Author Topic: redirected links (Read 1010 times)

nunya53 · « **on:** October 08, 2007, 10:38:48 AM »

I've had problems lately of links being redirected. My kids use the computer more and more lately, so who knows the stuff they allow. Anyway, here is a Hijack This log...hopefully there is something there......thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:50 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system\CmFlywav.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\WINDOWS\system\CMAS2DS.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JERRYR~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/term...,2007,0726,1518
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://securera.edwardjones.com/policy/dow...,2007,0223,0322
O17 - HKLM\System\CCS\Services\Tcpip\..\{071C03DB-3447-4932-A0FF-56F75E596334}: NameServer = 85.255.116.165,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{512E836A-7D26-4AAF-9CBA-9E2A7320C6B1}: NameServer = 85.255.116.165,85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{071C03DB-3447-4932-A0FF-56F75E596334}: NameServer = 85.255.116.165,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11299 bytes

guestolo · « **Reply #1 on:** October 08, 2007, 10:59:10 AM »

download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Leave it on your desktop for now, we will need it later

Do a "System scan only" with Hijackthis and put a check next to these entries:

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JERRYR~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{071C03DB-3447-4932-A0FF-56F75E596334}: NameServer = 85.255.116.165,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{512E836A-7D26-4AAF-9CBA-9E2A7320C6B1}: NameServer = 85.255.116.165,85.255.112.220

O17 - HKLM\System\CS1\Services\Tcpip\..\{071C03DB-3447-4932-A0FF-56F75E596334}: NameServer = 85.255.116.165,85.255.112.220

NOTE: ONLY tick the 017 entries I mentioned above

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Don't worry if you get any error messages. Just carry on with the rest of the instructions

Fixwareout
Double click on Fixwareout.exe on desktop
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Back in Windows
Download this file - Combofix.exe and save it ONLY to your desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

I need you to post back here all the following, even if it takes more than one reply to do so

1. Post the log from Combofix
2. Post a fresh HijackThis log
3. Post the report from Fixwareout>>report.txt in the C:\Fixwareout folder

nunya53 · « **Reply #2 on:** October 08, 2007, 12:32:00 PM »

Thanks....

Here is the combofix log....

ComboFix 07-10-07.2 - Jerry Rathke 2007-10-08 12:14:16.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.484 [GMT -5:00]
Running from: C:\Documents and Settings\Jerry Rathke\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.

2007-10-08 12:13   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-08 10:33   <DIR>   d--------   C:\Program Files\Trend Micro
2007-10-01 14:55   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-01 14:54   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-09-27 14:08   <DIR>   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\WinRAR
2007-09-20 18:33   81,920   --a------   C:\Documents and Settings\Jerry Rathke\Application Data\ezpinst.exe
2007-09-20 18:33   47,360   --a------   C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-20 18:33   47,360   --a------   C:\Documents and Settings\Jerry Rathke\Application Data\pcouffin.sys
2007-09-20 18:33   14   --a------   C:\WINDOWS\system32\systeminfo3.dll
2007-09-20 18:33   <DIR>   d--------   C:\Program Files\CloneDVD
2007-09-20 18:33   <DIR>   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Vso
2007-09-20 18:33   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\DVDXStudio
2007-09-19 20:10   <DIR>   d--------   C:\Program Files\F5
2007-09-15 09:44   <DIR>   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Printer Info Cache
2007-09-15 09:44   <DIR>   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Image Zone Express

