Sponsored By

Stingray

Msserver And Cmds Won't Go Away, Please Help![RESOLVED]

Recommended Posts

As mentioned by others, I have found these files in my startup menu and cannot delete them. They are followed by the command "rundll32.exe". I don't exactly know what they do but they shouldn't be there. If anyone can give me some steps to delete them I would be very thankful! I found this board by accident and hope someone can help. And if it matters, I am running Vista.

Rocky

Edited by Stingray

Share this post


Link to post
Share on other sites

Hello and Welcome to the forums. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

hjticonle6.gifClick here to download HJTInstall.exe

  • Save HJTInstall.exe to your desktop.
  • Double click on the HJTInstall.exe icon on your desktop.
  • A window will pop up, and simply click Install.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis.
  • When it is completed installing HijackThis, it will automatically launch and you will be presented with the License Agreement. Click on the I Accept button.
  • Once the license agreement is gone, click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Share this post


Link to post
Share on other sites

Thanks for your help; hope you can fix my problem!! Here is my log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:29:09 PM, on 7/16/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\IMSIDesign\TCW14\Program\Tcw14.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Rocky\Desktop\HiJackThis.exe

C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rocky\AppData\Local\Temp\iifcCvVL.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Rocky\AppData\Local\Temp\iifgHxYs.dll,c

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

End of file - 4884 bytes

Share this post


Link to post
Share on other sites

Hello again,

Step 1

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Step 2

Please download Deckard's System Scanner (DSS) to your desktop.

  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, a text file will open - Main.txt
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt into your thread.
  • An additional text file, Extra.txt,will also be available (by default) in the following FOLDER, C:\Deckard\System Scanner.
  • Please go to that folder and also copy the contents of Extra.txt to your post as well.

Note: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Share this post


Link to post
Share on other sites

You mentioned that ATF Cleaner is for XP and 2000 only. I am running Vista; what should I do?

Also, I neglected to mention that when I ran the scan I got the following message pop up:

"For some reason your system denied access to the Hosts file. If any hijacked domains are in this file, HijackThis may not be able to fix this. If that happens you may need to edit the file yourself. To do this click Start, Run, and type:

notepad C:\Windows\System 32\drivers\etc\hosts

And press Enter.............." I'm sure you have probably seen this before.

Should I do what it says before I post the scan results?

Thanks for you patience.

An added note: For some reason, both the MSServer and cmds are now letting me uncheck them in the start up list. I assume they are not running on start up now but I would like them removed from my computer anyway. And how would I prevent them from coming back?

Thanks

Edited by Stingray

Share this post


Link to post
Share on other sites

Hello,

Sorry for the confusion, ATF cleaner will work on Windows Vista.

Also, lets try the following.

Download the HostsXpert 4.2 - Hosts File Manager.

  • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
  • Run HostsXpert 4.2 - Hosts File Manager from its new home
  • Click on "File Handling".
  • Click on "Restore MS Hosts File".
  • Click OK on the Confirmation box.
  • Click on "Make Read Only?"
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Share this post


Link to post
Share on other sites

OK, I downloaded and ran HostsXpert 4.2 - Hosts File Manager and did what you said. I did not run ATF Cleaner or DSS; was I supposed to do that also? Was there something I should look for after running HostsXpert? I still have the MSServer in my start up list but it remains unchecked. Is there anything further I should be doing. For some reason my computer will not successfully restore from any of the restore points. Does this have anything to do with MSServer or anything else I have done?

Thanks for your patience!

Share this post


Link to post
Share on other sites

OK, here we go. This the result of the Deckard System Scanner:

Deckard's System Scanner v20071014.68

Run by Rocky on 2008-07-20 20:50:51

Computer is in Normal Mode.

--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --

19: 2008-07-20 17:58:16 UTC - RP423 - Device Driver Package Install: Synaptics Mice and other pointing devices

18: 2008-07-20 17:47:28 UTC - RP422 - Removed Napster Burn Engine

17: 2008-07-20 17:46:51 UTC - RP421 - Removed Napster

16: 2008-07-20 17:28:06 UTC - RP419 - Windows Update

15: 2008-07-20 17:18:03 UTC - RP418 - Restore Operation

-- First Restore Point --

1: 2008-07-13 14:00:59 UTC - RP403 - Scheduled Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2008-07-20 20:56:43

Platform: Windows Vista Service Pack 1 (6.00.6001)

MSIE: Internet Explorer (7.00.6000.16386)

Boot mode: Normal

Running processes:

C:\Windows\System32\dwm.exe

C:\Windows\explorer.exe

C:\Windows\System32\taskeng.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\Microsoft Works\WkDetect.exe

C:\Program Files\Toshiba\Utilities\KeNotify.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\wuauclt.exe

C:\Users\Rocky\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [1a3e3093] rundll32.exe "C:\Users\Rocky\AppData\Local\Temp\rrihacur.dll",b

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Rocky\AppData\Local\Temp\iifcCvVL.dll,#1

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Rocky\AppData\Local\Temp\iifgHxYs.dll,c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)

O15 - Trusted Zone: https://turbotax.com (HKCU)

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll

O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll

O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL

O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL

O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\System32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\System32\Ati2evxx.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe

O23 - Service: Swupdtmr - Unknown owner - C:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

End of file - 11423 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S4 KR10I - c:\windows\system32\drivers\kr10i.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>

S4 KR10N - c:\windows\system32\drivers\kr10n.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>

S4 KR3NPXP - c:\windows\system32\drivers\kr3npxp.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree>

R2 TNaviSrv (TOSHIBA Navi Support Service) - c:\program files\toshiba\toshiba dvd player\tnavisrv.exe <Not Verified; TOSHIBA Corporation; TOSHIBA DVD Player>

R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP000

Manufacturer: Microsoft

Name: 6TO4 Adapter

PNP Device ID: ROOT\*6TO4MP000

Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP001

Manufacturer: Microsoft

Name: isatap.{89F46E7F-7E07-4F81-831A-30712AED70A1}

PNP Device ID: ROOT\*ISATAP001

Service: tunnel

-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-20 13:58:51 0 d-------- C:\Program Files\Synaptics

