Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with thinkpoint, hotfix.exe not a process


  • This topic is locked This topic is locked
19 replies to this topic

#1 markp

markp

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 05 December 2010 - 03:22 PM

I have a laptop, toshiba, with windows XP. 30 days ago I had a trojan redirector, maybe sheur?? or zlob, and removed most of it, but still had some redirecting issues with the browser but I had to restart the laptop all the time if the CD player wouldn't work. when I rebooted it would work. Now I have been infected with THINKPOINT in spite of AVG free. I didn't pay for the thinkpoint program, but it installed something before I could stop it. I have your tutorial but when I open task manager and processes I don't see the hotfix.exe in the list. Otherwise I was able to get into safe mode today and run malware but I don't think I was able to reboot properly since I have the same thinkpoint screen again, telling me I should defrag, against a black screen. three weeks ago I followed your tutorials in general and ran all the usual removals with smitfix, and malware remover and super spyagent. since I will be in safe mode maybe I can send you those old logs, but I am not sure what safe mode will allow. I am sending this on another laptop and I can get into safe mode on the infected laptop. thanks for any assistance and advice you have.

BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:34 AM

Posted 13 December 2010 - 10:59 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 13 December 2010 - 09:33 PM

I am adding these files quickly while I am able to post. I can use the computer briefly and then it starts shutting down after directing me to walmart gift cards etc. thanks for your help.

Attached Files



#4 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 13 December 2010 - 09:35 PM

I was able to copy the dds file and will post it here, it that is what I am supposed to do. the other two requested files are attached. thanks.


DDS (Ver_10-12-12.02) - NTFSx86
Run by MARK at 21:21:51.28 on Mon 12/13/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2148 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rmctrl.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\rundll32.exe
E:\DOCUME~1\MARK\MYDOCU~1\Temp\ajyWlxBiFK.exe
E:\DOCUME~1\MARK\MYDOCU~1\Temp\2943296.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\aoltbServer.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MARK\Local Settings\Temporary Internet Files\Content.IE5\6HSONQWC\dds[1].scr

============== Pseudo HJT Report ===============

uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IDXHlprObj Class: {31816979-f864-4acf-919f-d0b3b56432e6} - c:\windows\downloaded program files\IDXIEController.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: DictateBHO: {e12a882b-f14f-4440-9bc0-84a5eb766605} - c:\windows\downloaded program files\DictateBar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: TouchWorks Dictate: {6f60c5c5-61b3-4378-8902-ed9497663ac9} - c:\windows\downloaded program files\DictateBar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {CB789373-04D5-4EF4-9C16-871463FD0830} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Network EPSON Stylus Photo RX...] c:\windows\system32\spool\drivers\w32x86\3\e_faticja.exe /fu "e:\docume~1\mark\mydocu~1\temp\E_S251.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [HistoryKill] "c:\program files\historykill 2010\histkill.exe" /startup
uRun: [Haudit] "c:\program files\history audit\Haudit.exe" /startup
uRun: [ClearAllHistory] c:\program files\clearallhistory\cah.exe
uRun: [Uxajoc] rundll32.exe "c:\windows\Tomsxsav.dll",Startup
uRun: [ajyWlxBiFK.exe] e:\docume~1\mark\mydocu~1\temp\ajyWlxBiFK.exe
uRun: [2943296] e:\docume~1\mark\mydocu~1\temp\2943296.exe
mRun: [TFncKy] c:\program files\toshiba\toshiba controls\TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] c:\program files\toshiba\configfree\NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [IVPServiceMgr] c:\toshiba\ivp\ism\ivpsvmgr.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HostManager] c:\program files\common files\aol\1140083713\ee\AOLSoftware.exe
mRun: [StorageGuard] "c:\program files\recordnow max platinum\storageguard\sgtray.exe" /r
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Mpekilesolasiwit] rundll32.exe "c:\windows\uhonaduq.dll",Startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: connwsp.dll
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} - TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - /Touchworks/DictateBar.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-1 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-1 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-1 243024]
R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-2-27 2944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2008-11-13 419448]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-1 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-1 308136]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-5-24 36368]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2007-5-24 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2007-5-24 673456]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2007-12-8 598856]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2007-5-24 2234800]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2007-5-3 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2007-5-3 37248]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-12-31 9472]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-9-21 16640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S2 SprintPort;SprintPort Serial Driver;\??\c:\program files\sprint\pcs connection manager\sprintport\winport.sys --> c:\program files\sprint\pcs connection manager\sprintport\WINPORT.SYS [?]
S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2008-8-15 103936]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-11-1 16512]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-10-25 18864]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [2007-5-3 11648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [2008-8-15 43904]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-6-29 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-6-29 73856]

=============== Created Last 30 ================

2010-12-08 02:48:18 0 ----a-w- c:\windows\Tyesahazuyos.bin
2010-12-08 01:31:26 1409 ----a-w- c:\windows\QTFont.for
2010-12-05 07:17:29 -------- d-----w- c:\docume~1\mark\locals~1\applic~1\{D859E048-C74D-4978-9446-4E796E5D186E}
2010-12-05 07:09:32 259 ----a-w- c:\docume~1\mark\applic~1\agtyjkj.bat
2010-12-05 02:08:07 0 ----a-w- C:\~GLHTTP1.TMP
2010-12-03 06:04:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-03 06:04:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-03 00:40:32 -------- d-----w- c:\program files\Bullzip
2010-12-02 23:30:02 -------- d-----w- c:\documents and settings\mark\IECompatCache
2010-11-21 07:22:55 -------- d-----w- c:\program files\common files\VST3
2010-11-21 07:22:53 -------- d-----w- c:\program files\common files\VST2
2010-11-21 07:22:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Celemony Software GmbH
2010-11-21 07:22:25 -------- d-----w- c:\program files\common files\Celemony
2010-11-14 05:08:19 -------- d-sh--w- c:\documents and settings\mark\PrivacIE
2010-11-14 05:02:44 -------- d-sh--w- c:\documents and settings\mark\IETldCache
2010-11-14 04:48:37 -------- dc-h--w- c:\windows\ie8
2010-11-14 04:39:28 -------- d-----w- c:\docume~1\mark\locals~1\applic~1\AOL Toolbar
2010-11-14 03:55:02 -------- d-----w- c:\program files\AOL Toolbar
2010-11-14 03:55:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\AOL Toolbar
2010-11-14 03:54:58 -------- d-----w- c:\program files\common files\Software Update Utility
2010-11-14 03:54:54 -------- d--h--w- c:\windows\msdownld.tmp