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 16:35   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\AdobeUM
2007-10-05 14:39   ---------   d--------   C:\Program Files\SpywareBlaster
2007-10-01 14:56   ---------   d--------   C:\Program Files\Lavasoft
2007-10-01 14:55   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Lavasoft
2007-09-30 09:54   43520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-29 14:44   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\HP
2007-09-22 07:49   ---------   d--------   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-19 06:31   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 19:04   ---------   d--------   C:\Program Files\Common Files\HP
2007-09-05 21:09   ---------   d--------   C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-09-05 10:34   ---------   d--------   C:\Program Files\QuickTime
2007-09-05 10:18   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\DivX
2007-09-05 10:15   ---------   d--------   C:\Program Files\DivX
2007-09-02 14:52   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-09-02 14:52   ---------   d--------   C:\Program Files\Linksys
2007-09-02 09:01   ---------   d--------   C:\Program Files\BitComet
2007-09-01 18:50   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Atari
2007-09-01 18:49   ---------   d--------   C:\Program Files\Common Files\PocketSoft
2007-09-01 18:49   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Leadertech
2007-09-01 18:44   ---------   d--------   C:\Program Files\Atari
2007-09-01 12:22   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-01 09:09   359808   --a------   C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-01 09:06   ---------   d--------   C:\Program Files\Google
2007-08-29 07:23   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Google
2007-08-29 07:20   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Google
2007-08-27 19:57   ---------   d--------   C:\Program Files\MSN Messenger
2007-08-27 17:24   ---------   d--------   C:\Program Files\HP
2007-08-26 18:21   ---------   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2007-08-26 18:21   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-08-26 17:21   ---------   d--------   C:\Program Files\iTunes
2007-08-26 17:21   ---------   d--------   C:\Program Files\iPod
2007-08-26 17:21   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Apple Computer
2007-08-26 17:21   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-26 17:19   ---------   d--------   C:\Program Files\Apple Software Update
2007-08-26 17:18   ---------   d--------   C:\Program Files\Common Files\Apple
2007-08-26 17:18   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Apple
2007-08-26 16:54   ---------   d--------   C:\Program Files\Stardock
2007-08-26 16:26   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Windows Desktop Search
2007-08-26 16:25   ---------   d--------   C:\Program Files\Windows Desktop Search
2007-08-26 16:12   ---------   d--------   C:\Program Files\MSBuild
2007-08-26 16:12   ---------   d--------   C:\Program Files\Microsoft Works
2007-08-26 16:10   ---------   d--------   C:\Program Files\Microsoft.NET
2007-08-26 16:08   ---------   d--------   C:\Program Files\Microsoft Visual Studio 8
2007-08-26 15:59   ---------   d--------   C:\Program Files\Linksys Wireless-G Music Bridge
2007-08-26 15:50   ---------   d--------   C:\Program Files\Sonic
2007-08-26 15:49   ---------   d--------   C:\Program Files\Napster
2007-08-26 15:49   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Napster
2007-08-26 15:48   ---------   d--------   C:\Program Files\Quicken
2007-08-26 15:47   ---------   d--------   C:\Program Files\Notebook Maximizer
2007-08-26 15:46   ---------   d--------   C:\Program Files\Symantec
2007-08-26 15:46   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-26 15:35   ---------   d--------   C:\Program Files\Pure Networks
2007-08-26 15:33   ---------   d--------   C:\Program Files\Common Files\AOL
2007-08-26 15:31   ---------   d--------   C:\Program Files\DVD Shrink
2007-08-26 15:31   ---------   d--------   C:\Program Files\DVD Decrypter
2007-08-26 15:28   ---------   d--------   C:\Documents and Settings\All Users\Application Data\AOL
2007-08-26 15:27   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\AOL
2007-08-26 15:25   ---------   d--------   C:\Program Files\MSXML 4.0
2007-08-26 15:23   ---------   d--------   C:\Program Files\MSXML 6.0
2007-08-26 15:17   ---------   d--------   C:\Program Files\Reference Assemblies
2007-08-26 15:16   ---------   d--------   C:\Program Files\Windows Media Connect 2
2007-08-26 15:10   ---------   d--------   C:\Program Files\ArcSoft
2007-08-26 14:37   ---------   d--------   C:\Documents and Settings\All Users\Application Data\HP
2007-08-26 14:32   ---------   d--------   C:\Program Files\Hewlett-Packard
2007-08-26 14:32   ---------   d--------   C:\Program Files\Common Files\Hewlett-Packard
2007-07-30 21:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 21:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 21:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 21:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 21:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 21:19   271224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-07-30 21:19   207736   --a------   C:\WINDOWS\system32\muweb.dll
2007-07-30 21:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 21:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 21:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-26 18:06   524288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-07-26 18:06   3596288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 18:06   200704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-07-26 18:06   144704   --a------   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 18:06   129784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-07-26 18:06   120056   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 18:06   118520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 18:06   1044480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-07-26 18:03   823296   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 18:03   823296   --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 18:03   81920   --a------   C:\WINDOWS\system32\dpl100.dll
2007-07-26 18:03   802816   --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 18:03   740442   --a------   C:\WINDOWS\system32\DivX.dll
2007-07-26 18:03   593920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 18:03   57344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-07-26 18:03   53248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 18:03   344064   --a------   C:\WINDOWS\system32\dpus11.dll
2007-07-26 18:03   294912   --a------   C:\WINDOWS\system32\dpu11.dll
2007-07-26 18:03   294912   --a------   C:\WINDOWS\system32\dpu10.dll
2007-07-26 18:03   196608   --a------   C:\WINDOWS\system32\dtu100.dll
2007-07-26 18:03   12288   --a------   C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-06-14 07:00]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-14 22:17]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 03:04]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 23:10]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-14 12:29]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47]
"NDSTray.exe"="NDSTray.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 04:41]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 02:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 08:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 22:15]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-09-05 18:46]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"CmFlywav"="C:\WINDOWS\system\CmFlywav.exe" [2006-05-19 15:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-08-26 18:21:18]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 06:21:22]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-10 16:15:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 17:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-13 12:57 221184 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Drivers\EKIoMngr.sys
R1 SrvcEPECioctl;SrvcEPECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\system32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\system32\Drivers\TPIoMngr.sys
R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys
R3 cmvad;Linksys Wireless-G Music Bridge Interface;C:\WINDOWS\system32\drivers\cmudaxv.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\system32\Drivers\hkdrv.sys
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
S3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
S3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-08-26 22:19:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 12:16:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 12:17:23
.
   --- E O F ---

nunya53 · « **Reply #3 on:** October 08, 2007, 12:33:55 PM »

...and here is the Hijackthis log.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:13 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system\CmFlywav.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system\CMAS2DS.EXE
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/term...,2007,0726,1518
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://securera.edwardjones.com/policy/dow...,2007,0223,0322
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10708 bytes

nunya53 · « **Reply #4 on:** October 08, 2007, 12:36:03 PM »

...and finally, the Fixwareout report....

Username "Jerry Rathke" - 10/08/2007 11:57:14 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{95ED3546-EB6B-4DAF-932E-6B91403C9384}
"DhcpNameServer"="85.255.116.165,85.255.112.220" <Value cleared.

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"EzButton"="C:\\Program Files\\EzButton\\EzButton.EXE"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"NDSTray.exe"="NDSTray.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"CmFlywav"="C:\\WINDOWS\\system\\CmFlywav.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

guestolo · « **Reply #5 on:** October 08, 2007, 01:13:58 PM »

[color=\"blue\"]Your Java Runtime Environment is out of date.[/color] Older versions have vulnerabilities that malware can use to infect your system.

Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3, The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement[/i]".
The page will refresh.
Click on the link to download Windows Offline Installation, Multi-language and save it to your desktop (13.93 MB).

DON'T install it yet

Close all browser windows, including this one
# Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
# Check any item with Java Runtime Environment (JRE or J2SE) in the name
# Click the Remove or Change/Remove button.
# Repeat as many times as necessary to remove each Java versions.
Examples of older versions:
Java SE Runtime Environment 5 Update 6
Java SE Runtime Environment 5 Update 11
Java 2 Runtime Environment, SE v1.4.2

Reboot the computer
Back in Windows, go ahead and install the latest version of Java from the installer on desktop

