WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Unknown Virus

2 posters

descriptionUnknown Virus EmptyUnknown Virus24th September 2009, 2:30 pm

more_horiz
My room mates computer has some virus, in the start up folders, but it wont tell us what its called. Her computer now wont start in normal start up. When she turns it on, it takes her to the screen where she choses what way in which she wants to start windows. If she picks normal, it loops her back. She can start up in Safe Mood. She has tried running Spybot and that wont run.

descriptionUnknown Virus EmptyHijack this log24th September 2009, 2:30 pm

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:06 AM, on 9/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] "TDispVol.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
O4 - HKLM\..\Run: [THotkey] "C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [AGRSMMSG] "AGRSMMSG.exe"
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] "TPSMain.exe"
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [dla] "C:\WINDOWS\system32\dla\DLACTRLW.exe"
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Webroot Desktop Firewall] "C:\Program Files\Webroot\Webroot Desktop Firewall\WDF.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [SpybotDeletingA2810] "command.com" /c del "C:\Program Files\Windows Police Pro\windows Police Pro.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4144] "cmd.exe" /c del "C:\Program Files\Windows Police Pro\windows Police Pro.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3025] "command.com" /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC940] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA124] "command.com" /c del "C:\WINDOWS\wt\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3498] "cmd.exe" /c del "C:\WINDOWS\wt\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2530] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2048] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2348] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5775] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4615] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8587] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8654] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7294] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\objectbundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5240] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1309] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5939] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5727] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1457] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2229] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1597] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1984] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8470] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9948] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8280] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9369] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wthostctl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6833] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8085] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2619] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5760] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6480] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4716] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4670] "command.com" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2661] "cmd.exe" /c del "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5230] "command.com" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9260] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4265] "command.com" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6241] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2254] "command.com" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7790] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1099] "command.com" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3435] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1277] "command.com" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5006] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7259] "command.com" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5646] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7349] "command.com" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4696] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2035] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5479] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\actorobject.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2997] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6142] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx5drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7236] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\dx7drv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA862] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4048] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\jdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8458] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7052] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\npWTHost.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8673] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3553] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4594] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8503] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8752] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8210] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\rdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA513] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2762] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Sound.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2618] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9976] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdcaps.ded"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9361] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2464] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wdengine.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5778] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7246] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5072] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1933] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4532] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC88] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5751] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6910] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6100] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3412] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wildtangent.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1841] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC143] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wt3d.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6262] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8311] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHost.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8289] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC371] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1368] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7760] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6813] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6971] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtmulti.jar"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2216] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1745] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8008] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2667] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax"
O4 - HKLM\..\RunOnce: [SpybotDeletingA365] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingC229] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2995] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6193] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5539] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5752] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7842] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9507] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3919] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5820] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4858] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8654] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5582] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4681] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9292] "command.com" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9010] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5690] "command.com" /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7476] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\WireControl.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6599] "command.com" /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7878] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\controlpanel\index.html"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2205] "command.com" /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingC656] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl.cdanfo"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9016] "command.com" /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2724] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\WireControl\1.1.0.23\files\install\WireControl_Uninstall.cdas"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9284] "command.com" /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7271] "cmd.exe" /c del "C:\WINDOWS\wt\wtupdates\wtwebdriver\update_info\data.wts"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8847] "command.com" /c del "C:\WINDOWS\system32\drivers\gasfkyhkgojwlv.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4407] "cmd.exe" /c del "C:\WINDOWS\system32\drivers\gasfkyhkgojwlv.sys_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9544] "command.com" /c del "C:\WINDOWS\system32\drivers\gasfkyhkgojwlv.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8897] "cmd.exe" /c del "C:\WINDOWS\system32\drivers\gasfkyhkgojwlv.sys"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4161] "command.com" /c del "C:\WINDOWS\system32\gasfkydkqvfasv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2478] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkydkqvfasv.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4819] "command.com" /c del "C:\WINDOWS\system32\gasfkydkqvfasv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3120] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkydkqvfasv.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3770] "command.com" /c del "C:\WINDOWS\system32\gasfkylscjmpcn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC545] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkylscjmpcn.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2007] "command.com" /c del "C:\WINDOWS\system32\gasfkylscjmpcn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5137] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkylscjmpcn.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9372] "command.com" /c del "C:\WINDOWS\system32\gasfkytecvjxao.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2729] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkytecvjxao.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2934] "command.com" /c del "C:\WINDOWS\system32\gasfkytecvjxao.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9074] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkytecvjxao.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8380] "command.com" /c del "C:\Documents and Settings\Sarah\Local Settings\Temp\gasfkyfypdwmykyn.tmp_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5254] "cmd.exe" /c del "C:\Documents and Settings\Sarah\Local Settings\Temp\gasfkyfypdwmykyn.tmp_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5417] "command.com" /c del "C:\Documents and Settings\Sarah\Local Settings\Temp\gasfkyfypdwmykyn.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8419] "cmd.exe" /c del "C:\Documents and Settings\Sarah\Local Settings\Temp\gasfkyfypdwmykyn.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7932] "command.com" /c del "C:\Documents and Settings\Sarah\Local Settings\Temp\gasfkyjdhismitbe.tmp_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3856] "cmd.exe" /c del "C:\Documents and Settings\Sarah\Local Settings\Temp\gasfkyjdhismitbe.tmp_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4491] "command.com" /c del "C:\Documents and Settings\Sarah\Local Settings\Temp\gasfkyjdhismitbe.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7093] "cmd.exe" /c del "C:\Documents and Settings\Sarah\Local Settings\Temp\gasfkyjdhismitbe.tmp"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5158] "command.com" /c del "C:\WINDOWS\system32\gasfkyjoeuhhde.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8207] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkyjoeuhhde.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8463] "command.com" /c del "C:\WINDOWS\system32\gasfkyjoeuhhde.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7785] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkyjoeuhhde.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6964] "command.com" /c del "C:\WINDOWS\system32\gasfkyljkccwxd.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8384] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkyljkccwxd.dat_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2484] "command.com" /c del "C:\WINDOWS\system32\gasfkyljkccwxd.dat"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1069] "cmd.exe" /c del "C:\WINDOWS\system32\gasfkyljkccwxd.dat"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O23 - Service: AntiPol (AntipPolice_) - Unknown owner - C:\WINDOWS\svchast.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Webroot Desktop Firewall network service (WDFNet) - Webroot Software Inc (www.webroot.com) - C:\Program Files\Webroot\Webroot Desktop Firewall\wdfsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 27444 bytes

