup"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"Realtime Monitor"="C:\\PROGRA~1\\CA\\ETRUST~1\\realmon.exe -s"
@=""
"IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"itype"="\"C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sidebar"="C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun"
"TOSCDSPD"="TOSCDSPD.EXE"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=dword:00000002
"ConsentPromptBehaviorUser"=dword:00000001
"EnableInstallerDetection"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"scforceoption"=dword:00000000
"FilterAdministratorToken"=dword:00000000
"DisableCAD"=dword:00000001
"EnableLUA"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=dword:00000001
"CF_BITMAP"=dword:00000002
"CF_OEMTEXT"=dword:00000007
"CF_DIB"=dword:00000008
"CF_PALETTE"=dword:00000009
"CF_UNICODETEXT"=dword:0000000d
"CF_DIBV5"=dword:00000011

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="credssp.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Notification Packages REG_MULTI_SZ scecli\0psqlpwd\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0tspkg\0\0
Authentication Packages REG_MULTI_SZ msv1_0\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AppInfo
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\KeyIso
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\NTDS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ProfSvc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sacsvr
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SWPRV
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TabletInputService
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TBS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\TrustedInstaller
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgr.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\volmgrx.sys
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ nsi\0lltdsvc\0SSDPSRV\0upnphost\0SCardSvr\0w32time\0EventSystem\0RemoteRegistry\0WinHttpAutoProxySvc\0lanmanworkstation\0TBS\0SLUINotify\0THREADORDER\0fdrespub\0netprofm\0fdphost\0wcncsvc\0QWAVE\0WebClient\0\0
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv\0UxSms\0WdiSystemHost\0Netman\0trkwks\0AudioEndpointBuilder\0WUDFSvc\0irmon\0sysmain\0IPBusEnum\0dot3svc\0PcaSvc\0CscService\0TabletInputService\0UmRdpService\0wlansvc\0WPDBusEnum\0EMDMgmt\0\0
NetworkServiceNetworkRestricted REG_MULTI_SZ PolicyAgent\0\0
LocalServiceNoNetwork REG_MULTI_SZ PLA\0DPS\0BFE\0mpssvc\0\0
NetworkService REG_MULTI_SZ CryptSvc\0DHCP\0TermService\0KtmRm\0DNSCache\0NapAgent\0nlasvc\0WinRM\0WECSVC\0Tapisrv\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WerSvcGroup REG_MULTI_SZ wersvc\0\0
swprv REG_MULTI_SZ swprv\0\0
LocalServiceNetworkRestricted REG_MULTI_SZ DHCP\0eventlog\0AudioSrv\0LmHosts\0wscsvc\0p2pimsvc\0PNRPSvc\0p2psvc\0PnrpAutoReg\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
regsvc REG_MULTI_SZ RemoteRegistry\0\0
wcssvc REG_MULTI_SZ WcsPlugInService\0\0
DcomLaunch REG_MULTI_SZ PlugPlay\0DcomLaunch\0\0
wdisvc REG_MULTI_SZ WdiServiceHost\0\0
sdrsvc REG_MULTI_SZ sdrsvc\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
secsvcs REG_MULTI_SZ WinDefend\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
AeLookupSvc
wercplsupport
CertPropSvc
SCPolicySvc
gpsvc
IKEEXT
LogonHours
PCAudit
iphlpsvc
AppInfo
msiscsi
MMCSS
ProfSvc
EapHost
SessionEnv
hkmsvc


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e3a1a4e-243a-11dc-8210-806e6f6e6963}]
shell\AutoRun\command setupSNK.exe


-- End of Deckard's System Scanner: finished at 2007-07-24 at 08:47:11 ---------

Deckard's System Scanner v20070711.54
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Business (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7200 @ 2.00GHz
Percentage of Memory in Use: 48%
Physical Memory (total/avail): 2045.56 MiB / 1048.8 MiB
Pagefile Memory (total/avail): 4312.85 MiB / 3088.19 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.31 MiB

C: is Fixed (NTFS) - 184.84 GiB total, 93.07 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 232.88 GiB total, 37.55 GiB free.
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AS: AVG Anti-Spyware v7, 5, 1, 43 (GRISOFT s.r.o.) Disabled Outdated
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\mathewb.INTEGRAL\AppData\Roaming
AVENGINE=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MATHEWB-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\mathewb.INTEGRAL
INOCULAN=C:\PROGRA~1\CA\ETRUST~1
LOCALAPPDATA=C:\Users\mathewb.INTEGRAL\AppData\Local
LOGONSERVER=\\IL-SBS
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\MATHEW~1.INT\AppData\Local\Temp
TMP=C:\Users\MATHEW~1.INT\AppData\Local\Temp
USERDNSDOMAIN=INTEGRAL.LOCAL
USERDOMAIN=INTEGRAL
USERNAME=MathewB
USERPROFILE=C:\Users\mathewb.INTEGRAL
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Mathewb.MathewB-PC (admin)
mathewb.INTEGRAL