NOTE:
These 2 entries in your log
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Are related to OpenDNS server, have you, or any other member of the family set this?
Have you recently run a scan with Spybot?
The server is used legitimately, but not always user defined
And being found when a Search engine redirect infection is found in a log
Spybot may have set those entries
Can you do me a favor, Open Spybot and Search for updates
Afterwards, check for problems, when the scan is complete,
RIGHT CLICK in the results pane and Save a complete report to desktop
Post that report back here
Let me know if you intentionally set those entries

nunya53 · « **Reply #6 on:** October 08, 2007, 02:50:45 PM »

here are the results of the spybot scan....I have run it within the past couple of weeks, but there were four updates. As far as setting the other items you asked about, I didn't intentionally make those settings....--- Search result list ---Congratulations!: No immediate threats were found. () --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---2005-05-31 blindman.exe (1.0.0.1)2005-05-31 SpybotSD.exe (1.4.0.3)2005-05-31 TeaTimer.exe (1.4.0.2)2007-09-01 unins000.exe (51.41.0.0)2005-05-31 Update.exe (1.4.0.0)2007-05-23 advcheck.dll (1.5.3.0)2005-05-31 aports.dll (2.1.0.0)2005-05-31 borlndmm.dll (7.0.4.453)2005-05-31 delphimm.dll (7.0.4.453)2005-05-31 SDHelper.dll (1.4.0.0)2007-07-31 Tools.dll (2.1.2.0)2005-05-31 UnzDll.dll (1.73.1.1)2005-05-31 ZipDll.dll (1.73.2.0)2007-10-04 Includes\Cookies.sbi (*)2007-07-25 Includes\Dialer.sbi (*)2007-10-04 Includes\DialerC.sbi (*)2007-08-29 Includes\Hijackers.sbi (*)2007-10-04 Includes\HijackersC.sbi (*)2007-10-04 Includes\Keyloggers.sbi (*)2007-10-04 Includes\KeyloggersC.sbi (*)2007-10-04 Includes\Malware.sbi (*)2007-10-04 Includes\MalwareC.sbi (*)2007-09-05 Includes\PUPS.sbi (*)2007-10-04 Includes\PUPSC.sbi (*)2007-10-04 Includes\Revision.sbi (*)2007-05-30 Includes\Security.sbi (*)2007-10-04 Includes\SecurityC.sbi (*)2007-09-12 Includes\Spybots.sbi (*)2007-10-04 Includes\SpybotsC.sbi (*)2007-08-21 Includes\Tracks.uti2007-10-04 Includes\Trojans.sbi (*)2007-10-04 Includes\TrojansC.sbi (*)2007-06-06 Plugins\TCPIPAddress.dll--- System information ---Windows XP (Build: 2600) Service Pack 2 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \nIf you later install a more recent service pack, this Security Update will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/917283 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \nIf you later install a more recent service pack, this Security Update will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/922770 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \nIf you later install a more recent service pack, this Security Update will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/928365 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399) / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782) / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683) / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398) / Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782) / Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. \nIf you later install a more recent service pack, this Hotfix will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/932471 / Windows XP: Security Update for Windows XP (KB923689) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127) / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP / Windows XP / SP3: Windows XP Hotfix - KB873339 / Windows XP / SP3: Windows XP Hotfix - KB885835 / Windows XP / SP3: Windows XP Hotfix - KB885836 / Windows XP / SP3: Windows XP Hotfix - KB886185 / Windows XP / SP3: Windows XP Hotfix - KB887472 / Windows XP / SP3: Windows XP Hotfix - KB888302 / Windows XP / SP3: Security Update for Windows XP (KB890046) / Windows XP / SP3: Windows XP Hotfix - KB890859 / Windows XP / SP3: Windows XP Hotfix - KB891781 / Windows XP / SP3: Security Update for Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Update for Windows XP (KB894391) / Windows XP / SP3: Hotfix for Windows XP (KB896344) / Windows XP / SP3: Security Update for Windows XP (KB896358) / Windows XP / SP3: Security Update for Windows XP (KB896423) / Windows XP / SP3: Security Update for Windows XP (KB896428) / Windows XP / SP3: Update for Windows XP (KB898461) / Windows XP / SP3: Security Update for Windows XP (KB899587) / Windows XP / SP3: Security Update for Windows XP (KB899591) / Windows XP / SP3: Update for Windows XP (KB900485) / Windows XP / SP3: Security Update for Windows XP (KB900725) / Windows XP / SP3: Security Update for Windows XP (KB901017) / Windows XP / SP3: Security Update for Windows XP (KB901214) / Windows XP / SP3: Security Update for Windows XP (KB902400) / Windows XP / SP3: Security Update for Windows XP (KB904706) / Windows XP / SP3: Update for Windows XP (KB904942) / Windows XP / SP3: Security Update for Windows XP (KB905414) / Windows XP / SP3: Security Update for Windows XP (KB905749) / Windows XP / SP3: Security Update for Windows XP (KB908519) / Windows XP / SP3: Update for Windows XP (KB908531) / Windows XP / SP3: Update for Windows XP (KB910437) / Windows XP / SP3: Update for Windows XP (KB911280) / Windows XP / SP3: Security Update for Windows XP (KB911562) / Windows XP / SP3: Security Update for Windows XP (KB911927) / Windows XP / SP3: Security Update for Windows XP (KB913580) / Windows XP / SP3: Security Update for Windows XP (KB914388) / Windows XP / SP3: Security Update for Windows XP (KB914389) / Windows XP / SP3: Hotfix for Windows XP (KB914440) / Windows XP / SP3: Hotfix for Windows XP (KB915800) / Windows XP / SP3: Hotfix for Windows XP (KB915865) / Windows XP / SP3: Update for Windows XP (KB916595) / Windows XP / SP3: Security Update for Windows XP (KB917344) / Windows XP / SP3: Security Update for Windows XP (KB917953) / Windows XP / SP3: Security Update for Windows XP (KB918118) / Windows XP / SP3: Security Update for Windows XP (KB918439) / Windows XP / SP3: Security Update for Windows XP (KB919007) / Windows XP / SP3: Security Update for Windows XP (KB920213) / Windows XP / SP3: Update for Windows XP (KB920342) / Windows XP / SP3: Security Update for Windows XP (KB920670) / Windows XP / SP3: Security Update for Windows XP (KB920683) / Windows XP / SP3: Security Update for Windows XP (KB920685) / Windows XP / SP3: Update for Windows XP (KB920872) / Windows XP / SP3: Security Update for Windows XP (KB921503) / Windows XP / SP3: Update for Windows XP (KB922582) / Windows XP / SP3: Security Update for Windows XP (KB922819) / Windows XP / SP3: Security Update for Windows XP (KB923191) / Windows XP / SP3: Security Update for Windows XP (KB923414) / Windows XP / SP3: Security Update for Windows XP (KB923980) / Windows XP / SP3: Security Update for Windows XP (KB924270) / Windows XP / SP3: Security Update for Windows XP (KB924496) / Windows XP / SP3: Security Update for Windows XP (KB924667) / Windows XP / SP3: Update for Windows XP (KB925720) / Windows XP / SP3: Update for Windows XP (KB925876) / Windows XP / SP3: Security Update for Windows XP (KB925902) / Windows XP / SP3: Hotfix for Windows XP (KB926239) / Windows XP / SP3: Security Update for Windows XP (KB926255) / Windows XP / SP3: Security Update for Windows XP (KB926436) / Windows XP / SP3: Security Update for Windows XP (KB927779) / Windows XP / SP3: Security Update for Windows XP (KB927802) / Windows XP / SP3: Update for Windows XP (KB927891) / Windows XP / SP3: Security Update for Windows XP (KB928255) / Windows XP / SP3: Security Update for Windows XP (KB928843) / Windows XP / SP3: Security Update for Windows XP (KB929123) / Windows XP / SP3: Security Update for Windows XP (KB930178) / Windows XP / SP3: Update for Windows XP (KB930916) / Windows XP / SP3: Security Update for Windows XP (KB931261) / Windows XP / SP3: Security Update for Windows XP (KB931784) / Windows XP / SP3: Security Update for Windows XP (KB932168) / Windows XP / SP3: Update for Windows XP (KB933360) / Windows XP / SP3: Security Update for Windows XP (KB935839) / Windows XP / SP3: Security Update for Windows XP (KB935840) / Windows XP / SP3: Security Update for Windows XP (KB936021) / Windows XP / SP3: Update for Windows XP (KB936357) / Windows XP / SP3: Security Update for Windows XP (KB937143) / Windows XP / SP3: Security Update for Windows XP (KB938127) / Windows XP / SP3: Update for Windows XP (KB938828) / Windows XP / SP3: Security Update for Windows XP (KB938829) / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0--- Startup entries list ---Located: HK_LM:Run, Acrobat Assistant 7.0command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe size: 483328 MD5: 78ff388fd58ce0bae1f7c9670f5473c1Located: HK_LM:Run, AGRSMMSGcommand: AGRSMMSG.exe file: C:\WINDOWS\AGRSMMSG.exe size: 88363 MD5: 32f801e868bd2006911d49128cdd6312Located: HK_LM:Run, Apointcommand: C:\Program Files\Apoint2K\Apoint.exe file: C:\Program Files\Apoint2K\Apoint.exe size: 192512 MD5: e6899986d6fe0c793b3df5bae7d18b40Located: HK_LM:Run, ATIPTAcommand: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe size: 335872 MD5: 024f4f23ccee31a9994109d7a41ab78fLocated: HK_LM:Run, avgntcommand: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe size: 249896 MD5: ba5e0a9b7ccde337b22ccc00971aae1cLocated: HK_LM:Run, CeEKEYcommand: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe file: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe size: 638976 MD5: a7f0ed12494a00ec5e2ef94b82ab5d6fLocated: HK_LM:Run, CeEPOWERcommand: C:\Program Files\TOSHIBA\Power Management\CePMTray.exe file: C:\Program Files\TOSHIBA\Power Management\CePMTray.exe size: 135168 MD5: 8f7e3434b0b6aec36e4dd9d42be66d43Located: HK_LM:Run, CmFlywavcommand: C:\WINDOWS\system\CmFlywav.exe file: C:\WINDOWS\system\CmFlywav.exe size: 176377 MD5: 3523403dfad2682747212b578681e9aeLocated: HK_LM:Run, dlacommand: C:\WINDOWS\system32\dla\tfswctrl.exe file: C:\WINDOWS\system32\dla\tfswctrl.exe size: 122939 MD5: 0df3275fd096bacec54e01657d8745d8Located: HK_LM:Run, EzButtoncommand: C:\Program Files\EzButton\EzButton.EXE file: C:\Program Files\EzButton\EzButton.EXE size: 712704 MD5: 0787e45175a5b7138bbab94ce8561d19Located: HK_LM:Run, GrooveMonitorcommand: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31016 MD5: 38d198a2dd54a67120040566a38103baLocated: HK_LM:Run, HP Software Updatecommand: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152 MD5: 926a397334fe426a6c7657096fe681dbLocated: HK_LM:Run, iTunesHelpercommand: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 271672 MD5: 75e7851ce99ea8f9b74361f284666fe0Located: HK_LM:Run, LtMohcommand: C:\Program Files\ltmoh\Ltmoh.exe file: C:\Program Files\ltmoh\Ltmoh.exe size: 184320 MD5: cae4adee7be5c6ad35c84d10a866977eLocated: HK_LM:Run, NDSTray.execommand: NDSTray.exe file: Located: HK_LM:Run, PadTouchcommand: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe file: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe size: 1089589 MD5: 062d0e5bbf64d78d90502f7d0bdc3d6fLocated: HK_LM:Run, QuickTime Taskcommand: "C:\Program Files\QuickTime\QTTask.exe" -atboottime file: C:\Program Files\QuickTime\QTTask.exe size: 286720 MD5: 49ccfbe5d5225b9d3cc78c09dee147d0Located: HK_LM:Run, SunJavaUpdateSchedcommand: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe size: 132496 MD5: d4f0f7437327dbaa264338baafb5e5afLocated: HK_LM:Run, TPNFcommand: C:\Program Files\TOSHIBA\TouchPad\TPTray.exe file: C:\Program Files\TOSHIBA\TouchPad\TPTray.exe size: 53248 MD5: 98046adfa5ef9c3fa746bf6090154e78Located: HK_CU:Run, ctfmon.execommand: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996a38c0b0cf151c2140ae29fc8Located: HK_CU:Run, MsnMsgrcommand: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background file: C:\Program Files\MSN Messenger\MsnMsgr.Exe size: 5674352 MD5: c4281ad865739e71fd1e4dac19a68d60Located: HK_CU:Run, TOSCDSPDcommand: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe size: 65536 MD5: 383b71dcb691ccaeea445acb9150ddd3Located: Startup (common), Adobe Acrobat Speed Launcher.lnkcommand: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe file: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe size: 25214 MD5: d6294d59171ac375cd142003566aa89eLocated: Startup (common), HP Digital Imaging Monitor.lnkcommand: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe size: 288472 MD5: 4543367e50bd35e7d1269d42841b156eLocated: Startup (common), RAMASST.lnkcommand: C:\WINDOWS\system32\RAMASST.exe file: C:\WINDOWS\system32\RAMASST.exe size: 155648 MD5: 7c86a098d2a2e5d0cc8ec60f90637e9eLocated: System.ini, crypt32chaincommand: crypt32.dll file: crypt32.dllLocated: System.ini, cryptnetcommand: cryptnet.dll file: cryptnet.dllLocated: System.ini, cscdllcommand: cscdll.dll file: cscdll.dllLocated: System.ini, ScCertPropcommand: wlnotify.dll file: wlnotify.dllLocated: System.ini, Schedulecommand: wlnotify.dll file: wlnotify.dllLocated: System.ini, sclgntfycommand: sclgntfy.dll file: sclgntfy.dllLocated: System.ini, SensLogncommand: WlNotify.dll file: WlNotify.dllLocated: System.ini, termsrvcommand: wlnotify.dll file: wlnotify.dllLocated: System.ini, WBSrvcommand: C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll file: C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll size: 221184 MD5: 9240a64cb49eb380617865719ea92281Located: System.ini, wlballooncommand: wlnotify.dll file: wlnotify.dll--- Browser helper object list ---{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess) BHO name: CLSID name: DriveLetterAccess description: Hewlett-Packard's DLA software classification: Unknown known filename: tfswshx.dll info link: info source: TonyKlein Path: C:\WINDOWS\system32\dla\ Long name: tfswshx.dll Short name: Date (created): 8/26/2007 3:13:42 PMDate (last access): 10/8/2007 2:21:40 PM Date (last write): 7/20/2004 3:04:00 AM Filesize: 118842 Attributes: archive MD5: D5CBFE902E7598281FC47037DC8A5DCC CRC32: E91B1ACE Version: 1.4.8.0{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) BHO name: CLSID name: Groove GFS Browser Helper Path: C:\PROGRA~1\MICROS~2\Office12\ Long name: GrooveShellExtensions.dll Short name: GRA8E1~1.DLL Date (created): 10/27/2006 2:48:42 AMDate (last access): 10/8/2007 2:11:26 PM Date (last write): 10/27/2006 2:48:42 AM Filesize: 2210608 Attributes: archive MD5: 786DD1892B553EFE5A004AC39775C851 CRC32: AAD965C9 Version: 12.0.4518.1014{7E853D72-626A-48EC-A868-BA8D5E23E045} () BHO name: CLSID name: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper) BHO name: CLSID name: Windows Live Sign-in Helper Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 8/31/2006 