descriptionUnknown Virus EmptyRe: Unknown Virus24th September 2009, 6:06 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Unknown Virus CF_download_FF

    Unknown Virus CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Unknown Virus Rcauto10

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Unknown Virus Whatne10

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Unknown Virus DXwU4
Unknown Virus VvYDg

descriptionUnknown Virus EmptyRe: Unknown Virus24th September 2009, 7:03 pm

more_horiz
ComboFix 09-09-23.02 - Sarah 09/24/2009 13:55.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1154 [GMT -5:00]
Running from: E:\Combo-Fix.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Webroot Desktop Firewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3868997124-911790988-508925577-500
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\system32\bennuar.old
c:\windows\system32\dddesot.dll
c:\windows\system32\desot.exe
c:\windows\system32\drivers\gasfkyhkgojwlv.sys
c:\windows\system32\gasfkydkqvfasv.dll
c:\windows\system32\gasfkyjoeuhhde.dat
c:\windows\system32\gasfkyljkccwxd.dat
c:\windows\system32\gasfkylscjmpcn.dll
c:\windows\system32\gasfkytecvjxao.dll
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gasfkyopyxypnp
-------\Legacy_gasfkyopyxypnp


((((((((((((((((((((((((( Files Created from 2009-08-24 to 2009-09-24 )))))))))))))))))))))))))))))))
.