2008-07-19 20:03:59 0 d-------- C:\Program Files\Eusing Free Registry Cleaner

2008-07-19 18:58:42 0 d-------- C:\HostsXpert 4.2 - Hosts File Manager

2008-07-14 21:27:19 0 d--h----- C:\$AVG8.VAULT$

2008-07-14 17:20:40 0 d-------- C:\Windows\system32\drivers\Avg

2008-07-14 17:18:17 0 d-------- C:\Program Files\AVG

2008-07-14 17:18:16 0 d-------- C:\Users\All Users\avg8

2008-07-07 18:06:29 9606 --a------ C:\Windows\system32\NEWSOFT

2008-07-07 18:05:37 11776 --a------ C:\Windows\system32\pmsbfn32.dll <Not Verified; ; PMSBFN32 Dynamic Link Library>

2008-07-07 18:05:12 0 d-------- C:\Program Files\Common Files\NewSoft

2008-07-07 18:04:32 0 d-------- C:\Program Files\NewSoft

2008-07-07 18:04:32 0 d-------- C:\Program Files\Common Files\PDFView

2008-07-07 18:04:29 0 d-------- C:\Windows\system32\Color

2008-07-07 18:03:29 0 d-------- C:\Users\All Users\InstallShield

2008-07-07 18:03:02 0 d-------- C:\Users\All Users\ScanSoft

2008-07-07 18:03:02 0 d-------- C:\Program Files\Common Files\ScanSoft Shared

2008-07-07 18:02:40 0 d-------- C:\Program Files\ScanSoft

2008-07-07 18:01:03 0 d-------- C:\Program Files\Common Files\CANON

2008-07-07 17:57:43 0 d--h----- C:\Users\All Users\CanonBJ

2008-07-07 17:57:25 0 d--h----- C:\Windows\system32\CanonIJ Uninstaller Information

2008-07-07 17:54:48 0 d--h----- C:\Program Files\CanonBJ

2008-07-07 17:54:21 0 d-------- C:\Program Files\Canon

-- Find3M Report ---------------------------------------------------------------

2008-07-20 13:48:22 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-07-20 13:48:16 0 d-------- C:\Program Files\Common Files

2008-07-19 19:22:49 0 d-------- C:\Users\Rocky\AppData\Roaming\Uniblue

2008-07-19 16:12:01 0 d-------- C:\Program Files\Windows Photo Gallery

2008-07-19 16:12:01 0 d-------- C:\Program Files\Windows Defender

2008-07-07 18:22:23 0 d-------- C:\Users\Rocky\AppData\Roaming\Canon

2008-07-07 18:17:38 0 d-------- C:\Users\Rocky\AppData\Roaming\NewSoft

2008-07-07 18:03:16 0 d-------- C:\Users\Rocky\AppData\Roaming\ScanSoft

2008-07-07 18:03:01 0 d-------- C:\Program Files\Common Files\InstallShield

2008-06-10 08:41:02 174 --ahs---- C:\Program Files\desktop.ini

2008-06-10 08:29:52 0 d-------- C:\Program Files\Windows Calendar

2008-06-10 08:29:51 0 d-------- C:\Program Files\Windows Sidebar

2008-06-10 08:29:50 0 d-------- C:\Program Files\Movie Maker

2008-06-10 08:29:48 0 d-------- C:\Program Files\Windows Mail

2008-06-10 08:29:45 0 d-------- C:\Program Files\Windows Collaboration

2008-06-10 08:29:43 0 d-------- C:\Program Files\Windows Journal

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

07/14/2008 05:18 PM 2055960 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [01/09/2008 04:31 AM]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/14/2008 05:18 PM]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [01/19/2008 03:38 AM]

"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [03/29/2007 01:39 PM]

"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [03/22/2007 02:46 PM]

"NDSTray.exe"="NDSTray.exe" []

"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 07:49 PM]

"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [04/26/2007 09:56 PM]

"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [03/23/2006 12:42 AM]

"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [09/20/2006 08:35 AM]

"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [08/08/2000 04:00 PM]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [04/03/2008 07:24 PM]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 03:35 PM]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/25/2006 09:03 AM]

"Skytel"="Skytel.exe" [04/13/2007 06:36 PM C:\Windows\SkyTel.exe]

"RtHDVCpl"="RtHDVCpl.exe" [04/25/2007 02:14 PM C:\Windows\RtHDVCpl.exe]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [10/19/2007 09:16 PM]

"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [02/04/2007 12:02 PM]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" []

"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [08/08/2000 04:00 PM]

"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [08/17/2005 03:41 PM]

"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [11/06/2006 08:14 PM]

"HWSetup"="\HWSetup.exe" []

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [05/21/2007 02:31 PM]

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [05/14/2007 09:01 PM]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [04/03/2007 09:50 PM]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [10/02/2007 03:45 PM]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/03/2008 10:51 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 03:33 AM]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 03:33 AM]

"1a3e3093"="C:\Users\Rocky\AppData\Local\Temp\rrihacur.dll,b" []

"TOSCDSPD"="TOSCDSPD.EXE" []

"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" []

"MSServer"="C:\Users\Rocky\AppData\Local\Temp\iifcCvVL.dll,#1" []

"cmds"="C:\Users\Rocky\AppData\Local\Temp\iifgHxYs.dll,c" []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [4/27/2008 11:11:39 PM]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [8/8/2000 4:00:00 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-07-20 21:00:36 ------------

And here is the Extra.txt file:

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6001) SP 1.0

Architecture: X86; Language: English

CPU 0: AMD Turion 64 X2 Mobile Technology TL-52

Percentage of Memory in Use: 35%

Physical Memory (total/avail): 1917.32 MiB / 1232.84 MiB

Pagefile Memory (total/avail): 4865.86 MiB / 3974.52 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1906.03 MiB

C: is Fixed (NTFS) - 147.58 GiB total, 100.37 GiB free.

D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - Hitachi HTS541616J9SA00 ATA Device - 149.05 GiB - 2 partitions

\PARTITION0 - Unknown - 1500 MiB

\PARTITION1 (bootable) - Installable File System - 147.58 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.

AUState says computer is ready and waiting.

Windows Internal Firewall is disabled.

FW: ZoneAlarm Firewall v7.1.248.000 (Check Point, LTD.)