8:33:06 PMDate (last access): 10/8/2007 2:21:40 PM Date (last write): 8/31/2006 8:33:06 PM Filesize: 322368 Attributes: archive MD5: E43F7CFDEE2B00A22C96C168147B20D3 CRC32: 2AEACC43 Version: 4.100.313.1--- ActiveX list ---{57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) DPF name: CLSID name: F5 Networks Policy Agent Host Class Installer: C:\WINDOWS\Downloaded Program Files\f5InspectionHost.inf Codebase: https://securera.edwardjones.com/vdesk/term...,2007,0726,1518 Path: C:\WINDOWS\Downloaded Program Files\ Long name: f5InspectionHost.dll Short name: F5INSP~1.DLL Date (created): 9/19/2007 8:10:06 PMDate (last access): 10/8/2007 2:33:14 PM Date (last write): 7/26/2007 8:18:28 AM Filesize: 311936 Attributes: archive MD5: BF15E194ACFE4790C78C8E98359CD98B CRC32: 58689EB4 Version: 6010.2007.726.1518{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () DPF name: CLSID name: Installer: C:\WINDOWS\Downloaded Program Files\erma.inf Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab description: classification: Open for discussion known filename: info link: info source: Safer Networking Ltd.{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_03 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.6.0_03\bin\ Long name: npjpi160_03.dll Short name: NPJPI1~1.DLL Date (created): 9/24/2007 11:31:44 PMDate (last access): 10/8/2007 2:30:52 PM Date (last write): 9/25/2007 1:11:34 AM Filesize: 132496 Attributes: archive MD5: D6A4682A6FF41832A3F1A7AB9AE08199 CRC32: 9080B537 Version: 6.0.30.5{E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) DPF name: CLSID name: F5 Networks OS Policy Agent Installer: C:\WINDOWS\Downloaded Program Files\f5syschk.inf Codebase: https://securera.edwardjones.com/policy/dow...,2007,0223,0322 Path: C:\WINDOWS\Downloaded Program Files\ Long name: Win32SystemCheck.dll Short name: WIN32S~1.DLL Date (created): 9/19/2007 8:10:08 PMDate (last access): 10/8/2007 2:33:14 PM Date (last write): 2/22/2007 7:23:02 PM Filesize: 234368 Attributes: archive MD5: 86069C3BA6BB6EF65AEFF5A7679C2E35 CRC32: 945D7D6C Version: 6010.2007.223.322--- Process list ---PID: 0 ( 0) [System]PID: 512 ( 4) \SystemRoot\System32\smss.exePID: 568 ( 512) \??\C:\WINDOWS\system32\csrss.exePID: 592 ( 512) \??\C:\WINDOWS\system32\winlogon.exePID: 636 ( 592) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4PID: 648 ( 592) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2PID: 828 ( 636) C:\WINDOWS\system32\Ati2evxx.exe size: 397312 MD5: 174C7EE63011017CA12E31CED195581DPID: 844 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 928 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 968 ( 636) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1020 ( 636) C:\WINDOWS\system32\ACS.exe size: 36864 MD5: 84F21F6572D0AFE02074291F6CEABBDBPID: 1104 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1188 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1452 ( 636) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe size: 574808 MD5: 377F0FE06DCD6BB3669F3E0FC4DF2511PID: 1496 (1480) C:\WINDOWS\Explorer.EXE size: 1033216 MD5: 97BD6515465659FF8F3B7BE375B2EA87PID: 1600 (1496) C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe size: 638976 MD5: A7F0ED12494A00EC5E2EF94B82AB5D6FPID: 1608 (1496) C:\Program Files\TOSHIBA\Power Management\CePMTray.exe size: 135168 MD5: 8F7E3434B0B6AEC36E4DD9D42BE66D43PID: 1616 (1496) C:\Program Files\TOSHIBA\TouchPad\TPTray.exe size: 53248 MD5: 98046ADFA5EF9C3FA746BF6090154E78PID: 1624 (1496) C:\WINDOWS\system32\dla\tfswctrl.exe size: 122939 MD5: 0DF3275FD096BACEC54E01657D8745D8PID: 1632 (1496) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe size: 335872 MD5: 024F4F23CCEE31A9994109D7A41AB78FPID: 1644 (1496) C:\Program Files\ltmoh\Ltmoh.exe size: 184320 MD5: CAE4ADEE7BE5C6AD35C84D10A866977EPID: 1656 (1496) C:\WINDOWS\AGRSMMSG.exe size: 88363 MD5: 32F801E868BD2006911D49128CDD6312PID: 1688 (1496) C:\Program Files\Apoint2K\Apoint.exe size: 192512 MD5: E6899986D6FE0C793B3DF5BAE7D18B40PID: 1700 (1496) C:\Program Files\EzButton\EzButton.EXE size: 712704 MD5: 0787E45175A5B7138BBAB94CE8561D19PID: 1708 (1496) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe size: 1089589 MD5: 062D0E5BBF64D78D90502F7D0BDC3D6FPID: 1720 (1496) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe size: 892928 MD5: 65E0D99F87F0B5963019BC91083E75CEPID: 1740 (1496) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152 MD5: 926A397334FE426A6C7657096FE681DBPID: 1768 (1496) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31016 MD5: 38D198A2DD54A67120040566A38103BAPID: 1784 (1496) C:\Program Files\QuickTime\QTTask.exe size: 286720 MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0PID: 1828 (1496) C:\Program Files\iTunes\iTunesHelper.exe size: 271672 MD5: 75E7851CE99EA8F9B74361F284666FE0PID: 1860 (1496) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe size: 249896 MD5: BA5E0A9B7CCDE337B22CCC00971AAE1CPID: 1892 (1496) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe size: 483328 MD5: 78FF388FD58CE0BAE1F7C9670F5473C1PID: 1912 (1496) C:\WINDOWS\system\CmFlywav.exe size: 176377 MD5: 3523403DFAD2682747212B578681E9AEPID: 1960 (1496) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe size: 65536 MD5: 383B71DCB691CCAEEA445ACB9150DDD3PID: 1984 (1496) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8PID: 2016 ( 636) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9FPID: 2024 (1496) C:\Program Files\MSN Messenger\MsnMsgr.Exe size: 5674352 MD5: C4281AD865739E71FD1E4DAC19A68D60PID: 244 ( 636) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe size: 214056 MD5: 58B3B75B49FF3EDFA71A2141F934629BPID: 400 ( 388) C:\Program Files\Apoint2K\Apntex.exe size: 45056 MD5: CCA1B81492B40890E44B2B20A780EE1FPID: 528 (1496) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe size: 288472 MD5: 4543367E50BD35E7D1269D42841B156EPID: 544 (1496) C:\WINDOWS\system32\RAMASST.exe size: 155648 MD5: 7C86A098D2A2E5D0CC8EC60F90637E9EPID: 1316 ( 636) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe size: 63016 MD5: A6FA9C14E649B2F3DE15390A1840774DPID: 1340 ( 636) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe size: 106496 MD5: E4E3A862FEE8061ADC922A73B15800F3PID: 1368 ( 636) C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe size: 36960 MD5: 003F755C884B6C61FAFD371E01609976PID: 1384 ( 636) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe size: 36864 MD5: 527235C8109BF5D4DBDA7D1948648C46PID: 1428 ( 636) C:\WINDOWS\system32\DVDRAMSV.exe size: 106496 MD5: 77C4901986FC7A83E853B300E80D234BPID: 1492 ( 636) C:\WINDOWS\system32\HPZipm12.exe size: 69632 MD5: 45E333C6B7197ED61C70736472F3703BPID: 1672 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1948 ( 636) C:\WINDOWS\system32\SearchIndexer.exe size: 300032 MD5: 2EC497AA4B728D1B1A368ACF2E309E8BPID: 2656 ( 528) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe size: 239320 MD5: 88029974B1C9995CFA3BD9560BBA2EEFPID: 2756 ( 636) C:\Program Files\iPod\bin\iPodService.exe size: 501048 MD5: D462588D99310A87F758A2AF4A82D98FPID: 3060 ( 636) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7PID: 3600 (1912) C:\WINDOWS\system\CMAS2DS.EXE size: 94284 MD5: E6BCECD9D7533F3AC57465FE61CCC174PID: 3848 ( 636) C:\Program Files\MSN Messenger\usnsvc.exe size: 97136 MD5: C5B70A6AA947667CE0E5FC84A05EC8B6PID: 4032 (1912) C:\Program