2009-09-24 18:44 . 2009-09-24 18:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2009-09-24 14:23 . 2009-09-24 14:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-24 14:19 . 2009-09-24 14:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-24 13:57 . 2009-09-24 13:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-24 02:45 . 2009-09-24 02:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-24 02:45 . 2009-09-24 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-23 01:36 . 2009-09-23 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-22 18:24 . 2009-09-22 18:24 135 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\fusioncache.dat
2009-09-22 18:24 . 2009-09-22 18:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ApplicationHistory
2009-09-22 13:35 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-22 13:35 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-22 03:18 . 2009-09-22 03:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-22 01:05 . 2009-09-22 01:05 -------- d-----w- c:\program files\CASIO
2009-09-22 00:40 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-09-22 00:36 . 2009-09-22 00:36 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-22 00:36 . 2009-09-22 00:36 -------- d-----w- c:\program files\real
2009-09-22 00:28 . 2009-09-22 00:28 -------- d-----w- c:\program files\GIMP-2.0
2009-09-22 00:22 . 2009-09-22 00:47 -------- d-----w- c:\program files\Matroska Pack
2009-09-22 00:21 . 2009-09-22 00:21 -------- d-----w- c:\documents and settings\Sarah\Application Data\vlc
2009-09-22 00:20 . 2009-09-22 00:20 -------- d-----w- c:\program files\VideoLAN
2009-09-21 23:48 . 2009-09-23 12:51 -------- d-----w- c:\documents and settings\Sarah\Tracing
2009-09-21 23:47 . 2009-09-21 23:47 -------- d-----w- c:\program files\Microsoft
2009-09-21 23:47 . 2009-09-21 23:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-21 23:46 . 2009-09-21 23:47 -------- d-----w- c:\program files\Windows Live
2009-09-21 23:43 . 2009-09-21 23:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-21 23:42 . 2009-09-21 23:42 -------- d-----w- c:\documents and settings\Sarah\Application Data\HP
2009-09-21 23:41 . 2009-09-21 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-21 23:39 . 2009-09-21 23:41 -------- d-----w- c:\program files\Common Files\HP
2009-09-21 23:37 . 2009-09-21 23:38 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-21 23:36 . 2009-09-21 23:36 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-21 23:32 . 2009-09-21 23:42 117157 ----a-w- c:\windows\hpoins11.dat
2009-09-21 23:28 . 2006-05-05 23:17 11634 ----a-w- c:\windows\hpomdl11.dat
2009-09-21 22:26 . 2009-09-21 22:26 -------- d-----w- c:\program files\MSECache
2009-09-21 22:21 . 2006-04-10 19:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-09-21 22:21 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-09-21 22:21 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-21 22:20 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2009-09-21 22:20 . 2006-03-04 02:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-09-21 22:20 . 2006-03-04 02:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-09-21 22:20 . 2006-03-04 02:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-09-21 22:20 . 2006-03-04 02:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-09-21 22:20 . 2006-03-04 02:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-09-21 22:20 . 2009-09-21 23:40 -------- d-----w- c:\program files\HP
2009-09-21 22:15 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-09-21 22:14 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-09-21 22:14 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-09-21 22:13 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2009-09-21 22:13 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2009-09-21 22:13 . 2006-04-13 00:04 282624 ----a-w- c:\windows\system32\HPZc3212.dll
2009-09-21 22:13 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
2009-09-21 22:13 . 2005-07-19 01:38 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2009-09-21 22:13 . 2006-01-04 08:12 77824 ----a-w- c:\windows\system32\HPZIDS01.dll
2009-09-21 21:55 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-09-21 21:55 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-21 21:49 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-21 21:49 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-21 21:49 . 2009-09-21 21:49 -------- d-----w- c:\documents and settings\Sarah\Application Data\FUJIFILM
2009-09-21 18:13 . 2009-09-21 18:13 -------- d-----w- c:\program files\PIXELA
2009-09-21 18:12 . 2004-02-05 06:29 380928 ----a-w- c:\windows\system32\FE05F3D7.dll
2009-09-21 18:12 . 2003-12-10 00:45 401408 ----a-w- c:\windows\system32\FE05F3D6.dll
2009-09-21 18:12 . 2003-08-26 15:54 401408 ----a-w- c:\windows\system32\FE05EFED.dll
2009-09-21 18:12 . 2003-06-25 22:24 299008 ----a-w- c:\windows\system32\FE05F051.dll
2009-09-21 18:12 . 2003-06-10 05:37 299008 ----a-w- c:\windows\system32\FE05F3D5.dll
2009-09-21 18:12 . 2003-06-03 03:50 299008 ----a-w- c:\windows\system32\FE05DA0D.dll
2009-09-21 18:12 . 2002-04-07 09:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2009-09-21 18:12 . 2003-09-06 12:57 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2009-09-21 18:12 . 2003-09-03 12:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2009-09-21 18:11 . 2009-09-21 18:12 -------- d-----w- c:\program files\FinePixViewer
2009-09-21 18:11 . 2001-11-25 11:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2009-09-21 18:11 . 2009-09-21 18:11 -------- d-----w- c:\program files\REGSHAVE
2009-09-21 18:11 . 2002-06-25 15:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2009-09-21 18:11 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2009-09-21 18:11 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2009-09-21 18:11 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2009-09-21 18:01 . 2009-09-22 00:22 -------- d-----w- c:\documents and settings\Sarah\Application Data\Apple Computer
2009-09-21 18:01 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-21 18:01 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-21 18:00 . 2009-09-21 18:00 -------- d-----w- c:\program files\iPod
2009-09-21 18:00 . 2009-09-21 18:01 -------- d-----w- c:\program files\iTunes