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

AS: AVG Anti-Virus Free v8.0 (AVG Technologies) Disabled

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"

"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData

APPDATA=C:\Users\Rocky\AppData\Roaming

CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

CommonProgramFiles=C:\Program Files\Common Files

COMPUTERNAME=ROCKY-PC

ComSpec=C:\Windows\system32\cmd.exe

FP_NO_HOST_CHECK=NO

HOMEDRIVE=C:

HOMEPATH=\Users\Rocky

LOCALAPPDATA=C:\Users\Rocky\AppData\Local

LOGONSERVER=\\ROCKY-PC

NUMBER_OF_PROCESSORS=2

OS=Windows_NT

Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=4802

ProgramData=C:\ProgramData

ProgramFiles=C:\Program Files

PROMPT=$P$G

PUBLIC=C:\Users\Public

QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

SystemDrive=C:

SystemRoot=C:\Windows

TEMP=C:\Users\Rocky\AppData\Local\Temp

TMP=C:\Users\Rocky\AppData\Local\Temp

tvdumpflags=8

USERDOMAIN=Rocky-PC

USERNAME=Rocky

USERPROFILE=C:\Users\Rocky

windir=C:\Windows

-- User Profiles ---------------------------------------------------------------

Rocky

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9

1st Pricing --> MsiExec.exe /I{6C9736CA-121C-427E-A2AC-E2125B0D362D}

Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG

Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\UninstFl.exe -q

Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log

Alleycode HTML Editor 2.2.0 --> "C:\Program Files\Alleycode\unins000.exe"

AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\100\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly

Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}

Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly

ATI Uninstaller --> C:\Program Files\ATI\CIM\Bin\Atisetup.exe -uninstall all

AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Bejeweled 2 Deluxe --> "C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"

Blackhawk Striker 2 --> "C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"

Blasterball 3 --> "C:\Program Files\TOSHIBA Games\Blasterball 3\Uninstall.exe"

Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}

Canon MP Navigator EX 1.0 --> "C:\Program Files\Canon\MP Navigator EX 1.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 1.0\uninst.ini

Canon MX310 series --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series /L0x0009

Canon MX310 series User Registration --> C:\Program Files\Canon\IJEREG\MX310 series\UNINST.EXE

Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini

Canon Utilities Easy-PhotoPrint EX --> C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini

Canon Utilities Solution Menu --> C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini

CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9

deskPDF 2.5 Standard Edition --> "C:\Program Files\Docudesk\deskPDF\unins000.exe"

Desktop Dialer --> C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log

Diner Dash - Flo on the Go --> "C:\Program Files\TOSHIBA Games\Diner Dash - Flo on the Go\Uninstall.exe"

Docudesk GPL Ghostscript 8.15 --> "C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"

DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9

DVD Photo Slideshow Pro 7.77 --> C:\Program Files\DVD Photo Slideshow Professional\uninst.exe

FATE --> "C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe"

Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}

Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Hoyle Casino 2003 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F5FA055-84C1-459B-B0B6-D48D210AE50A}

Internet Offers --> C:\Program Files\Internet Offers\ToshUninst.exe

Java SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall

Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall

Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL

Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL

Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL

Mah Jong Quest --> "C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"

Microsoft Money Plus --> "C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120

Microsoft Money Shared Libraries --> MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}

Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Word 2000 SR-1 --> MsiExec.exe /I{00170409-78E1-11D2-B60F-006097C998E7}

Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

Microsoft Works 2001 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2001\Setup\Launcher.exe D:\

Microsoft Works 6.0 --> MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}

Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{5F629FE8-5B4C-4863-937A-AFC2961F7DD3}

Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

Multiple Image Resizer .NET --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{011D0235-589D-4B60-B952-3507C7E8D8D8}

Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}

oggcodecs 0.71.0946 --> C:\Program Files\illiminable\oggcodecs\uninst.exe

Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}

Penguins! --> "C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"

Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"

Polar Bowler --> "C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"

Polar Golfer --> "C:\Program Files\TOSHIBA Games\Polar Golfer\Uninstall.exe"

Presto! PageManager 7.15.16 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\110\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}\PMSetup.exe" -l0x9 anythinganything -removeonly

Quicken 2007 --> MsiExec.exe /X{0D2E80C8-0875-43EB-9623-47118E2DFBCA}

QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}

RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly

Realtek High Definition Audio Driver --> RtlUpd.exe -r -m

Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}

ScanSoft OmniPage SE 4 --> MsiExec.exe /X{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}

Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409

TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9

TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly

TOSHIBA Disc Creator --> MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}

TOSHIBA DVD PLAYER --> C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly

TOSHIBA Extended Tiles for Windows Mobility Center --> C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409

TOSHIBA Flash Cards Support Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}

TOSHIBA Game Console --> "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"

TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033

TOSHIBA Media Center Game Console --> "C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"

TOSHIBA Music --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\100\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E9C4531-58C4-4349-AD2F-A4D999E451EC}\setup.exe" -l0x9 -removeonly

Toshiba Registration --> MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}

TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}

TOSHIBA Software Modem --> Tosmreg -U

TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\100\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly

TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9

TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL

TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9

TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033

TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409

TurboCAD Deluxe 14 --> MsiExec.exe /I{1EA9F5CC-BD77-48FC-A9AF-E71646F2E55B}

TurboCAD Symbols --> MsiExec.exe /I{5D8D4617-FED5-47C8-B2F4-B2670496746F}

TurboTax Deluxe 2007 --> C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui

TurboTax Deluxe Deduction Maximizer 2006 --> C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui

TurboTax ItsDeductible 2006 --> MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}

Unreal Gold --> C:\UnrealGold\System\Setup.exe uninstall "Unreal Gold"

Update for Office 2007 (KB934528) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}

Update for Office System 2007 Setup (KB929722) --> msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}

VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe

WexTech AnswerWorks --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate

Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}

Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}

ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type8132 / Success

Event Submitted/Written: 07/20/2008 08:28:43 PM

Event ID/Source: 5617 / WinMgmt

Event Description:

Event Record #/Type8131 / Success

Event Submitted/Written: 07/20/2008 08:28:41 PM

Event ID/Source: 5615 / WinMgmt

Event Description:

Event Record #/Type8128 / Success

Event Submitted/Written: 07/20/2008 08:28:37 PM

Event ID/Source: 2570 / Adobe Active File Monitor 6.0

Event Description:

Adobe Active File Monitor Service has Started.

Event Record #/Type8127 / Success

Event Submitted/Written: 07/20/2008 08:28:26 PM

Event ID/Source: 902 / Software Licensing Service

Event Description:

The Software Licensing service has started.