==================== Find3M ====================

2010-12-08 02:21:40 5148 ----a-w- c:\windows\system32\tmp.reg
2009-11-14 22:02:16 564064 ----a-w- c:\program files\googleupdatesetup.exe
2009-11-08 15:25:44 4832728 ----a-w- c:\program files\MagicSharpener_Demo_Setup.exe
2009-10-06 06:43:09 5215869 ----a-w- c:\program files\FSViewerSetup39.exe
2009-10-04 06:09:14 4288632 ----a-w- c:\program files\VLCfree_8676.exe
2009-09-22 12:33:37 46222592 ----a-w- c:\program files\SSV_Windows2.25.0046_AU.exe
2009-09-21 05:17:12 5622500 ----a-w- c:\program files\streaming-audio-recorder_full383.exe
2009-08-30 02:19:17 7509681 ----a-w- c:\program files\FreeYouTubeDownload.exe
2009-08-30 01:07:12 1241914 ----a-w- c:\program files\DVDRegionFree59.exe
2009-08-29 04:04:31 6278168 ----a-w- c:\program files\dcloner.exe
2009-08-29 03:58:09 2885285 ----a-w- c:\program files\dvdsmith-movie-backup.exe
2009-08-24 21:01:56 3301888 ----a-w- c:\program files\freehiqrec.exe
2009-07-08 04:10:27 44531 ----a-w- c:\program files\DVDFull.exe
2009-06-06 01:54:35 9733504 ----a-w- c:\program files\AC881_F1_2_3_15Cap.exe
2009-05-02 20:36:49 297472 ----a-w- c:\program files\MyFonts Order M1488242.msi
2009-05-01 05:23:27 3095462 ----a-w- c:\program files\MagicDVDCopier492.exe
2009-05-01 04:32:08 1379841 ----a-w- c:\program files\freedvdripper.exe
2009-05-01 04:08:01 8818696 ----a-w- c:\program files\burnaware_free.exe
2009-04-30 05:58:39 12037384 ----a-w- c:\program files\scrb7000.exe
2009-04-24 04:03:44 9506112 ----a-w- c:\program files\SetupExpertGPS.exe
2005-05-13 22:12:00 217073 -csha-r- c:\windows\meta4.exe
2005-10-24 16:13:58 66560 -csha-r- c:\windows\MOTA113.exe
2005-10-14 02:27:00 422400 -csha-r- c:\windows\x2.64.exe
2005-10-08 00:14:52 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 17:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_MHV2100BH rev.00000028 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8B336EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x87ae1872; SUB DWORD [EBP-0x4], 0x87ae112e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 nt!IofCallDriver[0x804E13A7] -> \Device\Harddisk0\DR0[0x8B571AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13A7] -> \Device\000000a8[0x8B4F91B8]
5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13A7] -> [0x8B575D98]
[0x8B439BE0] -> IRP_MJ_CREATE -> 0x8B336EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2100BH_______________________00000028#5&35291d97&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8B336AEA
user & kernel MBR OK
sectors 195371566 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 21:24:23.52 ===============

#5 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:34 PM

Posted 14 December 2010 - 11:51 AM

Hi,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#6 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 15 December 2010 - 12:52 AM

I was able to perform the combofix and do another DDS. I now see that the my desktop photo screen has reappeared. Since I have had the virus, I have had a generic green background. Now my picture is restored, but I have no icons on my desktop view. If I go to desktop through explore, the icons are still there, but my actual screen is blank. I can now use internet explorer normally. When I open AOL, I can read email, but I can't use the AOL browser. Nothing opens.

Also since I have had the virus, at startup I get a popup saying "initialization error" and I am able to click out of the error. I also have had constant messages about a problem with system32, and something about DrWatson having a problem. I shall see if those messages persist.

now for the logs.


DDS (Ver_10-12-12.02) - NTFSx86
Run by MARK at 0:38:16.12 on Wed 12/15/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2354 [GMT -5:00]

AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rmctrl.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\1140083713\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HistoryKill 2010\histkill.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Smith Micro\StuffIt11\ArcNameService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol toolbar\aoltbServer.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MARK\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/
uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: IDXHlprObj Class: {31816979-f864-4acf-919f-d0b3b56432e6} - c:\windows\downloaded program files\IDXIEController.DLL
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: DictateBHO: {e12a882b-f14f-4440-9bc0-84a5eb766605} - c:\windows\downloaded program files\DictateBar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: TouchWorks Dictate: {6f60c5c5-61b3-4378-8902-ed9497663ac9} - c:\windows\downloaded program files\DictateBar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {CB789373-04D5-4EF4-9C16-871463FD0830} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Network EPSON Stylus Photo RX...] c:\windows\system32\spool\drivers\w32x86\3\e_faticja.exe /fu "e:\docume~1\mark\mydocu~1\temp\E_S251.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [HistoryKill] "c:\program files\historykill 2010\histkill.exe" /startup
uRun: [Haudit] "c:\program files\history audit\Haudit.exe" /startup
uRun: [ClearAllHistory] c:\program files\clearallhistory\cah.exe
uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TFncKy] c:\program files\toshiba\toshiba controls\TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] c:\program files\toshiba\configfree\NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [IVPServiceMgr] c:\toshiba\ivp\ism\ivpsvmgr.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [HostManager] c:\program files\common files\aol\1140083713\ee\AOLSoftware.exe
mRun: [StorageGuard] "c:\program files\recordnow max platinum\storageguard\sgtray.exe" /r
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 10\PostUpdate.exe" 1014020
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: connwsp.dll
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} - TouchWorks/Common/Components/AtalaSoft/ImgXDialog61.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab
DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} - /TouchWorks/Common/Components/AtalaSoft/ImgX61.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - /Touchworks/DictateBar.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: ckpNotify - ckpNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2007-2-27 2944]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2008-11-13 419448]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2007-5-24 36368]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2007-5-24 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2007-5-24 673456]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2007-12-8 598856]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2007-5-24 2234800]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [2007-5-3 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [2007-5-3 37248]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-12-31 9472]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-9-21 16640]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-13 136176]
S2 SprintPort;SprintPort Serial Driver;\??\c:\program files\sprint\pcs connection manager\sprintport\winport.sys --> c:\program files\sprint\pcs connection manager\sprintport\WINPORT.SYS [?]
S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [2008-8-15 103936]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-11-1 16512]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-10-25 18864]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [2007-5-3 11648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [2008-8-15 43904]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2008-6-29 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2008-6-29 73856]

=============== Created Last 30 ================

2010-12-15 04:52:12 -------- d-sha-r- C:\cmdcons
2010-12-15 04:48:41 98816 ----a-w- c:\windows\sed.exe
2010-12-15 04:48:41 89088 ----a-w- c:\windows\MBR.exe
2010-12-15 04:48:41 256512 ----a-w- c:\windows\PEV.exe
2010-12-15 04:48:41 161792 ----a-w- c:\windows\SWREG.exe
2010-12-14 05:04:35 -------- d-----w- c:\docume~1\mark\locals~1\applic~1\Real
2010-12-14 05:02:12 -------- d-----w- c:\program files\common files\xing shared
2010-12-08 02:48:18 0 ----a-w- c:\windows\Tyesahazuyos.bin
2010-12-03 06:04:26 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-03 06:04:26 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-03 00:40:32 -------- d-----w- c:\program files\Bullzip
2010-12-02 23:30:02 -------- d-----w- c:\documents and settings\mark\IECompatCache
2010-11-21 07:22:55 -------- d-----w- c:\program files\common files\VST3
2010-11-21 07:22:53 -------- d-----w- c:\program files\common files\VST2
2010-11-21 07:22:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Celemony Software GmbH
2010-11-21 07:22:25 -------- d-----w- c:\program files\common files\Celemony