Files\Linksys\WMB54G\WMB54G.EXE size: 1077327 MD5: 0AAA34F4FBDE79759B4D497326E60B21PID: 1968 (1496) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539PID: 3956 (1496) C:\Program Files\Mozilla Firefox\firefox.exe size: 7644520 MD5: 1464FC5BC1DC30D56054E443642D42B1PID: 4 ( 0) System--- Browser start & search pages list ---Spybot - Search & Destroy browser pages report, 10/8/2007 2:47:28 PMHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htmHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://www.msn.com/HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://go.microsoft.com/fwlink/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://go.microsoft.com/fwlink/?LinkId=69157HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://go.microsoft.com/fwlink/?LinkId=69157HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://go.microsoft.com/fwlink/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ------ Uninstall list --- (AddressBook)Adobe Acrobat 7.0.9 Professional 7.0.9 (Adobe Acrobat 7.0 Professional) version (major): 7 version (minor): 5 install date: 10/6/2007install location: C:\Program Files\Adobe\Acrobat 7.0\ uninstall cmd: msiexec /I {AC76BA86-1033-0000-7760-000000000002} publisher: Adobe Systems contact: Customer Support help link: http://www.adobe.com/support/main.html help telephone: readme: C:\Program Files\Adobe\Acrobat 7.0\Readme.htmAdobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX) uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe publisher: Adobe Systems Incorporated help link: http://www.adobe.com/go/flashplayer_support/ATI - Software Uninstall Utility 6.14.10.1008 (All ATI Software) uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exeAvira AntiVir PersonalEdition Classic (AntiVir PersonalEdition Classic) uninstall cmd: C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE publisher: Avira GmbH help link: http://www.avira.com/classic-supportATI Display Driver 8.01-040421a-015460C-Toshiba (ATI Display Driver) uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanBitComet 0.70 0.70 (BitComet) uninstall cmd: C:\Program Files\BitComet\uninst.exe publisher: ~RnySmile~Linksys Wireless-G Music Bridge Driver (C-Media Wi-Sonic Wireless Audio Driver) uninstall cmd: C:\WINDOWS\system32\cmrmdrvw.exe (Connection Manager) (DirectAnimation) (DirectDrawEx) (dlatray.exe) uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}DVD Decrypter (Remove Only) (DVD Decrypter) uninstall cmd: "C:\Program Files\DVD Decrypter\uninstall.exe"DVD Shrink 3.2 (DVD Shrink_is1)install location: C:\Program Files\DVD Shrink\ uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe" publisher: DVD Shrink help link: http://www.dvdshrink.org (DXM_Runtime)Microsoft Office Enterprise 2007 12.0.4518.1014 (ENTERPRISE)install location: C:\Program Files\Microsoft Office uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL publisher: Microsoft CorporationEasy Button (EzButton) uninstall cmd: C:\WINDOWS\UnInst32.exe EzButton.UNI (Fontcore)HijackThis 2.0.2 2.0.2 (HijackThis) uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall publisher: TrendMicroHP Imaging Device Functions 7.0 7.0 (HP Imaging Device Functions) uninstall cmd: C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat publisher: HP help link: http://www.hp.com/supportHP Solution Center 7.0 7.0 (HP Solution Center & Imaging Support Tools) uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat publisher: HP help link: http://www.hp.com/supportOCR Software by I.R.I.S 7.0 7.0 (HPOCR) uninstall cmd: C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat publisher: HP help link: http://www.hp.com/support (ICW)Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" publisher: Microsoft Corporation (IE40) (IE4Data) (IE5BAKEX)Windows Internet Explorer 7 20061107.210142 (ie7) install date: 20070826 uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://www.microsoft.com/ie (IEData) (InstallShield Uninstall Information)TouchPad On/Off Utility 1.23.0.2 (InstallShield_{49188E15-9B2E-4913-9107-A5D01821AC68}) version: 18284544 version (major): 1 version (minor): 23 estimated size: 231 install date: 20040902 install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is44\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{49188E15-9B2E-4913-9107-A5D01821AC68} /l1033 SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2 1.0.2.0 (InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1}) version: 16777218 version (major): 1 estimated size: 3080 install date: 20040810install location: C:\Program Files\srslabs\wowxt plug-in\ install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is4\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1} /l1033 publisher: SRS Labs, Inc. help link: http://www.srslabs..com help telephone: 1-949-442-1070TOSHIBA Hotkey Utility 1.23.1.3 (InstallShield_{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19}) version: 18284545 version (major): 1 version (minor): 23 estimated size: 917 install date: 20040902 install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is2\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19} /l1033 TOSHIBA Power Management Utility 1.23.2.5 (InstallShield_{F16086C2-21CD-42CE-9EC8-2E5302D010B2}) version: 18284546 version (major): 1 version (minor): 23 estimated size: 1539 install date: 20040902 install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is1F\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F16086C2-21CD-42CE-9EC8-2E5302D010B2} /l1033 Windows XP Hotfix - KB873339 20041117.092459 (KB873339) uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=873339 (KB884016) (KB884267) (KB885353)Windows XP Hotfix - KB885835 20041027.181713 (KB885835) uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885835Windows XP Hotfix - KB885836 20041028.173203 (KB885836) uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885836Windows XP Hotfix - KB886185 20041021.090540 (KB886185) uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=886185 (KB886612) (KB887078)Windows XP Hotfix - KB887472 20041014.162858 (KB887472) uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=887472 (KB887626)Windows XP Hotfix - KB888302 20041207.111426 (KB888302) uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888302 (KB888656) (KB889858)Security Update for Windows XP (KB890046) 1 (KB890046) uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890046Windows XP Hotfix - KB890859 1 (KB890859) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890859Windows Media Format SDK Hotfix - KB891122 (KB891122) uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=891122Windows XP Hotfix - KB891781 20050110.165439 (KB891781) uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=891781Windows Genuine Advantage Validation Tool (KB892130) (KB892130) install date: 20070826 publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=892130 (KB892313) (KB893240) (KB893241)Security Update for Windows XP (KB893756) 1 (KB893756) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893756 (KB893803)Windows Installer 3.1 (KB893803) 3.1 (KB893803v2) uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://go.microsoft.com/fwlink/?LinkId=42467Update for Windows XP (KB894391) 1 (KB894391) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=894391 (KB895181) (KB895316) (KB895572)Hotfix