2009-09-21 18:00 . 2009-09-21 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 17:59 . 2009-09-21 17:59 -------- d-----w- c:\program files\Bonjour
2009-09-21 17:58 . 2009-09-21 17:59 -------- d-----w- c:\program files\QuickTime
2009-09-21 17:58 . 2009-09-21 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-21 17:57 . 2009-09-21 17:57 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\Apple
2009-09-21 17:57 . 2009-09-21 17:57 -------- d-----w- c:\program files\Apple Software Update
2009-09-21 15:12 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-21 15:12 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-21 15:12 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-21 15:12 . 2009-07-19 23:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-21 15:12 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-21 15:12 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-21 15:10 . 2009-09-21 15:11 -------- dc-h--w- c:\windows\ie8
2009-09-21 15:02 . 2009-09-21 15:02 -------- d-----w- c:\program files\MSXML 4.0
2009-09-21 13:49 . 2009-09-21 13:49 -------- d-----w- c:\windows\system32\scripting
2009-09-21 13:49 . 2009-09-21 13:49 -------- d-----w- c:\windows\l2schemas
2009-09-21 13:48 . 2009-09-21 13:48 -------- d-----w- c:\windows\system32\en
2009-09-21 13:48 . 2009-09-21 13:48 -------- d-----w- c:\windows\system32\bits
2009-09-21 13:43 . 2009-09-21 13:43 -------- d-----w- c:\windows\ServicePackFiles
2009-09-21 13:21 . 2009-09-21 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-21 13:21 . 2009-09-21 13:21 -------- d-----w- c:\program files\NOS
2009-09-21 13:17 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-09-21 13:17 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-09-21 13:15 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-09-21 13:14 . 2008-04-14 00:11 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2009-09-21 13:14 . 2008-04-13 18:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2009-09-21 13:14 . 2008-04-13 18:36 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-09-21 13:14 . 2007-04-02 18:26 19456 -c--a-w- c:\windows\system32\dllcache\agt040d.dll
2009-09-21 13:14 . 2007-04-02 18:25 19456 -c--a-w- c:\windows\system32\dllcache\agt0404.dll
2009-09-21 13:14 . 2007-04-02 18:25 19456 -c--a-w- c:\windows\system32\dllcache\agt0401.dll
2009-09-21 13:14 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2009-09-21 12:57 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-21 12:57 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-09-21 12:57 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-21 12:55 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-21 12:55 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-21 12:55 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-21 12:55 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-21 12:55 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-21 07:11 . 2009-09-21 07:11 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-23 03:54 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2009-09-22 18:33 . 2006-02-15 16:25 -------- d-----w- c:\program files\TOSHIBA
2009-09-22 18:27 . 2006-02-16 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-09-22 02:20 . 2006-02-16 16:59 62224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-22 00:53 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 00:47 . 2006-02-16 09:55 -------- d-----w- c:\program files\Pure Networks
2009-09-22 00:47 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL
2009-09-22 00:43 . 2006-02-25 04:32 -------- d-----w- c:\program files\Toshiba Games
2009-09-22 00:38 . 2006-02-16 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-22 00:37 . 2006-02-16 09:56 -------- d-----w- c:\program files\Common Files\Real
2009-09-22 00:34 . 2009-09-21 07:12 -------- d-----w- c:\documents and settings\Sarah\Application Data\AOL
2009-09-22 00:34 . 2009-09-21 07:11 -------- d-----w- c:\documents and settings\Default User\Application Data\AOL
2009-09-22 00:34 . 2006-02-16 09:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-09-21 18:09 . 2006-02-16 10:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-21 18:00 . 2009-09-21 17:56 -------- d-----w- c:\program files\Common Files\Apple
2009-09-21 17:56 . 2009-09-21 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-21 07:11 . 2009-09-21 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-09-21 07:11 . 2006-02-15 16:18 -------- d-----w- c:\program files\Intel
2009-09-21 07:11 . 2009-09-21 07:12 -------- d-----w- c:\documents and settings\Sarah\Application Data\Intel
2009-09-21 07:11 . 2009-09-21 07:11 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-09-21 07:11 . 2009-09-21 07:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-09-21 06:59 . 2006-02-16 09:25 -------- d-----w- c:\program files\InterVideo
2009-09-21 04:25 . 2009-09-21 07:12 128 ----a-w- c:\documents and settings\Sarah\Local Settings\Application Data\fusioncache.dat
2009-08-05 09:01 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2006-02-15 14:04 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2006-02-15 14:02 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2006-02-15 14:05 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-02-15 14:04 915456 ----a-w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 22:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD5611"="del" [X]
"SpybotDeletingD2667"="del" [X]
"SpybotDeletingD5306"="del" [X]
"SpybotDeletingD8699"="del" [X]
"SpybotDeletingD8588"="del" [X]
"SpybotDeletingD4299"="del" [X]
"SpybotDeletingD8173"="del" [X]
"SpybotDeletingD3352"="del" [X]
"SpybotDeletingD2326"="del" [X]
"SpybotDeletingD9371"="del" [X]
"SpybotDeletingD3452"="del" [X]
"SpybotDeletingD9225"="del" [X]
"SpybotDeletingD418"="del" [X]
"SpybotDeletingD6012"="del" [X]
"SpybotDeletingD3297"="del" [X]
"SpybotDeletingD1863"="del" [X]
"SpybotDeletingD5358"="del" [X]
"SpybotDeletingD7801"="del" [X]
"SpybotDeletingD5770"="del" [X]
"SpybotDeletingD3198"="del" [X]
"SpybotDeletingD2861"="del" [X]
"SpybotDeletingD5678"="del" [X]
"SpybotDeletingD6176"="del" [X]
"SpybotDeletingD703"="del" [X]
"SpybotDeletingD8828"="del" [X]
"SpybotDeletingD9451"="del" [X]
"SpybotDeletingD298"="del" [X]
"SpybotDeletingD8484"="del" [X]
"SpybotDeletingD1435"="del" [X]
"SpybotDeletingD4328"="del" [X]
"SpybotDeletingD203"="del" [X]
"SpybotDeletingD9333"="del" [X]
"SpybotDeletingD3751"="del" [X]