==================== Find3M ====================

2009-11-14 22:02:16 564064 ----a-w- c:\program files\googleupdatesetup.exe
2009-11-08 15:25:44 4832728 ----a-w- c:\program files\MagicSharpener_Demo_Setup.exe
2009-10-06 06:43:09 5215869 ----a-w- c:\program files\FSViewerSetup39.exe
2009-10-04 06:09:14 4288632 ----a-w- c:\program files\VLCfree_8676.exe
2009-09-22 12:33:37 46222592 ----a-w- c:\program files\SSV_Windows2.25.0046_AU.exe
2009-09-21 05:17:12 5622500 ----a-w- c:\program files\streaming-audio-recorder_full383.exe
2009-08-30 02:19:17 7509681 ----a-w- c:\program files\FreeYouTubeDownload.exe
2009-08-30 01:07:12 1241914 ----a-w- c:\program files\DVDRegionFree59.exe
2009-08-29 04:04:31 6278168 ----a-w- c:\program files\dcloner.exe
2009-08-29 03:58:09 2885285 ----a-w- c:\program files\dvdsmith-movie-backup.exe
2009-08-24 21:01:56 3301888 ----a-w- c:\program files\freehiqrec.exe
2009-07-08 04:10:27 44531 ----a-w- c:\program files\DVDFull.exe
2009-06-06 01:54:35 9733504 ----a-w- c:\program files\AC881_F1_2_3_15Cap.exe
2009-05-02 20:36:49 297472 ----a-w- c:\program files\MyFonts Order M1488242.msi
2009-05-01 05:23:27 3095462 ----a-w- c:\program files\MagicDVDCopier492.exe
2009-05-01 04:32:08 1379841 ----a-w- c:\program files\freedvdripper.exe
2009-05-01 04:08:01 8818696 ----a-w- c:\program files\burnaware_free.exe
2009-04-30 05:58:39 12037384 ----a-w- c:\program files\scrb7000.exe
2009-04-24 04:03:44 9506112 ----a-w- c:\program files\SetupExpertGPS.exe
2005-05-13 22:12:00 217073 -csha-r- c:\windows\meta4.exe
2005-10-24 16:13:58 66560 -csha-r- c:\windows\MOTA113.exe
2005-10-14 02:27:00 422400 -csha-r- c:\windows\x2.64.exe
2005-10-08 00:14:52 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 17:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

============= FINISH: 0:39:13.59 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2006 2:26:47 PM
System Uptime: 12/15/2010 12:22:55 AM (0 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel® CPU T2300 @ 1.66GHz | U1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 42 GiB total, 4.551 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 51 GiB total, 5.794 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Plus B209a-m
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart Plus B209a-m
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 2600n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2600n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:

==== System Restore Points ===================

RP1392: 9/15/2010 11:41:13 PM - System Checkpoint
RP1393: 9/17/2010 6:19:11 AM - System Checkpoint
RP1394: 9/19/2010 4:43:02 AM - System Checkpoint
RP1395: 9/20/2010 5:22:36 AM - System Checkpoint
RP1396: 9/21/2010 8:34:15 AM - System Checkpoint
RP1397: 9/22/2010 11:54:23 AM - System Checkpoint
RP1398: 9/23/2010 9:07:01 AM - Avg Update
RP1399: 9/23/2010 9:08:25 AM - Avg Update
RP1400: 9/23/2010 11:22:45 PM - Installed ClearAllHistory
RP1401: 9/25/2010 2:11:37 AM - System Checkpoint
RP1402: 9/26/2010 3:07:06 PM - System Checkpoint
RP1403: 9/27/2010 3:09:07 PM - System Checkpoint
RP1404: 9/29/2010 10:12:34 AM - System Checkpoint
RP1405: 9/30/2010 11:23:15 AM - System Checkpoint
RP1406: 10/1/2010 12:01:55 PM - System Checkpoint
RP1407: 10/2/2010 9:22:58 PM - System Checkpoint
RP1408: 10/4/2010 4:05:52 AM - System Checkpoint
RP1409: 10/4/2010 3:38:25 PM - Avg Update
RP1410: 10/6/2010 7:17:43 AM - System Checkpoint
RP1411: 10/7/2010 6:03:43 PM - System Checkpoint
RP1412: 10/9/2010 7:10:21 PM - System Checkpoint
RP1413: 10/13/2010 3:41:22 AM - System Checkpoint
RP1414: 10/13/2010 1:18:52 PM - Restore Operation
RP1415: 10/13/2010 9:54:45 PM - Avg Update
RP1416: 10/15/2010 2:36:48 PM - System Checkpoint
RP1417: 10/18/2010 3:26:36 PM - System Checkpoint
RP1418: 10/18/2010 11:42:03 PM - Removed ClearAllHistory
RP1419: 10/23/2010 1:07:13 AM - Restore Operation
RP1420: 10/26/2010 9:05:05 AM - System Checkpoint
RP1421: 10/27/2010 4:10:00 PM - System Checkpoint
RP1422: 10/29/2010 2:16:58 PM - System Checkpoint
RP1423: 11/4/2010 11:56:39 PM - System Checkpoint
RP1424: 11/7/2010 9:15:19 AM - System Checkpoint
RP1425: 11/7/2010 10:40:33 PM - Restore Operation
RP1426: 11/11/2010 2:12:58 AM - System Checkpoint
RP1427: 11/12/2010 9:06:48 PM - Restore Operation
RP1428: 11/13/2010 2:49:39 PM - Restore Operation
RP1429: 11/13/2010 11:50:25 PM - Installed Windows Internet Explorer 8.
RP1430: 11/15/2010 9:42:02 AM - System Checkpoint
RP1431: 11/20/2010 2:58:51 PM - Restore Operation
RP1432: 11/21/2010 5:05:43 PM - System Checkpoint
RP1433: 11/24/2010 3:08:25 AM - System Checkpoint
RP1434: 12/2/2010 5:55:36 AM - System Checkpoint
RP1435: 12/3/2010 1:01:54 AM - Restore Operation
RP1436: 12/6/2010 11:09:10 AM - System Checkpoint
RP1437: 12/7/2010 12:13:30 PM - System Checkpoint
RP1438: 12/14/2010 9:26:30 AM - System Checkpoint
RP1439: 12/14/2010 10:55:00 PM - Removed AVG Free 9.0
RP1440: 12/14/2010 10:58:50 PM - Removed AVG Free 9.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
a-squared Free 3.5
Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
AFPL Ghostscript 8.54
AFPL Ghostscript Fonts
Altysoft Free Video Converter 2.6
Amazing Slow Downer (remove only)
AnyDVD
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 3
AVS Audio CD Creator version 3.8
AVS Audio CD Grabber version 4.1
AVS Audio Converter version 5.1
AVS Audio Recorder version 3.8
AVS DVD Copy version 1.4
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS Video Editor 3.5
AVS4YOU Software Navigator 1.2
B209a-m
BB FlashBack
Best Buy Digital Music Store
Bluetooth Stack for Windows by Toshiba
Brother P-touch Editor 4.2
BufferChm
Canon CanoScan Toolbox 4.1
CD/DVD Drive Acoustic Silencer
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
ClearAllHistory
Critical Update for Windows Media Player 11 (KB959772)
Destinations
DeviceDiscovery
Dolet Light for Finale 2005
Download Updater (AOL LLC)
Driver Installer
DVD-CLONER V6.50 Build 983
DVD-RAM Driver
DVD Audio Extractor 3.1.0
DVD Shrink 3.2
DVDSmith Movie Backup 1.0.5
EPSON Printer Software
ExpertGPS 3.03
Express Burn
FastStone Image Viewer 3.9
Finale 2005a
Finale Performance Assessment
FLV Player 1.3.3
Free Audio CD Burner version 1.2
FREE Hi-Q Recorder 1.92
Free Video to MP3 Converter version 3.2
Free YouTube Download 2.3
Free YouTube to MP3 Converter version 3.2
Freeware PDF Unlocker
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService2
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
History Audit
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
hp photosmart printer series (Remove only)
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iPod for Windows 2005-06-26
iTunes
J2SE Runtime Environment 5.0 Update 4
Java™ 6 Update 2
Java™ 6 Update 3
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player 8
Magic DVD Copier Version 4.9.2
MAGIX audio cleaning lab 10
MAGIX Media Manager 2004 silver
Malwarebytes' Anti-Malware
Manual CanoScan LiDE 50
MarketResearch
mCore
mDrWiFi
Melodyne 3.1 Demo
Melodyne Runtime 4.0 (x86)
Melodyne singletrack
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Microsoft Word 2000 SR-1
Microsoft Works 4.5
Microsoft Works Setup Launcher
Microsoft XML Parser
mIWA
mLogView
mMHouse
Motorola Driver Installation
Move Media Player
MPEG2 Codec(libmpeg2/mad)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Music Transfer
mWlsSafe
mXML
MyConnect Special Offer
MyFonts Order M1488242
mZConfig
Nero 6 Enterprise Edition
Network
Nokia Connectivity Adapter Cable DKU-5
Office 2003 Trial Assistant
OJOsoft Audio Converter
OmniPage SE
Otto
Palm Desktop
PdaNet for Android 2.41
PDF Producer
Picasa 3
Picture Resize Genius 2.5.2
Power Tab Editor 1.7
PowerDVD
Presto! PageManager 6.03
Primo
PS_AIO_06_B209a-m_SW_Min
Pure Networks Port Magic
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Registry Healer 4.3.0 uninstall
Replay Converter 2.10
Replay Radio and Replay A/V 7
Rhapsody
Runtime
Scan
SCRABBLE
SD Secure Module
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 Series (KB969878)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Shop for HP Supplies
Sibelius Scorch (ActiveX Only)
SmartWebPrinting
SnagIt 8
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Sony Picture Utility
SoundTap Streaming Audio Recorder
Status
Stomp RecordNow MAX
StuffIt 11
SUPERAntiSpyware
Synaptics Pointing Device Driver
TeamViewer 5
TEFView 2.64
Texas Instruments PCIxx21/x515/xx12 drivers.
THOMSON mp3PRO Audio Player
TIPCI
TMPGEnc DVD Author 2.0
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Total Commander (Remove or Repair)
TouchWorks Web Controls
TrayApp
Tune Transfer
TuxGuitar 1.2
TweakNow PowerPack 2006 Professional
Ultimate DVD Player (remove only)
Uninstall 1.0.0.1
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VERITAS StorageGuard
Video Converter 3
Vidira ClearerZoom
Viewpoint Media Player
WebEx
WebFldrs XP
WebReg
Winamp
Window Washer
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinPcap 3.1
Works Suite OS Pack
XviD MPEG-4 Codec
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
ZC Video Converter 1.2.1