for Windows XP (KB896344) 2 (KB896344) uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896344Security Update for Windows XP (KB896358) 1 (KB896358) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896358Security Update for Windows XP (KB896423) 1 (KB896423) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896423Security Update for Windows XP (KB896428) 1 (KB896428) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896428 (KB897586)Update for Windows XP (KB898461) 1 (KB898461) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=898461 (KB898549)Security Update for Windows XP (KB899587) 1 (KB899587) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899587Security Update for Windows XP (KB899591) 1 (KB899591) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899591 (KB900399)Update for Windows XP (KB900485) 2 (KB900485) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900485Security Update for Windows XP (KB900725) 1 (KB900725) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900725Security Update for Windows XP (KB901017) 1 (KB901017) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901017Security Update for Windows XP (KB901214) 1 (KB901214) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901214 (KB902344)Security Update for Windows XP (KB902400) 1 (KB902400) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=902400Security Update for Windows XP (KB904706) 2 (KB904706) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=904706Update for Windows XP (KB904942) 2 (KB904942) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=904942Security Update for Windows XP (KB905414) 1 (KB905414) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905414Security Update for Windows XP (KB905749) 1 (KB905749) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905749 (KB907658)Security Update for Windows XP (KB908519) 1 (KB908519) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908519Update for Windows XP (KB908531) 2 (KB908531) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908531Microsoft Base Smart Card Cryptographic Service Provider Package (KB909520) uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" publisher: Microsoft CorporationUpdate for Windows XP (KB910437) 1 (KB910437) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=910437Update for Windows XP (KB911280) 2 (KB911280) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911280Security Update for Windows XP (KB911562) 1 (KB911562) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911562Security Update for Windows Media Player (KB911564) (KB911564) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=911564 (KB911565) (KB911854)Security Update for Windows XP (KB911927) 1 (KB911927) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911927Security Update for Windows XP (KB913580) 1 (KB913580) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=913580Security Update for Windows XP (KB914388) 1 (KB914388) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914388Security Update for Windows XP (KB914389) 1 (KB914389) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914389Hotfix for Windows XP (KB914440) 12 (KB914440) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914440Hotfix for Windows XP (KB915800) 1 (KB915800) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB915800$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=915800Hotfix for Windows XP (KB915865) 10 (KB915865) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=915865Update for Windows XP (KB916595) 1 (KB916595) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=916595Windows Desktop Search 3.01 03.01.6000.72 (KB917013) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=917013Security Update for Windows XP (KB917344) 1 (KB917344) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=917344Security Update for Windows XP (KB917953) 1 (KB917953) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=917953Security Update for Windows XP (KB918118) 1 (KB918118) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=918118Security Update for Windows XP (KB918439) 1 (KB918439) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=918439Security Update for Windows XP (KB919007) 1 (KB919007) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=919007Security Update for Windows XP (KB920213) 1 (KB920213) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920213Update for Windows XP (KB920342) 1 (KB920342) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920342Security Update for Windows XP (KB920670) 1 (KB920670) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920670Security Update for Windows XP (KB920683) 1 (KB920683) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920683Security Update for Windows XP (KB920685) 1 (KB920685) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920685Update for Windows XP (KB920872) 1 (KB920872) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=920872Security Update for Windows XP (KB921503) 1 (KB921503) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=921503Update for Windows XP (KB922582) 1 (KB922582) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=922582Security Update for Windows XP (KB922819) 1 (KB922819) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=922819Security Update for Windows XP (KB923191) 1 (KB923191) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=923191Security Update for Windows XP (KB923414) 1 (KB923414) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=923414Security Update for Windows XP (KB923689) (KB923689) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=923689Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/kb/923723Security Update for Windows XP (KB923980) 1 (KB923980) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=923980Security Update for Windows XP (KB924270) 1 (KB924270) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=924270Security Update for Windows XP (KB924496) 1 (KB924496) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=924496Security Update for Windows XP (KB924667) 1 (KB924667) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=924667Security Update for Windows Media Player 6.4 (KB925398) (KB925398_WMP64) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=925398Update for Windows XP (KB925720) 1 (KB925720) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=925720Update for Windows XP (KB925876) 1 (KB925876) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=925876Security Update for Windows XP (KB925902) 1 (KB925902) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=925902Hotfix for Windows XP (KB926239) 2 (KB926239) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=926239Security Update for Windows XP (KB926255) 1 (KB926255) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=926255Security Update for Windows XP (KB926436) 1 (KB926436) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=926436Security Update for Windows XP (KB927779) 1 (KB927779) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=927779Security Update for Windows XP (KB927802) 1 (KB927802) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=927802Update for Windows XP (KB927891) 3 (KB927891) install date: 20070826 uninstall cmd: "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://s