"SpybotDeletingD1294"="del" [X]
"SpybotDeletingD7162"="del" [X]
"SpybotDeletingD19"="del" [X]
"SpybotDeletingD7853"="del" [X]
"SpybotDeletingD1096"="del" [X]
"SpybotDeletingD1371"="del" [X]
"SpybotDeletingD553"="del" [X]
"SpybotDeletingD2204"="del" [X]
"SpybotDeletingD265"="del" [X]
"SpybotDeletingD5816"="del" [X]
"SpybotDeletingD4260"="del" [X]
"SpybotDeletingD6729"="del" [X]
"SpybotDeletingD410"="del" [X]
"SpybotDeletingD8206"="del" [X]
"SpybotDeletingD1315"="del" [X]
"SpybotDeletingD356"="del" [X]
"SpybotDeletingD4314"="del" [X]
"SpybotDeletingD2917"="del" [X]
"SpybotDeletingD1133"="del" [X]
"SpybotDeletingD6207"="del" [X]
"SpybotDeletingD9876"="del" [X]
"SpybotDeletingD9942"="del" [X]
"SpybotDeletingD2118"="del" [X]
"SpybotDeletingD564"="del" [X]
"SpybotDeletingD6263"="del" [X]
"SpybotDeletingD6115"="del" [X]
"SpybotDeletingD3904"="del" [X]
"SpybotDeletingD7417"="del" [X]
"SpybotDeletingD8084"="del" [X]
"SpybotDeletingD2457"="del" [X]
"SpybotDeletingD9450"="del" [X]
"SpybotDeletingD9343"="del" [X]
"SpybotDeletingD8646"="del" [X]
"SpybotDeletingD8929"="del" [X]
"SpybotDeletingD2075"="del" [X]
"SpybotDeletingD8331"="del" [X]
"SpybotDeletingD895"="del" [X]
"SpybotDeletingD9320"="del" [X]
"SpybotDeletingD7299"="del" [X]
"SpybotDeletingD4801"="del" [X]
"SpybotDeletingD9489"="del" [X]
"SpybotDeletingD8492"="del" [X]
"SpybotDeletingD610"="del" [X]
"SpybotDeletingB6422"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5647"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8389"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9197"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1206"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9437"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7692"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3203"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2531"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB868"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6865"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5803"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3021"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9511"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6192"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8704"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5830"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6218"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4099"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB592"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5233"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2539"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3030"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9897"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3456"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6683"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8443"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4886"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4373"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB193"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB273"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5023"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8910"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2560"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6352"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9864"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6354"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5342"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5367"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4528"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3220"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9181"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2198"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8694"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7846"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3656"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB490"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5590"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1711"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB4777"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6351"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5866"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7731"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3128"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5242"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2470"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB6019"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9109"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7043"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB5229"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB247"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9365"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB984"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8149"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB7021"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB477"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2398"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB1729"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB292"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB352"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB8020"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9726"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9094"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB9088"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB3423"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingB2465"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Webroot Desktop Firewall"="c:\program files\Webroot\Webroot Desktop Firewall\WDF.exe" [2008-07-31 2401672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC2229"="del" [X]
"SpybotDeletingC1984"="del" [X]
"SpybotDeletingC9948"="del" [X]
"SpybotDeletingC9369"="del" [X]
"SpybotDeletingC8085"="del" [X]
"SpybotDeletingC5760"="del" [X]
"SpybotDeletingC4716"="del" [X]
"SpybotDeletingC2661"="del" [X]
"SpybotDeletingC9260"="del" [X]
"SpybotDeletingC6241"="del" [X]
"SpybotDeletingC7790"="del" [X]
"SpybotDeletingC3435"="del" [X]