==== Event Viewer Messages From Past Week ========

12/14/2010 8:48:20 AM, error: Dhcp [1002] - The IP address lease 192.168.0.107 for the Network Card with network address 0013021C1525 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/14/2010 8:45:49 AM, error: FW1 [1] - FW1: FW-1: last packet seen 22367 seconds ago, assumi-->
12/14/2010 8:45:49 AM, error: FW1 [1] - FW1: -->ng clock change.
12/14/2010 2:20:21 AM, error: FW1 [1] - FW1: FW-1: lost 59 debug messages
12/14/2010 12:55:33 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
12/14/2010 12:55:33 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/14/2010 12:08:01 AM, error: FW1 [1] - FW1: FW-1: lost 15 debug messages
12/14/2010 12:07:32 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 29 -->
12/14/2010 12:07:09 AM, error: FW1 [1] - FW1: ndis_allocate_packet: Cannot allocate new packets
12/14/2010 12:06:27 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
12/14/2010 12:06:27 AM, error: SideBySide [59] - Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
12/14/2010 12:06:27 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/14/2010 12:06:03 AM, error: FW1 [1] - FW1: FW-1: lost 29 debug messages
12/14/2010 12:05:24 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 38 -->
12/14/2010 12:05:24 AM, error: FW1 [1] - FW1: -->secon
12/14/2010 12:05:01 AM, error: FW1 [1] - FW1: FW-1: lost 2 debug messages
12/14/2010 12:04:55 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 6 s-->
12/14/2010 12:04:55 AM, error: FW1 [1] - FW1: -->econ
12/14/2010 12:04:02 AM, error: FW1 [1] - FW1: FW-1: lost 90 debug messages
12/14/2010 12:03:27 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 34 -->
12/14/2010 12:02:04 AM, error: FW1 [1] - FW1: FW-1: lost 12 debug messages
12/14/2010 12:01:40 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 20 -->
12/14/2010 12:01:00 AM, error: FW1 [1] - FW1: FW-1: lost 27 debug messages
12/14/2010 12:00:04 AM, error: FW1 [1] - FW1: FW-1: lost 22 debug messages
12/14/2010 1:33:09 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 51 -->
12/14/2010 1:18:01 AM, error: FW1 [1] - FW1: FW-1: lost 42 debug messages
12/14/2010 1:16:00 AM, error: FW1 [1] - FW1: FW-1: lost 34 debug messages
12/14/2010 1:15:44 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 16 -->
12/14/2010 1:15:00 AM, error: FW1 [1] - FW1: FW-1: lost 31 debug messages
12/14/2010 1:14:16 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 44 -->
12/14/2010 1:13:43 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 17 -->
12/14/2010 1:11:17 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 43 -->
12/14/2010 1:11:00 AM, error: FW1 [1] - FW1: FW-1: lost 107 debug messages
12/14/2010 1:10:08 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 52 -->
12/14/2010 1:10:00 AM, error: FW1 [1] - FW1: FW-1: lost 299 debug messages
12/14/2010 1:09:03 AM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 58 -->
12/13/2010 9:49:24 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
12/13/2010 9:49:24 PM, error: Service Control Manager [7000] - The SprintPort Serial Driver service failed to start due to the following error: The system cannot find the path specified.
12/13/2010 9:48:46 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/13/2010 9:48:46 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
12/13/2010 8:58:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/13/2010 8:57:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/13/2010 4:33:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/13/2010 11:59:28 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 33 -->
12/13/2010 11:58:02 PM, error: FW1 [1] - FW1: FW-1: lost 20 debug messages
12/13/2010 11:57:21 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 39 -->
12/13/2010 11:56:01 PM, error: FW1 [1] - FW1: FW-1: lost 11 debug messages
12/13/2010 11:55:34 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 26 -->
12/13/2010 11:55:00 PM, error: FW1 [1] - FW1: FW-1: lost 96 debug messages
12/13/2010 11:54:29 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 32 -->
12/13/2010 11:54:06 PM, error: FW1 [1] - FW1: FW-1: lost 17 debug messages
12/13/2010 11:53:41 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 19 -->
12/13/2010 11:51:01 PM, error: FW1 [1] - FW1: FW-1: lost 5 debug messages
12/13/2010 11:49:39 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 23 -->
12/13/2010 11:49:04 PM, error: FW1 [1] - FW1: FW-1: lost 24 debug messages
12/13/2010 11:48:19 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 41 -->
12/13/2010 11:48:01 PM, error: FW1 [1] - FW1: FW-1: lost 64 debug messages
12/13/2010 11:47:26 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 35 -->
12/13/2010 11:47:01 PM, error: FW1 [1] - FW1: FW-1: lost 84 debug messages
12/13/2010 11:46:53 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 7 s-->
12/13/2010 11:25:40 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/13/2010 11:25:33 PM, error: FW1 [1] - FW1: FW-1: fwconn_get_bits: failed to get bit value o-->
12/13/2010 11:25:33 PM, error: FW1 [1] - FW1: FW-1: fwconn_chain_get_something: fwconn_chain_l-->
12/13/2010 11:25:33 PM, error: FW1 [1] - FW1: -->ookup failed (19)



----------


ComboFix 10-12-14.01 - MARK 12/15/2010 0:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2595 [GMT -5:00]
Running from: c:\documents and settings\MARK\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~GLHTTP1.TMP
c:\documents and settings\MARK\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\MARK\Application Data\Adobe\plugs
c:\documents and settings\MARK\Application Data\Adobe\plugs\KB15501468.exe
c:\documents and settings\MARK\Application Data\Adobe\plugs\KB15540296.exe
c:\documents and settings\MARK\Application Data\agtyjkj.bat
c:\documents and settings\MARK\Application Data\inst.exe
c:\documents and settings\MARK\Application Data\install
c:\documents and settings\MARK\Desktop\Hard Drive Diagnostic.lnk
c:\documents and settings\MARK\Desktop\ThinkPoint.lnk
c:\documents and settings\MARK\Local Settings\Application Data\{D859E048-C74D-4978-9446-4E796E5D186E}
c:\documents and settings\MARK\Local Settings\Application Data\{D859E048-C74D-4978-9446-4E796E5D186E}\chrome.manifest
c:\documents and settings\MARK\Local Settings\Application Data\{D859E048-C74D-4978-9446-4E796E5D186E}\chrome\content\_cfg.js
c:\documents and settings\MARK\Local Settings\Application Data\{D859E048-C74D-4978-9446-4E796E5D186E}\chrome\content\overlay.xul
c:\documents and settings\MARK\Local Settings\Application Data\{D859E048-C74D-4978-9446-4E796E5D186E}\install.rdf
c:\documents and settings\MARK\Local Settings\Temporary Internet Files\TempAnn.tmp
c:\documents and settings\MARK\Start Menu\Programs\Hard Drive Diagnostic
c:\documents and settings\MARK\Start Menu\Programs\Hard Drive Diagnostic\Hard Drive Diagnostic.lnk
c:\documents and settings\MARK\Start Menu\Programs\Hard Drive Diagnostic\Uninstall Hard Drive Diagnostic.lnk
c:\documents and settings\MARK\Start Menu\Programs\ThinkPoint.lnk
c:\windows\Readme.txt
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\encapi32.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tomsxsav.dll
c:\windows\uhonaduq.dll

Infected copy of c:\windows\system32\drivers\GEARAspiWDM.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-14 05:04 . 2010-12-14 05:04 -------- d-----w- c:\documents and settings\MARK\Local Settings\Application Data\Real
2010-12-14 05:02 . 2010-12-14 05:02 -------- d-----w- c:\program files\Common Files\xing shared
2010-12-08 02:48 . 2010-12-14 05:11 0 ----a-w- c:\windows\Tyesahazuyos.bin
2010-12-08 01:31 . 2010-12-08 01:31 1409 ----a-w- c:\windows\QTFont.for
2010-12-05 18:13 . 2010-12-05 18:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-12-05 18:12 . 2010-12-05 18:12 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-12-03 06:04 . 2010-12-03 06:04 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-03 00:40 . 2010-12-03 00:40 -------- d-----w- c:\program files\Bullzip
2010-12-02 23:30 . 2010-12-02 23:30 -------- d-----w- c:\documents and settings\MARK\IECompatCache
2010-11-21 07:22 . 2010-11-21 07:22 -------- d-----w- c:\program files\Common Files\VST3
2010-11-21 07:22 . 2010-11-21 07:22 -------- d-----w- c:\program files\Common Files\VST2
2010-11-21 07:22 . 2010-11-21 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Celemony Software GmbH
2010-11-21 07:22 . 2010-11-21 07:22 -------- d-----w- c:\program files\Common Files\Celemony