Event Record #/Type8118 / Warning

Event Submitted/Written: 07/20/2008 04:02:47 PM

Event ID/Source: 1530 / profsvc

Event Description:

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -

1 user registry handles leaked from \Registry\User\S-1-5-21-1969151782-3420212453-2874187725-1000_Classes:

Process 1072 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-1969151782-3420212453-2874187725-1000_CLASSES

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type58309 / Error

Event Submitted/Written: 07/20/2008 08:29:35 PM

Event ID/Source: 7000 / Service Control Manager

Event Description:

Parallel port driver%%1058

Event Record #/Type58268 / Warning

Event Submitted/Written: 07/20/2008 08:28:54 PM

Event ID/Source: 19 / Microsoft-Windows-WHEA-Logger

Event Description:

10x110xfffbfda5fffffda50xfffffda5fffffda50x0102562101111730435045520102FFFFFFFF0

3000200000002000000C20600003A1B00001507081400000000000000000000000000000000000000

00000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865A

BE14913BBCD7A2D92C8EAC80102000000000000000000000000000000000000000000000058010000

C00000000102000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000

000000002000000000000000000000000000000000000000000000018020000920200000102000000

000000D5560F3986CA494695C473A408AE58340000000000000000000000000000000002000000000

0000000000000000000000000000000000000AA040000180200000102000000000000E95412E7B9C1

4049AB76909703A4320F0000000000000000000000000000000002000000000000000000000000000

0000000000000000000EF010000000000000000040004010000820F040000000000414D4420547572

696F6E28746D29203634205832204D6F62696C6520546563686E6F6C6F677920544C2D35320000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

100000000000000000000000000000000000000000000000000000000000000000000000000000007

0100000000000001000000000000000008020101200000FFFB8B174014ED840000000000000000000

000000000000000000000000000000000000000000000B3F8F31CB1C5A249AA595EEF92FFA63C0300

0000000000009E0768A603000000A5FDFFFFA5FDFFFF0000000000000000000000000000000000000

000000000000100080080010000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000457250740100000018020000920300000000000000000000000000000000000

00000000002000000000000000000000000000000020000000100000000000000EF01000000000000

0000040004010000820F040000000000414D4420547572696F6E28746D29203634205832204D6F626

96C6520546563686E6F6C6F677920544C2D3532000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000010000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000001000

000920300000100000001000000766241A0C8EAC80101000000000000000100000000000000A5FDFF

FFA5FDFBFFA5FDFFFFA5FDFFFF0000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

000000000000000000000000000000000000000000000000000000000000000000000000000000000

0000000000000000000000000000000000000

Event Record #/Type58265 / Error

Event Submitted/Written: 07/20/2008 08:28:27 PM

Event ID/Source: 15016 / HTTP

Event Description:

\Device\Http\ReqQueueKerberos

Event Record #/Type58252 / Warning

Event Submitted/Written: 07/20/2008 04:03:01 PM

Event ID/Source: 4001 / Microsoft-Windows-WLAN-AutoConfig

Event Description:

Event Record #/Type58233 / Error

Event Submitted/Written: 07/20/2008 04:02:41 PM

Event ID/Source: 10010 / DCOM

Event Description:

{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

-- End of Deckard's System Scanner: finished at 2008-07-20 21:00:36 ------------

Would any of this have anything to do with my touchpad not working? For some reason the drop down menu accessed with the FN+F9 keys just went away. That is the only way I have found to enable/disable the touchpad.

Thanks so much for your help!

Share this post


Link to post
Share on other sites

Sorry it took so long for me to get back to you. Here is the ComboFix file:

(((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))

.

2008-07-20 22:36 . 2008-07-20 22:36 <DIR> d-------- C:\Program Files\Apoint2K

2008-07-20 22:10 . 2006-08-30 04:35 140,800 --a------ C:\Windows\System32\drivers\Apfiltr.sys

2008-07-20 22:10 . 2006-06-08 05:25 100,030 --a------ C:\Windows\System32\Vxdif.dll

2008-07-20 20:50 . 2008-07-20 20:50 <DIR> d-------- C:\Deckard

2008-07-20 13:59 . 2008-07-20 13:59 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf

2008-07-20 13:58 . 2008-07-20 13:58 <DIR> d-------- C:\Program Files\Synaptics

2008-07-19 20:03 . 2008-07-19 20:11 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner

2008-07-19 19:22 . 2008-07-19 19:22 <DIR> d-------- C:\Users\Rocky\AppData\Roaming\Uniblue

2008-07-19 18:58 . 2008-07-19 19:02 <DIR> d-------- C:\HostsXpert 4.2 - Hosts File Manager

2008-07-18 07:38 . 2008-06-25 21:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll

2008-07-18 07:38 . 2008-06-25 21:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll

2008-07-18 07:37 . 2008-06-25 23:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll

2008-07-14 21:27 . 2008-07-15 13:28 <DIR> d--h----- C:\$AVG8.VAULT$

2008-07-14 17:20 . 2008-07-22 22:30 <DIR> d-------- C:\Windows\System32\drivers\Avg

2008-07-14 17:20 . 2008-07-14 17:20 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys

2008-07-14 17:20 . 2008-07-14 17:20 10,520 --a------ C:\Windows\System32\avgrsstx.dll

2008-07-14 17:18 . 2008-07-14 17:18 <DIR> d-------- C:\Users\All Users\avg8

2008-07-14 17:18 . 2008-07-14 17:18 <DIR> d-------- C:\ProgramData\avg8

2008-07-14 17:18 . 2008-07-14 17:18 <DIR> d-------- C:\Program Files\AVG

2008-07-08 17:07 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-07-08 17:07 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-07-08 17:07 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-07-08 17:07 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

2008-07-08 17:07 . 2008-05-09 23:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll

2008-07-08 17:07 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys

2008-07-08 17:07 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll

2008-07-08 17:05 . 2008-05-08 17:59 430,080 --a------ C:\Windows\System32\vbscript.dll

2008-07-08 17:05 . 2008-05-08 17:59 180,224 --a------ C:\Windows\System32\scrobj.dll

2008-07-08 17:05 . 2008-05-08 17:59 172,032 --a------ C:\Windows\System32\scrrun.dll

2008-07-08 17:05 . 2008-05-08 17:59 155,648 --a------ C:\Windows\System32\wscript.exe

2008-07-08 17:05 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\wshom.ocx

2008-07-08 17:05 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\cscript.exe

2008-07-08 17:05 . 2008-05-08 17:59 90,112 --a------ C:\Windows\System32\wshext.dll