"SpybotDeletingC5006"="del" [X]
"SpybotDeletingC5646"="del" [X]
"SpybotDeletingC4696"="del" [X]
"SpybotDeletingC5479"="del" [X]
"SpybotDeletingC6142"="del" [X]
"SpybotDeletingC7"="del" [X]
"SpybotDeletingC4048"="del" [X]
"SpybotDeletingC7052"="del" [X]
"SpybotDeletingC3553"="del" [X]
"SpybotDeletingC8503"="del" [X]
"SpybotDeletingC8210"="del" [X]
"SpybotDeletingC2762"="del" [X]
"SpybotDeletingC9976"="del" [X]
"SpybotDeletingC2464"="del" [X]
"SpybotDeletingC7246"="del" [X]
"SpybotDeletingC1933"="del" [X]
"SpybotDeletingC88"="del" [X]
"SpybotDeletingC6910"="del" [X]
"SpybotDeletingC3412"="del" [X]
"SpybotDeletingC143"="del" [X]
"SpybotDeletingC8311"="del" [X]
"SpybotDeletingC371"="del" [X]
"SpybotDeletingC7760"="del" [X]
"SpybotDeletingC6971"="del" [X]
"SpybotDeletingC1745"="del" [X]
"SpybotDeletingC2667"="del" [X]
"SpybotDeletingC229"="del" [X]
"SpybotDeletingC6193"="del" [X]
"SpybotDeletingC5752"="del" [X]
"SpybotDeletingC9507"="del" [X]
"SpybotDeletingC5820"="del" [X]
"SpybotDeletingC8654"="del" [X]
"SpybotDeletingC4681"="del" [X]
"SpybotDeletingC9010"="del" [X]
"SpybotDeletingC7476"="del" [X]
"SpybotDeletingC7878"="del" [X]
"SpybotDeletingC656"="del" [X]
"SpybotDeletingC2724"="del" [X]
"SpybotDeletingC7271"="del" [X]
"SpybotDeletingC4407"="del" [X]
"SpybotDeletingC8897"="del" [X]
"SpybotDeletingC2478"="del" [X]
"SpybotDeletingC3120"="del" [X]
"SpybotDeletingC545"="del" [X]
"SpybotDeletingC5137"="del" [X]
"SpybotDeletingC2729"="del" [X]
"SpybotDeletingC9074"="del" [X]
"SpybotDeletingC5254"="del" [X]
"SpybotDeletingC8419"="del" [X]
"SpybotDeletingC3856"="del" [X]
"SpybotDeletingC7093"="del" [X]
"SpybotDeletingC8207"="del" [X]
"SpybotDeletingC7785"="del" [X]
"SpybotDeletingC8384"="del" [X]
"SpybotDeletingC1069"="del" [X]
"GrpConv"="grpconv -o" [X]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"SpybotDeletingA1457"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA1597"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8470"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8280"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA6833"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2619"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA6480"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA4670"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5230"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA4265"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2254"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA1099"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA1277"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA7259"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA7349"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2035"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2997"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA7236"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA862"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8458"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8673"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA4594"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8752"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA513"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2618"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA9361"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5778"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5072"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA4532"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5751"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA6100"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA1841"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA6262"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8289"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA1368"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA6813"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2216"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8008"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA365"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2995"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5539"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA7842"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA3919"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA4858"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5582"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA9292"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5690"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA6599"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2205"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA9016"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA9284"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8847"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA9544"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA4161"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA4819"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA3770"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2007"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA9372"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2934"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8380"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5417"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA7932"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA4491"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA5158"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA8463"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA6964"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]
"SpybotDeletingA2484"="command.com" - c:\windows\system32\command.com [2004-08-10 50620]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 8:27 PM 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [7/31/2008 5:19 PM 103304]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [7/31/2008 5:19 PM 353672]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [9/20/2009 11:26 PM 1205760]
S2 AntipPolice_;AntiPol;c:\windows\svchast.exe --> c:\windows\svchast.exe [?]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [2/15/2006 9:04 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-21 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