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 22:02 . 2009-11-14 22:02 564064 ----a-w- c:\program files\googleupdatesetup.exe
2009-11-08 15:25 . 2009-11-08 15:25 4832728 ----a-w- c:\program files\MagicSharpener_Demo_Setup.exe
2009-10-06 06:43 . 2009-10-06 06:43 5215869 ----a-w- c:\program files\FSViewerSetup39.exe
2009-10-04 06:09 . 2009-10-04 06:09 4288632 ----a-w- c:\program files\VLCfree_8676.exe
2009-09-22 12:33 . 2009-09-22 12:33 46222592 ----a-w- c:\program files\SSV_Windows2.25.0046_AU.exe
2009-09-21 05:17 . 2009-09-21 05:17 5622500 ----a-w- c:\program files\streaming-audio-recorder_full383.exe
2009-08-30 02:19 . 2009-08-30 02:19 7509681 ----a-w- c:\program files\FreeYouTubeDownload.exe
2009-08-30 01:07 . 2009-08-30 01:07 1241914 ----a-w- c:\program files\DVDRegionFree59.exe
2009-08-29 04:04 . 2009-08-29 04:04 6278168 ----a-w- c:\program files\dcloner.exe
2009-08-29 03:58 . 2009-08-29 03:58 2885285 ----a-w- c:\program files\dvdsmith-movie-backup.exe
2009-08-24 21:01 . 2009-08-24 21:01 3301888 ----a-w- c:\program files\freehiqrec.exe
2009-07-08 04:10 . 2009-07-08 04:10 44531 ----a-w- c:\program files\DVDFull.exe
2009-06-06 01:54 . 2009-06-06 01:54 9733504 ----a-w- c:\program files\AC881_F1_2_3_15Cap.exe
2009-05-02 20:36 . 2009-05-02 20:36 297472 ----a-w- c:\program files\MyFonts Order M1488242.msi
2009-05-01 05:23 . 2009-05-01 05:23 3095462 ----a-w- c:\program files\MagicDVDCopier492.exe
2009-05-01 04:32 . 2009-05-01 04:32 1379841 ----a-w- c:\program files\freedvdripper.exe
2009-05-01 04:08 . 2009-05-01 04:07 8818696 ----a-w- c:\program files\burnaware_free.exe
2009-04-30 05:58 . 2009-04-30 05:58 12037384 ----a-w- c:\program files\scrb7000.exe
2009-04-24 04:03 . 2009-04-24 04:03 9506112 ----a-w- c:\program files\SetupExpertGPS.exe
2005-05-13 22:12 217073 -csha-r- c:\windows\meta4.exe
2005-10-24 16:13 66560 -csha-r- c:\windows\MOTA113.exe
2005-10-14 02:27 422400 -csha-r- c:\windows\x2.64.exe
2005-10-08 00:14 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 17:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 20:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 03:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 05:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 15:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 18:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 05:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Network EPSON Stylus Photo RX..."="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICJA.EXE" [2007-04-13 182272]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-28 68856]
"HistoryKill"="c:\program files\HistoryKill 2010\histkill.exe" [2009-07-27 1676776]
"Haudit"="c:\program files\History Audit\Haudit.exe" [2008-11-12 1025520]
"ClearAllHistory"="c:\program files\ClearAllHistory\cah.exe" [2010-09-24 300544]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-08-18 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [2005-08-16 188416]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2005-11-03 978944]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"RemoteControl"="c:\windows\system32\rmctrl.exe" [2000-10-16 32768]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"IVPServiceMgr"="c:\toshiba\ivp\ism\ivpsvmgr.exe" [2003-10-20 475136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"HostManager"="c:\program files\Common Files\AOL\1140083713\ee\AOLSoftware.exe" [2008-06-24 41824]
"StorageGuard"="c:\program files\RecordNow MAX Platinum\StorageGuard\sgtray.exe" [2001-12-03 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-12-14 274608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="c:\windows\system32\Macromed\Shockwave 10\PostUpdate.exe" [2010-12-03 53248]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2007-05-24 15:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PCS Connection Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PCS Connection Manager.lnk
backup=c:\windows\pss\PCS Connection Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2006-11-05 17:15 227840 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\AOL\1140083713\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-06-16 10:03 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]
2002-06-03 18:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2001-12-03 05:00 155648 ----a-w- c:\program files\RecordNow MAX Platinum\StorageGuard\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 06:11 132496 ----a-w- c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-03-28 00:35 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
2007-11-26 19:47 1206600 ----a-w- c:\program files\Webroot\Washer\wwDisp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\aolsoftware.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SCC.EXE"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_DIAGNOSTICS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"e:\\Documents and Settings\\MARK\\My Documents\\download programs\\video_converter_setup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2/27/2007 8:31 PM 2944]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [11/13/2008 6:32 PM 419448]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [5/24/2007 10:13 AM 36368]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [5/24/2007 10:13 AM 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [5/24/2007 10:13 AM 673456]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [12/8/2007 1:30 AM 598856]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [5/24/2007 10:13 AM 2234800]
R3 lknuhst;Linksys Network USB Host Controller;c:\windows\system32\drivers\lknuhst.sys [5/3/2007 3:52 PM 11136]
R3 LKNUHUB;Linksys Network USB Root Hub;c:\windows\system32\drivers\lknuhub.sys [5/3/2007 3:52 PM 37248]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [12/31/2009 8:41 PM 9472]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [9/21/2009 12:18 AM 16640]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 12:09 AM 136176]
S2 SprintPort;SprintPort Serial Driver;\??\c:\program files\Sprint\PCS Connection Manager\SprintPort\WINPORT.SYS --> c:\program files\Sprint\PCS Connection Manager\SprintPort\WINPORT.SYS [?]
S3 ACGPRS;Sierra Wireless 3G Adapter;c:\windows\system32\drivers\acgprs.sys [8/15/2008 10:39 AM 103936]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [11/1/2006 11:37 AM 16512]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [10/25/2001 9:54 AM 18864]
S3 LKNUCMP;Linksys Network USB Composite Device;c:\windows\system32\drivers\lknucmp.sys [5/3/2007 3:53 PM 11648]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 4:10 PM 32512]
S3 scrswi;Sierra Wireless Smart Card Reader;c:\windows\system32\drivers\scrswi.sys [8/15/2008 10:39 AM 43904]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/29/2008 10:16 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/29/2008 10:16 AM 73856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-11-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 17:42]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 05:09]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-13 05:09]