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-aware 6 Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CA eTrust Antivirus --> MsiExec.exe /X{99747F0D-D4F8-4877-9CA0-4AE96D963633}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HUFSetup.EXE -U -IBD1VHDza.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
GoToMeeting/GoToWebinar 3.0.0.198 --> C:\Program Files\Citrix\GoToMeeting\198\G2MUninstall.exe /uninstall
HijackThis 2.0.2 --> "C:\Users\mathewb.INTEGRAL\Desktop\HijackThis.exe" /uninstall
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSENG.inf, Uninstall
Macromedia Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Encarta Reference Library 2006 DVD --> MsiExec.exe /I{06680081-3E21-46D6-9A91-D927BA08F41D}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
Nero 7 --> MsiExec.exe /X{A20A58C4-6784-4B4B-86CC-94E2E3671033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
Panasonic Communications Utility --> C:\Program Files\InstallShield Installation Information\{DEA90EEC-CA16-4092-9604-25B2ACC5273B}\setup.exe -runfromtemp -l0x0409
Panasonic Windows Firewall Setting Tool --> C:\Program Files\InstallShield Installation Information\{695603EE-5D13-4406-A034-B1346652CC4D}\setup.exe -runfromtemp -l0x0409
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045&SUBSYS_1179FF31\HXFSETUP.EXE -U -IBD1Vmz.inf
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator --> MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{617C36FD-0CBE-4600-84B2-441CEB12FADF} /l1033
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EB0B41B1-E84F-483C-91FF-BB83019EE127} /l1033
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{BE998F99-4CEB-4E64-B717-493A2E9797F4} /l1033
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
TOSHIBA Volume Indicator --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{98708E86-46E1-479D-B897-9802E591E762} /l1033
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinDVD for TOSHIBA --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- End of Deckard's System Scanner: finished at 2007-07-24 at 08:47:11 ---------

Edited by mattyb, 23 July 2007 - 06:21 PM.


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 24 July 2007 - 04:27 AM

Find and delete:
C:\Users\All Users\Enc Size Copy Pure

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\Windows\system32\Jpeg32.dll
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply.

If Jotti's too busy,try here:
http://www.virustotal.com/en/virustotalf.html
Click on the 'Analysis' tab.
Using the 'Browse' button,browse to:
C:\Windows\system32\Jpeg32.dll
Then click on 'Send File'.
Post the results into your next reply.

Also post a fresh Hijackthis log please.
Posted Image
Posted Image

#7 mattyb

mattyb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 24 July 2007 - 06:27 PM

Hi RichiUK,

I could not find the file (i have veiwed hidden files) you instructed to delete in C:\Users\All Users\Enc Size Copy Pure, it isn't there?

Service load: 0% 100%

File: Jpeg32.dll
Status: OK
MD5: ab4b7a6f390c46b7de89669d43142419
Packers detected: -
Bit9 reports: File not found

Scanner results
Scan taken on 24 Jul 2007 23:07:21 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Last file scanned at least one scanner reported something about: Proof_of_Concept_-_All_In_One_Hack.rar (MD5: 50ebdc7c03e3404387feecd7337131c0, size: 119228 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus Generic5.HXL
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:56:01 AM, on 25/07/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilities\VolControl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CA\eTrust Antivirus\Realmon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\IT\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TOSHIBA Volume Indicator] "C:\Program Files\Toshiba\Utilities\VolControl.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Panasonic Communications Utility.lnk = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Integral.local
O17 - HKLM\Software\..\Telephony: DomainName = Integral.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Integral.local
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7450 bytes

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 24 July 2007 - 06:45 PM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
dss.exe
main.txt
extra.txt


Now please reverse the following:
How to see hidden files in Windows Vista:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows-vista/

Turn off Windows Vista System Restore:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

Turn on Windows Vista System Restore:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK
Posted Image
Posted Image

#9 mattyb

mattyb
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:29 AM

Posted 24 July 2007 - 07:18 PM

OK have followed the instrutions, seems to be working great.....thankyou so much RichieUK you are a life saver!!!!!

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 24 July 2007 - 07:55 PM

You're welcome :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users