2008-07-07 18:20 . 2008-07-07 18:22 <DIR> d-------- C:\Users\Rocky\AppData\Roaming\Canon

2008-07-07 18:17 . 2008-07-07 18:17 <DIR> d-------- C:\Users\Rocky\AppData\Roaming\NewSoft

2008-07-07 18:06 . 2005-06-01 00:28 9,606 --a------ C:\Windows\System32\NEWSOFT

2008-07-07 18:05 . 2008-07-07 18:05 <DIR> d-------- C:\Program Files\Common Files\NewSoft

2008-07-07 18:05 . 1997-10-14 05:19 11,776 --a------ C:\Windows\System32\pmsbfn32.dll

2008-07-07 18:05 . 2008-07-07 18:06 264 --a------ C:\Windows\setup.iss

2008-07-07 18:04 . 2008-07-07 18:04 <DIR> d-------- C:\Windows\System32\Color

2008-07-07 18:04 . 2008-07-07 18:04 <DIR> d-------- C:\Program Files\NewSoft

2008-07-07 18:04 . 2008-07-07 18:04 <DIR> d-------- C:\Program Files\Common Files\PDFView

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\Users\Rocky\AppData\Roaming\ScanSoft

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\Users\All Users\ScanSoft

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\Users\All Users\InstallShield

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\ProgramData\ScanSoft

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\ProgramData\InstallShield

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared

2008-07-07 18:03 . 2008-07-07 18:03 412 --a------ C:\Windows\MAXLINK.INI

2008-07-07 18:02 . 2008-07-07 18:02 <DIR> d-------- C:\Program Files\ScanSoft

2008-07-07 18:01 . 2008-07-07 18:01 <DIR> d-------- C:\Program Files\Common Files\CANON

2008-07-07 17:57 . 2008-07-07 17:57 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information

2008-07-07 17:57 . 2008-07-07 17:57 <DIR> d--h----- C:\Users\All Users\CanonBJ

2008-07-07 17:57 . 2008-07-07 17:57 <DIR> d--h----- C:\ProgramData\CanonBJ

2008-07-07 17:55 . 2007-03-23 12:30 1,400,832 --a------ C:\Windows\System32\CNC310C.DLL

2008-07-07 17:55 . 2007-04-16 01:00 215,040 --a------ C:\Windows\System32\CNMLM8Z.DLL

2008-07-07 17:55 . 2007-03-19 06:39 200,704 --a------ C:\Windows\System32\CNC310L.DLL

2008-07-07 17:55 . 2007-03-15 10:12 188,416 --a------ C:\Windows\System32\CNC310O.DLL

2008-07-07 17:55 . 2007-03-23 12:29 98,304 --a------ C:\Windows\System32\CNC310I.DLL

2008-07-07 17:54 . 2008-07-07 17:54 <DIR> d--h----- C:\Program Files\CanonBJ

2008-07-07 17:54 . 2008-07-07 18:09 <DIR> d-------- C:\Program Files\Canon

2008-07-07 17:54 . 2007-04-25 15:09 151,552 --a------ C:\Windows\System32\CNCF2Ld.DLL

2008-07-07 17:54 . 2007-04-25 15:02 106,496 --a------ C:\Windows\System32\CNCFMSd.EXE

2008-07-07 17:54 . 2007-04-25 15:06 3,584 --a------ C:\Windows\System32\CNCFLdUS.DLL

2008-07-07 17:54 . 2007-04-25 15:06 3,072 --a------ C:\Windows\System32\CNCFLdJP.DLL

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-22 16:27 --------- d-----w C:\ProgramData\Google Updater

2008-07-21 12:03 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml

2008-07-20 17:48 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-20 17:48 --------- d-----w C:\ProgramData\Napster

2008-07-19 23:06 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig(221).xml

2008-07-19 20:12 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-07-19 20:12 --------- d-----w C:\Program Files\Windows Defender

2008-07-19 20:11 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-07-14 02:58 --------- d-----w C:\ProgramData\IMSIDesign

2008-07-07 22:03 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-18 11:53 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-06-16 02:35 89,442 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_06_15_22_18_54_small.dmp.zip

2008-06-16 02:30 3,990,868 ----a-w C:\Windows\Internet Logs\tvDebug.zip

2008-06-10 12:41 174 --sha-w C:\Program Files\desktop.ini

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Mail

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Journal

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Calendar

2008-06-10 11:54 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-10 11:54 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-08 02:50 106,960 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_06_05_21_20_16_small.dmp.zip

2008-05-23 15:57 99,504 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_05_18_07_06_13_small.dmp.zip

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-04-24 01:28 95,489 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_04_23_21_17_10_small.dmp.zip

2007-10-11 01:25 26,138,766 ----a-w C:\Users\Rocky\dps_trial.exe

2007-10-07 03:02 9,679,815 ----a-w C:\Users\Rocky\vlc-0.8.6c-win32.exe

2007-10-07 02:51 163,416 ----a-w C:\Users\Rocky\simpleasx.exe

2007-10-07 02:25 275,744 ----a-w C:\Users\Rocky\RealPlayer11BETA.exe

2007-10-01 10:49 112 ----a-w C:\Users\Rocky\AppData\Roaming\wklnhst.dat

2007-09-28 19:37 884,096 ----a-w C:\Users\Rocky\WGAPluginInstall.exe

2007-09-12 23:37 20,256,064 ----a-w C:\Users\Rocky\QuickTimeInstaller(2).exe

2007-09-12 23:35 20,256,064 ----a-w C:\Users\Rocky\QuickTimeInstaller.exe

2007-09-12 22:45 36,608,368 ----a-w C:\Users\Rocky\Home and Business.exe

2007-09-12 02:24 36,608,368 ----a-w C:\Users\Rocky\MS Money.exe

2007-09-10 00:37 34,522,448 ----a-w C:\Users\Rocky\HP_Vista_MFP_Ph1.exe

2007-08-31 17:30 90,044,964 ----a-w C:\Users\Rocky\TurboCADDeluxe14-ESD.exe

2007-08-11 12:58 51,973,232 ----a-w C:\Users\Rocky\quicken2007hb.exe

2007-08-10 00:55 5,037,072 ----a-w C:\Users\Rocky\Spybot.exe

2007-08-10 00:41 27,719,536 ----a-w C:\Users\Rocky\AVG Antivirus.exe

2007-08-09 22:27 2,855,080 ----a-w C:\Users\Rocky\Adaware.exe

2007-08-03 18:26 36,608,368 ----a-w C:\Users\Rocky\mny2008usbwb.exe

2007-05-17 01:46 262,144 ----a-w C:\ProgramData\ntuser.dat

2008-01-28 03:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-28 03:21 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-28 03:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 04:31 959976]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-14 17:18 1232152]