2010-12-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-12-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1000346140-1359634168-514946141-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-12-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2010-12-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1000346140-1359634168-514946141-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2006-06-03 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
.
------- Supplementary Scan -------
.
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: connwsp.dll
DPF: {019D5592-3928-4DE4-BAA2-1F2E5EEF4CF6} - /Touchworks/AHSCompressionEngine.cab
DPF: {27B87596-448E-40CB-B3B4-4F329FF540EC} - /TouchWorks/ResultWorks/CHWorks/VitalSigns/wavitalsigns.cab
DPF: {46965FE7-2129-407B-938C-BE358A56D11E} - /touchworks/docworks/chworks/note/aicviewer3.cab
DPF: {860FFAFE-5AAA-11D2-81EB-006008A2E49D} - /TouchWorks/ResultWorks/chworks/flowsheets/pe32.cab
DPF: {9A0CA502-7DA4-4B72-B5D4-D280DE8D4512} - /Touchworks/DictionaryManager.CAB
DPF: {ACEFFC26-4628-11D1-B14A-105C01C13001} - /TouchWorks/DocWorks/CHWorks/Note/wspell.cab
DPF: {B7B8B614-6A5C-4140-A303-43CEB589D6A5} - /TouchWorks/DocWorks/CHWorks/Note/TWRTF.cab
DPF: {B7EA9615-586E-4193-9C3C-A29CA577E040} - /Touchworks/DictateBar.cab
DPF: {CE10AD66-84BC-46A9-9424-C863199C0408} - /TouchWorks/docworks/chworks/note/aic_viewer2.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-Uxajoc - c:\windows\Tomsxsav.dll
HKCU-Run-ajyWlxBiFK.exe - e:\docume~1\MARK\MYDOCU~1\Temp\ajyWlxBiFK.exe
HKLM-Run-Mpekilesolasiwit - c:\windows\uhonaduq.dll
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-BDMCon - c:\program files\Softwin\BitDefender Professional Edition\\bdmcon.exe
MSConfigStartUp-BDNewsAgent - c:\program files\Softwin\BitDefender Professional Edition\\bdnagent.exe
MSConfigStartUp-BDSwitchAgent - c:\program files\Softwin\BitDefender Professional Edition\bdswitch.exe
MSConfigStartUp-Cobian Backup 8 - c:\program files\Cobian Backup 8\Cobian.exe
MSConfigStartUp-SprintPort - c:\program files\Sprint\PCS Connection Manager\SprintPort\SprintPortA.exe
MSConfigStartUp-Washer - c:\program files\Washer\washer.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 00:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="50A829C3B4B1DFE276D3FA75613E69F4EF17CE035EFD8332E9AEBA61390D7D22D60F73FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B9808A6A0AC4980AC7933FEBC9E127BECC74C1F5C08706AD407E1652F5DD52F41360999439B83DACC577C4D2B34B592FC88D9D18EE589665CE6852A4B5A3436E3D7ECCFAD884753771054482BF38808EDF6350BB92FD85CAC5B2DB2B1B92AB652EC7A02BF2484C6F1158E3C678B20C0DC0FA7C3945F876CFA5C0614417DD2823A869E832316E85205AD7AD6F1E859474C6A84283BC9C4AF25FA02193D7BCCDB72C78F5A63D8A1861D332D7C414A94996137DD18A990BFAF28D9583FCDDC3AFA70E8C14171B964E9CB127D462D43B7A9E6B88F2944AD2F6C27AF03B57D20C30C50B770A6A15EE77445CA897CF4BC295DCAC334234FED4E5869C9BF643C961230D3131DACABBAE714E2F4B021B871560E9EC33082F7F057DA598591E35DE5537B5D6F08A9AC1B25A821B71667FC72328B17B6A5F8C92E104E86D6BC8118883CF3F4553BA9251E6107A15122352DA1AD96102EFEE9B96B3B822345CDBF09CB8217C6607E697935E5792812032895B8C4E5865269ED1D47A23A87EA91D2ADD06054A2C2645D72A9FC3C9F61268EE742F1239CDA56D1AD32152D2CF89A25E90E1490FBBEBD29BA14F60192B6C1EC399D36EB9818F9150BEF6484B131BDD486CDE2226BAD222AE464A76B33A0CCF983019652636BCE6F369BE4E05B6B96322D2D8F57AC7B6D6E635D6696D6BE832123719C5D0BCB9045171F71D50E1383C2EE9E68EEA0A7BE369014100EF5C66602DACB538642C141B5F63D66E757A7A5413E663A1D4948787AA77602D22C833AF0CE404CBADE6EA690848AA694E43C649A71A0570ACF04C2E448C021DA3C51067409529B5ED981485A53EE17C908F6E86F46B817D0FE1887D4F806568E0AA09548F75ADA455242F3CB57A722EA3A14A117DAF154824854F6DBA02E0ACA1EF7FADCEA0225BA888B3C51EC4535CE15E2BF9932616D233E9C83BF0CF3AFE0A6EF895418CA1D7C64C9730B52AD4140D747BA34B470452A99EAE47C6B64B815F3B4D7081A09663CEE02B5CE2997BC7FE4B7CC59ACDEC18336C99640D3649CA2FA8A44016C63A9205448DDA37812A0BCC33FF22F4A3C4E1092D9566DBC29D7345444EC0172D592C269C70FC6AAFC6B231F7DF00E216FD8A4D450291B823E6AEB3DCB38F970AF53B123BEACA80D0C9DC945A5CA84A732D406C3745413E682D65E171F4D958F95A06E9A7E60EDD3C83E422A7FCC523B1139734B2364D38DA7259465CE972DDC7FB26F0E6F97EE9490558E656684EE98707F9B7BCBA78F7E36E18CD18048D04BB8C41F5F0A04B8491472252F4843836483A723"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\connwsp.dll
.
Completion time: 2010-12-15 00:14:30
ComboFix-quarantined-files.txt 2010-12-15 05:14

Pre-Run: 3,869,130,752 bytes free
Post-Run: 4,816,801,792 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B02DAB1D9776EFEC9378562BB0FD5D06

12/13/2010 11:25:33 PM, error: FW1 [1] - FW1: -->f bit category 6
12/13/2010 11:25:00 PM, error: FW1 [1] - FW1: FW-1: lost 94 debug messages
12/13/2010 11:24:01 PM, error: FW1 [1] - FW1: FW-1: lost 67 debug messages
12/13/2010 11:23:23 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 37 -->
12/13/2010 11:23:01 PM, error: FW1 [1] - FW1: FW-1: lost 211 debug messages
12/13/2010 11:22:08 PM, error: FW1 [1] - FW1: n FW-1: stopping debug messages for the next 53 -->
12/13/2010 11:22:07 PM, error: FW1 [1] - FW1: FW-1: lost 83 debug messages

==== End Of File ===========================




thanks very much. Mark
hopefully the icons will return to the desktop

Attached Files



#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:34 PM

Posted 15 December 2010 - 09:17 AM

Hi again,

Also since I have had the virus, at startup I get a popup saying "initialization error" and I am able to click out of the error. I also have had constant messages about a problem with system32, and something about DrWatson having a problem. I shall see if those messages persist.

Let me know if those return (include error messages).

When I open AOL, I can read email, but I can't use the AOL browser. Nothing opens.

May need to reinstall AOL related stuff later.

We have to take a look at that desktop issue later if it doesn't get fixed after a reboot.


Do you use Adobe Acrobat for anything (else than pdf conversions)?



Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\Tyesahazuyos.bin
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {CB789373-04D5-4EF4-9C16-871463FD0830} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Update MBAM and run a full scan with it. Remove found items and post back the report.



Uninstall old Adobe Reader versions and get the latest one (9.4 + 9.4.1 update or Adobe Reader X if offered) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall your current Adobe shockwave player and get the fresh one here if needed.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 23.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked.
  • Click Scan
  • Wait for the scan to finish.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 15 December 2010 - 10:01 PM

thanks for the continued help. I can now browse using aol.com or IE. there are still no icons on my desktop, but if I explore and go backwards from My Computer, the desktop files are still in the computer.