2009-09-21 c:\windows\Tasks\WebReg psc C3100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-19 21:45]

2009-09-22 c:\windows\Tasks\wrSpySweeper_LDE481C42A9454328AF58D83B911233AB.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-09-21 22:40]

2009-09-22 c:\windows\Tasks\wrSpySweeper_LDE481C42A9454328AF58D83B911233AB.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-09-21 22:40]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Sarah\Application Data\Mozilla\Firefox\Profiles\hzjjhdyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\documents and settings\Sarah\Application Data\Mozilla\Firefox\Profiles\hzjjhdyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
HKLM-RunOnce- - (no file)
AddRemove-HijackThis - E:\HijackThis.exe
AddRemove-Matroska Pack - c:\program files\Matroska Pack\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 13:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\wdfproc.dll

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\wdfproc.dll
.
Completion time: 2009-09-24 14:00
ComboFix-quarantined-files.txt 2009-09-24 19:00

Pre-Run: 74,203,693,056 bytes free
Post-Run: 75,362,426,880 bytes free

632 --- E O F --- 2009-09-24 03:46

descriptionUnknown Virus EmptyRe: Unknown Virus24th September 2009, 11:43 pm

more_horiz

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    AntipPolice_

    Registry::
    [-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe

    Unknown Virus Cf010

  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Unknown Virus DXwU4
Unknown Virus VvYDg

descriptionUnknown Virus EmptyRe: Unknown Virus25th September 2009, 2:47 am

more_horiz
ComboFix 09-09-23.02 - Sarah 09/24/2009 21:33.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.883 [GMT -5:00]
Running from: c:\documents and settings\Sarah\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Sarah\Desktop\CFScript.txt
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot AntiVirus with AntiSpyware *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Webroot Desktop Firewall *disabled* {AF0CFAAE-AAB5-450a-8C74-0DEEB429DF50}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPPOLICE_
-------\Service_AntipPolice_


((((((((((((((((((((((((( Files Created from 2009-08-25 to 2009-09-25 )))))))))))))))))))))))))))))))
.