guestolo · « **Reply #7 on:** October 08, 2007, 03:14:47 PM »

<Removed comment about Spybot>

Can you do the following

Enter your Control Panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections.
Right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item
Take note of the entries in here, write them down, in case you must restore them, but I doubt you will need them
This is only if you lose Internet connectivity

Do a "System scan only" with Hijackthis and put a check next to these entries:

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Back in Windows
Go to START>>RUN and type cmd and click OK.

At the Prompt Screen, type
ipconfig /flushdns
click Enter on the keyboard
Then close the command prompt.
Notice the space between the g and /

Come back here and post one last hijackthis log and let me know how things are running please

nunya53 · « **Reply #8 on:** October 08, 2007, 04:57:56 PM »

Everything seems to be working just fine....here is the last Hijackthis log.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:38 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system\CmFlywav.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system\CMAS2DS.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/term...,2007,0726,1518
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://securera.edwardjones.com/policy/dow...,2007,0223,0322
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10762 bytes

guestolo · « **Reply #9 on:** October 08, 2007, 07:09:05 PM »

Looks good
Can you ensure you do the following
If everything is running better
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
Windows will prompt when it has been successful created
When that's done

Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating

Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made

Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning

You have SpywareBlaster installed
Open SpywareBlaster
Let it finish loading protections
Click the Updates button on the left
Click the Check for updates button, if there are new updates let them download and load

After updating, click the "enable protection on all unprotected items"
Exit SpywareBlaster

Can you ensure Spybot 1.4 is right up to date
Open Spybot
Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates (Or right click the results pane and SELECT ALL)
Ensure all updates are successful, a GREEN check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete
Utilize the Immunization feature
Simply click the Immunize button>>OK the prompt
Click the top green cross to set the Immunization
Do that after every update

NOTE: If there are new updates with both Spybot and AntiVir, I suggest you run a scan with both to ensure there are no leftover files/entries

Hope that helps

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

nunya53 · « **Reply #10 on:** October 09, 2007, 06:12:49 AM »

Guestolo,

Everything is done per your request and is up to date. The computer seems to be just fine now. Thanks for all of your help.

Nunya

guestolo · « **Reply #11 on:** October 09, 2007, 10:50:16 AM »

Good work
I forgot to add a final clean of the tools we used
To easily remove these
Try the following
Download this tool:
[color=\"blue\"]OTMoveIt[/color] by OldTimer:

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer, don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

After reboot you can empty your recycle bin

TheTechGuide Forum

News:

Author Topic: redirected links (Read 1010 times)

nunya53

redirected links

guestolo

redirected links

nunya53

redirected links

nunya53

redirected links

nunya53

redirected links

guestolo

redirected links

nunya53

redirected links

guestolo

redirected links

nunya53

redirected links

guestolo

redirected links

nunya53

redirected links

guestolo

redirected links