"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 13:39 411192]

"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 14:46 448632]

"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 19:49 55416]

"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 21:56 538744]

"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 00:42 438272]

"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]

"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]

"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 20:14 34352]

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 21:01 644696]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 21:50 1603152]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 10:21 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk

backup=C:\Windows\pss\Google Updater.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-10-02 15:45 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

--a------ 2007-05-21 14:31 1862144 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]

--a------ 2005-08-17 15:41 749568 C:\Program Files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]

--a------ 2000-08-08 16:00 28739 C:\Program Files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2008-04-03 19:24 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]

--a------ 2000-08-08 16:00 24576 C:\Program Files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

--a------ 2007-04-25 14:14 4444160 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

--a------ 2007-04-13 18:36 1822720 C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CE513C88-9A21-418B-AB73-04BFB2459BC3}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox

"{7F3441C5-2BD3-4689-AC0C-F6C1961D4F39}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox

"{2FD54F10-3F17-4F1E-866A-FA8B2FD5EE86}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{9B1420B6-BE91-448D-BC98-4C1B8B2F9009}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9B554924-1BC8-4A66-8F06-4FBC073DD36C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{C5C3D862-E14C-401C-BAB8-0811F186CC6D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{6FD7AB61-79AB-44D2-AF8F-66BD47D794E9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{C3D8025F-BEAB-4C51-BB0D-C012A845C806}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{FCF0C7CF-7C83-4F3F-BDB3-A471EB21FDE7}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{9885954A-3689-4BE5-80F4-47D844D485CD}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax

"{2A90C522-D0C4-4639-AE91-142AA635FE1A}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax

"{8C955974-4088-40E5-A91B-DBAE9A369560}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager

"{C84692CF-9616-4223-B00B-90E181CFD93A}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager

"{994EA660-4727-40E2-BB1A-6B3C870D3D65}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine

"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-14 17:20]

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 15:46]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 17:18]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 01:07]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

HKLM-Run-MskAgentexe - C:\Program Files\McAfee\MSK\MskAgent.exe

HKLM-Run-HWSetup - \HWSetup.exe

HKLM-Run-NDSTray.exe - NDSTray.exe

MSConfigStartUp-1a3e3093 - C:\Users\Rocky\AppData\Local\Temp\rrihacur.dll

MSConfigStartUp-cmds - C:\Users\Rocky\AppData\Local\Temp\iifgHxYs.dll

MSConfigStartUp-MSServer - C:\Users\Rocky\AppData\Local\Temp\iifcCvVL.dll

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://yahoo.com/

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-23 06:18:04

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-23 6:21:04

ComboFix-quarantined-files.txt 2008-07-23 10:20:57

Pre-Run: 107,136,249,856 bytes free

Post-Run: 106,826,579,968 bytes free

246 --- E O F --- 2008-07-23 09:44:41

And here is the HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:34:58 AM, on 7/23/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Rocky\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--

End of file - 7569 bytes

Share this post


Link to post
Share on other sites

Hello,

It appears some of your log got cut off. Please go to C:\ComboFix.txt and copy and paste the full log.

Share this post


Link to post
Share on other sites

Both of the files I was concerned with are now no longer in the start up list. Isn't that what I was looking for? I thought I posted the whole log but here it is again.

ComboFix 08-07-22.4 - Rocky 2008-07-23 7:36:50.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1243 [GMT -4:00]

Running from: C:\Users\Rocky\Desktop\ComboFix.exe

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))

.

2008-07-20 20:50 . 2008-07-20 20:50 <DIR> d-------- C:\Deckard

2008-07-20 13:58 . 2008-07-20 13:58 <DIR> d-------- C:\Program Files\Synaptics

2008-07-19 20:03 . 2008-07-19 20:11 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner

2008-07-19 19:22 . 2008-07-19 19:22 <DIR> d-------- C:\Users\Rocky\AppData\Roaming\Uniblue

2008-07-19 18:58 . 2008-07-19 19:02 <DIR> d-------- C:\HostsXpert 4.2 - Hosts File Manager

2008-07-14 21:27 . 2008-07-23 07:07 <DIR> d--h----- C:\$AVG8.VAULT$

2008-07-14 17:20 . 2008-07-23 07:05 <DIR> d-------- C:\Windows\System32\drivers\Avg

2008-07-14 17:20 . 2008-07-14 17:20 96,520 --a------ C:\Windows\System32\drivers\avgldx86.sys

2008-07-14 17:20 . 2008-07-14 17:20 10,520 --a------ C:\Windows\System32\avgrsstx.dll

2008-07-14 17:18 . 2008-07-14 17:18 <DIR> d-------- C:\Users\All Users\avg8

2008-07-14 17:18 . 2008-07-14 17:18 <DIR> d-------- C:\ProgramData\avg8

2008-07-14 17:18 . 2008-07-14 17:18 <DIR> d-------- C:\Program Files\AVG

2008-07-08 17:07 . 2008-04-26 04:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe

2008-07-08 17:07 . 2008-04-26 04:25 3,549,240 --a------ C:\Windows\System32\ntoskrnl.exe

2008-07-08 17:07 . 2008-04-26 04:26 891,448 --a------ C:\Windows\System32\drivers\tcpip.sys

2008-07-08 17:07 . 2008-04-11 23:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll

2008-07-08 17:07 . 2008-05-09 23:35 564,736 --a------ C:\Windows\System32\emdmgmt.dll

2008-07-08 17:07 . 2008-04-04 21:21 72,192 --a------ C:\Windows\System32\drivers\pacer.sys

2008-07-08 17:07 . 2008-04-04 23:34 15,360 --a------ C:\Windows\System32\pacerprf.dll

2008-07-08 17:05 . 2008-05-08 17:59 430,080 --a------ C:\Windows\System32\vbscript.dll

2008-07-08 17:05 . 2008-05-08 17:59 180,224 --a------ C:\Windows\System32\scrobj.dll