I have attached a combifix log, a MBAM log, and ESET and the two DDS files. Still getting a window at startup saying "initialization error" but it is easy to click out of it.

Attached Files



#9 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:34 PM

Posted 16 December 2010 - 12:38 AM

Hi,

Please update programs as instructed in my previous post. Adobe products and Java are still with their vulnerable versions installed.

Still getting a window at startup saying "initialization error" but it is easy to click out of it.

Does that contain any more detailed message?

Edited by Blade81, 16 December 2010 - 12:38 AM.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#10 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 17 December 2010 - 01:24 AM

I think I have replaced adobe and java with the new versions. the "initialization error" is in a small rectangular box, with an exclamation point. there is no other message with in and it closes easily. I am ready for the next step. The desktop is still empty except for my original screensaver picture which has been restored by the changes that you have caused. thanks.

#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:34 PM

Posted 17 December 2010 - 10:36 AM

I'm just trying to figure out if that error message is in any way connected to desktop problem. Please post fresh dds logs.

Have you tried rebooting system into safe mode to see if desktop issue is present there too?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#12 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 17 December 2010 - 02:08 PM

the initialization error has been present for about a month, soon after the trojan arrived, but I could still see icons on the desktop. they only disappeared after the "fix" that we did in the last 2 days. I went into safe mode, and the screen is black, but I can go to the start button, and to my computer, then work backwards to desktop and the icons are there, and all are usable. I will do another dds and send it today. thanks.

#13 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 18 December 2010 - 01:20 PM

attaching the DDS files. The computer seems to be doing well. If I have a window open reading email or files, when I close a window sometimes it closes slowly like a windowshade going up or down, not just disappearing.

Attached Files



#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:34 PM

Posted 18 December 2010 - 03:24 PM

Hi,

The desktop issue still appears? Please upload c:\windows\explorer.exe to http://www.virustotal.com and post back the results (re-analyze if prompted). If you have other user accounts please see if desktop opens properly on those.

when I close a window sometimes it closes slowly like a windowshade going up or down, not just disappearing.

Hard drive defragmentation might come in handy. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk and Diskeeper. Of free options I recommend MyDefrag.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 markp

markp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 18 December 2010 - 10:22 PM

Not sure how to save the virus total. there was not a save button. I copied the data by highlighting and will paste it below. I hope it is the correct info. I will try the defrag and let you know.


File name: explorer.exe
Submission date: 2010-12-18 22:47:41 (UTC)
Current status: queued (#145) queued (#145) analysing finished


Result: 0/ 43 (0.0%)
VT Community

goodware
Safety score: 100.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2010.12.19.00 2010.12.18 -
AntiVir 7.11.0.83 2010.12.17 -
Antiy-AVL 2.0.3.7 2010.12.18 -
Avast 4.8.1351.0 2010.12.18 -
Avast5 5.0.677.0 2010.12.18 -
AVG 9.0.0.851 2010.12.18 -
BitDefender 7.2 2010.12.18 -
CAT-QuickHeal 11.00 2010.12.18 -
ClamAV 0.96.4.0 2010.12.18 -
Command 5.2.11.5 2010.12.18 -
Comodo 7109 2010.12.18 -
DrWeb 5.0.2.03300 2010.12.18 -
Emsisoft 5.1.0.1 2010.12.18 -
eSafe 7.0.17.0 2010.12.16 -
eTrust-Vet 36.1.8048 2010.12.17 -
F-Prot 4.6.2.117 2010.12.17 -
F-Secure 9.0.16160.0 2010.12.18 -
Fortinet 4.2.254.0 2010.12.18 -
GData 21 2010.12.18 -
Ikarus T3.1.1.90.0 2010.12.18 -
Jiangmin 13.0.900 2010.12.18 -
K7AntiVirus 9.73.3286 2010.12.18 -
Kaspersky 7.0.0.125 2010.12.18 -
McAfee 5.400.0.1158 2010.12.18 -
McAfee-GW-Edition 2010.1C 2010.12.18 -
Microsoft 1.6402 2010.12.18 -
NOD32 5714 2010.12.18 -
Norman 6.06.12 2010.12.18 -
nProtect 2010-12-18.01 2010.12.18 -
Panda 10.0.2.7 2010.12.18 -
PCTools 7.0.3.5 2010.12.18 -
Prevx 3.0 2010.12.18 -
Rising 22.78.04.01 2010.12.18 -
Sophos 4.60.0 2010.12.18 -
SUPERAntiSpyware 4.40.0.1006 2010.12.18 -
Symantec 20101.3.0.103 2010.12.18 -
TheHacker 6.7.0.1.101 2010.12.15 -
TrendMicro 9.120.0.1004 2010.12.18 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.18 -
VBA32 3.12.14.2 2010.12.17 -
VIPRE 7710 2010.12.18 -
ViRobot 2010.12.18.4208 2010.12.18 -
VirusBuster 13.6.101.2 2010.12.18 -
Additional informationShow all
MD5 : 12896823fb95bfb3dc9b46bcaedc9923
SHA1 : 9d2bf84874abc5b6e9a2744b7865c193c08d362f
SHA256: 1e675cb7df214172f7eb0497f7275556038a0d09c6e5a3e6862c5e26885ef455
ssdeep: 12288:HHmcoCUyZtwAvAs4wTCyrPTloHWYUrkf8w0Vnzac1/g/J/vMS:nmfty/wAvN7lrvbkf8w
0VnH1/g/J/k
File size : 1033728 bytes
First seen: 2009-02-09 08:59:31
Last seen : 2010-12-18 22:47:41
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.00.2900.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1A55F
timedatestamp....: 0x48025C30 (Sun Apr 13 19:17:04 2008)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x44C09, 0x44E00, 6.38, fd89c9ce334764ffdbb62637ad9b5809
.data, 0x46000, 0x1DB4, 0x1800, 1.30, 983f35021232560eaaa99fcbc1b7d359
.rsrc, 0x48000, 0xB2268, 0xB2400, 6.63, 95339c37646fa93e3695e06572a21889
.reloc, 0xFB000, 0x374C, 0x3800, 6.78, ec335057489badbf6d8142b57175fd91

[[ 13 import(s) ]]
ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
BROWSEUI.dll: -, -, -, -
GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
OLEAUT32.dll: -, -
SHDOCVW.dll: -, -, -
SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 282112
CompanyName: Microsoft Corporation
EntryPoint: 0x1a55f
FileDescription: Windows Explorer
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 1010 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.00.2900.5512 (xpsp.080413-2105)
FileVersionNumber: 6.0.2900.5512
ImageVersion: 5.1
InitializedDataSize: 752128
InternalName: explorer
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 7.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.1
ObjectFileType: Executable application
OriginalFilename: EXPLORER.EXE
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.00.2900.5512
ProductVersionNumber: 6.0.2900.5512
Subsystem: Windows GUI
SubsystemVersion: 4.1
TimeStamp: 2008:04:13 21:17:04+02:00
UninitializedDataSize: 0



VT Community




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users