2008-07-08 17:05 . 2008-05-08 17:59 172,032 --a------ C:\Windows\System32\scrrun.dll

2008-07-08 17:05 . 2008-05-08 17:59 155,648 --a------ C:\Windows\System32\wscript.exe

2008-07-08 17:05 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\wshom.ocx

2008-07-08 17:05 . 2008-05-08 17:58 135,168 --a------ C:\Windows\System32\cscript.exe

2008-07-08 17:05 . 2008-05-08 17:59 90,112 --a------ C:\Windows\System32\wshext.dll

2008-07-07 18:20 . 2008-07-07 18:22 <DIR> d-------- C:\Users\Rocky\AppData\Roaming\Canon

2008-07-07 18:17 . 2008-07-07 18:17 <DIR> d-------- C:\Users\Rocky\AppData\Roaming\NewSoft

2008-07-07 18:06 . 2005-06-01 00:28 9,606 --a------ C:\Windows\System32\NEWSOFT

2008-07-07 18:05 . 2008-07-07 18:05 <DIR> d-------- C:\Program Files\Common Files\NewSoft

2008-07-07 18:05 . 1997-10-14 05:19 11,776 --a------ C:\Windows\System32\pmsbfn32.dll

2008-07-07 18:05 . 2008-07-07 18:06 264 --a------ C:\Windows\setup.iss

2008-07-07 18:04 . 2008-07-07 18:04 <DIR> d-------- C:\Windows\System32\Color

2008-07-07 18:04 . 2008-07-07 18:04 <DIR> d-------- C:\Program Files\NewSoft

2008-07-07 18:04 . 2008-07-07 18:04 <DIR> d-------- C:\Program Files\Common Files\PDFView

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\Users\Rocky\AppData\Roaming\ScanSoft

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\Users\All Users\ScanSoft

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\Users\All Users\InstallShield

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\ProgramData\ScanSoft

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\ProgramData\InstallShield

2008-07-07 18:03 . 2008-07-07 18:03 <DIR> d-------- C:\Program Files\Common Files\ScanSoft Shared

2008-07-07 18:03 . 2008-07-07 18:03 412 --a------ C:\Windows\MAXLINK.INI

2008-07-07 18:02 . 2008-07-07 18:02 <DIR> d-------- C:\Program Files\ScanSoft

2008-07-07 18:01 . 2008-07-07 18:01 <DIR> d-------- C:\Program Files\Common Files\CANON

2008-07-07 17:57 . 2008-07-07 17:57 <DIR> d--h----- C:\Windows\System32\CanonIJ Uninstaller Information

2008-07-07 17:57 . 2008-07-07 17:57 <DIR> d--h----- C:\Users\All Users\CanonBJ

2008-07-07 17:57 . 2008-07-07 17:57 <DIR> d--h----- C:\ProgramData\CanonBJ

2008-07-07 17:55 . 2007-03-23 12:30 1,400,832 --a------ C:\Windows\System32\CNC310C.DLL

2008-07-07 17:55 . 2007-04-16 01:00 215,040 --a------ C:\Windows\System32\CNMLM8Z.DLL

2008-07-07 17:55 . 2007-03-19 06:39 200,704 --a------ C:\Windows\System32\CNC310L.DLL

2008-07-07 17:55 . 2007-03-15 10:12 188,416 --a------ C:\Windows\System32\CNC310O.DLL

2008-07-07 17:55 . 2007-03-23 12:29 98,304 --a------ C:\Windows\System32\CNC310I.DLL

2008-07-07 17:54 . 2008-07-07 17:54 <DIR> d--h----- C:\Program Files\CanonBJ

2008-07-07 17:54 . 2008-07-07 18:09 <DIR> d-------- C:\Program Files\Canon

2008-07-07 17:54 . 2007-04-25 15:09 151,552 --a------ C:\Windows\System32\CNCF2Ld.DLL

2008-07-07 17:54 . 2007-04-25 15:02 106,496 --a------ C:\Windows\System32\CNCFMSd.EXE

2008-07-07 17:54 . 2007-04-25 15:06 3,584 --a------ C:\Windows\System32\CNCFLdUS.DLL

2008-07-07 17:54 . 2007-04-25 15:06 3,072 --a------ C:\Windows\System32\CNCFLdJP.DLL

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-23 11:29 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig.xml

2008-07-23 10:59 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-07-23 10:59 --------- d-----w C:\Program Files\Windows Defender

2008-07-23 10:59 --------- d-----w C:\Program Files\Napster

2008-07-23 10:59 --------- d-----w C:\Program Files\Common Files\Napster Shared

2008-07-23 10:59 --------- d-----w C:\Program Files\Apoint2K

2008-07-22 16:27 --------- d-----w C:\ProgramData\Google Updater

2008-07-20 17:48 --------- d-----w C:\ProgramData\Napster

2008-07-19 20:12 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-07-19 20:11 --------- d-----w C:\ProgramData\Spybot - Search & Destroy

2008-07-15 10:40 352,614 ---ha-w C:\Windows\system32\drivers\vsconfig(1346).xml

2008-07-14 02:58 --------- d-----w C:\ProgramData\IMSIDesign

2008-07-07 22:03 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-06-18 11:53 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-06-16 02:35 89,442 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_06_15_22_18_54_small.dmp.zip

2008-06-16 02:30 3,990,868 ----a-w C:\Windows\Internet Logs\tvDebug.zip

2008-06-10 12:41 174 --sha-w C:\Program Files\desktop.ini

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Mail

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Journal

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-10 12:29 --------- d-----w C:\Program Files\Windows Calendar

2008-06-10 11:54 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-10 11:54 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-08 02:50 106,960 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_06_05_21_20_16_small.dmp.zip

2008-05-23 15:57 99,504 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_05_18_07_06_13_small.dmp.zip

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll

2008-04-24 01:28 95,489 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2008_04_23_21_17_10_small.dmp.zip

2007-10-11 01:25 26,138,766 ----a-w C:\Users\Rocky\dps_trial.exe

2007-10-07 03:02 9,679,815 ----a-w C:\Users\Rocky\vlc-0.8.6c-win32.exe

2007-10-07 02:51 163,416 ----a-w C:\Users\Rocky\simpleasx.exe

2007-10-07 02:25 275,744 ----a-w C:\Users\Rocky\RealPlayer11BETA.exe

2007-10-01 10:49 112 ----a-w C:\Users\Rocky\AppData\Roaming\wklnhst.dat

2007-09-28 19:37 884,096 ----a-w C:\Users\Rocky\WGAPluginInstall.exe

2007-09-12 23:37 20,256,064 ----a-w C:\Users\Rocky\QuickTimeInstaller(2).exe

2007-09-12 23:35 20,256,064 ----a-w C:\Users\Rocky\QuickTimeInstaller.exe

2007-09-12 22:45 36,608,368 ----a-w C:\Users\Rocky\Home and Business.exe

2007-09-12 02:24 36,608,368 ----a-w C:\Users\Rocky\MS Money.exe

2007-09-10 00:37 34,522,448 ----a-w C:\Users\Rocky\HP_Vista_MFP_Ph1.exe

2007-08-31 17:30 90,044,964 ----a-w C:\Users\Rocky\TurboCADDeluxe14-ESD.exe

2007-08-11 12:58 51,973,232 ----a-w C:\Users\Rocky\quicken2007hb.exe

2007-08-10 00:55 5,037,072 ----a-w C:\Users\Rocky\Spybot.exe

2007-08-10 00:41 27,719,536 ----a-w C:\Users\Rocky\AVG Antivirus.exe

2007-08-09 22:27 2,855,080 ----a-w C:\Users\Rocky\Adaware.exe

2007-08-03 18:26 36,608,368 ----a-w C:\Users\Rocky\mny2008usbwb.exe

2007-05-17 01:46 262,144 ----a-w C:\ProgramData\ntuser.dat

2008-01-28 03:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-28 03:21 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-28 03:21 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 03:33 125952]

"TOSCDSPD"="TOSCDSPD.EXE" [bU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 18:21 180224]

"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 03:33 227840]

"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-09 04:31 959976]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-14 17:18 1232152]

"WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 08:35 20480]

"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-08-08 16:00 24576]

"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 13:39 411192]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-03 19:24 185896]

"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 00:42 438272]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]

"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472]

"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 14:46 448632]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]

"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 12:02 79400]

"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [bU]

"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-08 16:00 28739]

"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2005-08-17 15:41 749568]

"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 20:14 34352]

"HWSetup"="\HWSetup.exe" [bU]

"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 19:49 55416]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-21 14:31 1862144]

"CanonSolutionMenu"="C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 21:01 644696]

"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 21:50 1603152]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 15:45 67488]

"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 21:56 538744]

"Skytel"="Skytel.exe" [2007-04-13 18:36 1822720 C:\Windows\SkyTel.exe]

"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 14:14 4444160 C:\Windows\RtHDVCpl.exe]

"NDSTray.exe"="NDSTray.exe" [bU]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-27 23:11:39 124400]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-08-08 16:00:00 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CE513C88-9A21-418B-AB73-04BFB2459BC3}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox

"{7F3441C5-2BD3-4689-AC0C-F6C1961D4F39}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox

"{2FD54F10-3F17-4F1E-866A-FA8B2FD5EE86}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

"{9B1420B6-BE91-448D-BC98-4C1B8B2F9009}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{9B554924-1BC8-4A66-8F06-4FBC073DD36C}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"TCP Query User{C5C3D862-E14C-401C-BAB8-0811F186CC6D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox

"UDP Query User{6FD7AB61-79AB-44D2-AF8F-66BD47D794E9}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

"{C3D8025F-BEAB-4C51-BB0D-C012A845C806}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{FCF0C7CF-7C83-4F3F-BDB3-A471EB21FDE7}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server

"{9885954A-3689-4BE5-80F4-47D844D485CD}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax

"{2A90C522-D0C4-4639-AE91-142AA635FE1A}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:TurboTax

"{8C955974-4088-40E5-A91B-DBAE9A369560}"= UDP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager

"{C84692CF-9616-4223-B00B-90E181CFD93A}"= TCP:C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:TurboTax Update Manager

"{994EA660-4727-40E2-BB1A-6B3C870D3D65}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine

"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-14 17:20]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-14 17:18]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-04-25 01:07]

S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 15:46]

*Newly Created Service* - CATCHME

*Newly Created Service* - PROCEXP90

.

.

------- Supplementary Scan -------

.

R0 -: HKCU-Main,Start Page = hxxp://yahoo.com/

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-23 07:41:02

Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-23 7:43:06

ComboFix-quarantined-files.txt 2008-07-23 11:42:59

ComboFix2.txt 2008-07-23 10:21:05

Pre-Run: 105,769,029,632 bytes free

Post-Run: 105,993,289,728 bytes free

223 --- E O F --- 2008-07-23 11:11:08

Share this post


Link to post
Share on other sites

Hello again,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Share this post


Link to post
Share on other sites

OK, here is the log. It found nothing. I guess that means I am good to go, right?

Malwarebytes' Anti-Malware 1.23

Database version: 993

Windows 6.0.6001 Service Pack 1

7:16:41 PM 7/25/2008

mbam-log-7-25-2008 (19-16-41).txt

Scan type: Full Scan (C:\|)

Objects scanned: 152510

Time elapsed: 2 hour(s), 2 minute(s), 45 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Nice job your log looks clean!

Please use the following suggestions to help prevent reinfection.

Also, you may delete any tools I had you download during the cleaning process.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again. As a note, all of the tools and utilities mentioned are either free or have free versions available.

SpywareBlaster - Great prevention tool to keep malware from installing on your system.

**Tutorial on installing & using this product can be found HERE**

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

**Tutorial on installing & using this product can be found HERE**

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

**Tutorial on installing & using this product can be found HERE**

ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out malware that like to reside in the temp folders.

Firewall A firewall is very important, in order to protect your computer from hackers. I notice that you don't have one installed! Therefore I recommend Comodo, Online Armor, or Outpost.

**Tutorial on Firewalls can be found HERE**

It is important to run only one of each type of protection program in resident mode at a time since conflicts can make them less effective. This would mean only one resident antivirus, firewall and scanning type of anti-spyware. Programs like SpywareBlaster and IE-Spyads do not conflict with any of these since they don't have a real time scanning engine that would conflict.

Windows Updates - It is highly recommended to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

It is also highly recommended to stay on top of your updates at all times, for Windows and all the above mentioned applications. This will ensure that you stay protected at the maximum level possible.

Finally, I strongly recommend action-smiley-036.gifHow did I get infected in the first place? (by Tony Klein)

Good luck and safe surfing :)

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.