2009-09-24 18:44 . 2009-09-24 18:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2009-09-24 14:23 . 2009-09-24 14:23 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-09-24 14:19 . 2009-09-24 14:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-09-24 13:57 . 2009-09-24 13:57 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-09-24 02:45 . 2009-09-24 02:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-24 02:45 . 2009-09-24 02:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-23 01:36 . 2009-09-23 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-09-22 18:24 . 2009-09-22 18:24 135 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\fusioncache.dat
2009-09-22 18:24 . 2009-09-22 18:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ApplicationHistory
2009-09-22 13:35 . 2008-10-16 19:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-22 13:35 . 2008-10-16 19:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-22 03:18 . 2009-09-22 03:18 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-22 01:05 . 2009-09-22 01:05 -------- d-----w- c:\program files\CASIO
2009-09-22 00:40 . 2001-08-18 03:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2009-09-22 00:36 . 2009-09-22 00:36 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-22 00:36 . 2009-09-22 00:36 -------- d-----w- c:\program files\real
2009-09-22 00:28 . 2009-09-22 00:28 -------- d-----w- c:\program files\GIMP-2.0
2009-09-22 00:22 . 2009-09-22 00:47 -------- d-----w- c:\program files\Matroska Pack
2009-09-22 00:21 . 2009-09-22 00:21 -------- d-----w- c:\documents and settings\Sarah\Application Data\vlc
2009-09-22 00:20 . 2009-09-22 00:20 -------- d-----w- c:\program files\VideoLAN
2009-09-21 23:48 . 2009-09-24 22:38 -------- d-----w- c:\documents and settings\Sarah\Tracing
2009-09-21 23:47 . 2009-09-21 23:47 -------- d-----w- c:\program files\Microsoft
2009-09-21 23:47 . 2009-09-21 23:47 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-21 23:46 . 2009-09-21 23:47 -------- d-----w- c:\program files\Windows Live
2009-09-21 23:43 . 2009-09-21 23:43 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-21 23:42 . 2009-09-21 23:42 -------- d-----w- c:\documents and settings\Sarah\Application Data\HP
2009-09-21 23:41 . 2009-09-21 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-21 23:39 . 2009-09-21 23:41 -------- d-----w- c:\program files\Common Files\HP
2009-09-21 23:37 . 2009-09-21 23:38 -------- d-----w- c:\program files\Hewlett-Packard
2009-09-21 23:36 . 2009-09-21 23:36 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-09-21 23:32 . 2009-09-21 23:42 117157 ----a-w- c:\windows\hpoins11.dat
2009-09-21 23:28 . 2006-05-05 23:17 11634 ----a-w- c:\windows\hpomdl11.dat
2009-09-21 22:26 . 2009-09-21 22:26 -------- d-----w- c:\program files\MSECache
2009-09-21 22:21 . 2006-04-10 19:03 38400 ----a-w- c:\windows\system32\hpz3l054.dll
2009-09-21 22:21 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-09-21 22:21 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-09-21 22:20 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2009-09-21 22:20 . 2006-03-04 02:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-09-21 22:20 . 2006-03-04 02:02 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-09-21 22:20 . 2006-03-04 02:02 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-09-21 22:20 . 2006-03-04 02:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2009-09-21 22:20 . 2006-03-04 02:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2009-09-21 22:20 . 2009-09-21 23:40 -------- d-----w- c:\program files\HP
2009-09-21 22:15 . 2006-04-13 00:04 49664 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-09-21 22:14 . 2006-04-13 00:04 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-09-21 22:14 . 2006-04-13 00:04 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-09-21 22:13 . 2006-04-13 00:02 827392 ----a-w- c:\windows\system32\hpotiop2.dll
2009-09-21 22:13 . 2006-04-13 00:02 659456 ----a-w- c:\windows\system32\hpowiax2.dll
2009-09-21 22:13 . 2006-04-13 00:04 282624 ----a-w- c:\windows\system32\HPZc3212.dll
2009-09-21 22:13 . 2006-04-13 00:02 254026 ----a-w- c:\windows\system32\hpovst09.dll
2009-09-21 22:13 . 2005-07-19 01:38 98304 ----a-w- c:\windows\system32\hpzjsn01.dll
2009-09-21 22:13 . 2006-01-04 08:12 77824 ----a-w- c:\windows\system32\HPZIDS01.dll
2009-09-21 21:55 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-09-21 21:55 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-21 21:49 . 2008-04-13 18:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-09-21 21:49 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-09-21 21:49 . 2009-09-21 21:49 -------- d-----w- c:\documents and settings\Sarah\Application Data\FUJIFILM
2009-09-21 18:13 . 2009-09-21 18:13 -------- d-----w- c:\program files\PIXELA
2009-09-21 18:12 . 2004-02-05 06:29 380928 ----a-w- c:\windows\system32\FE05F3D7.dll
2009-09-21 18:12 . 2003-12-10 00:45 401408 ----a-w- c:\windows\system32\FE05F3D6.dll
2009-09-21 18:12 . 2003-08-26 15:54 401408 ----a-w- c:\windows\system32\FE05EFED.dll
2009-09-21 18:12 . 2003-06-25 22:24 299008 ----a-w- c:\windows\system32\FE05F051.dll
2009-09-21 18:12 . 2003-06-10 05:37 299008 ----a-w- c:\windows\system32\FE05F3D5.dll
2009-09-21 18:12 . 2003-06-03 03:50 299008 ----a-w- c:\windows\system32\FE05DA0D.dll
2009-09-21 18:12 . 2002-04-07 09:26 106496 ----a-w- c:\windows\system32\FPXS2Pro.dll
2009-09-21 18:12 . 2003-09-06 12:57 159744 ----a-w- c:\windows\system32\FFRAFLIB.DLL
2009-09-21 18:12 . 2003-09-03 12:45 274432 ----a-w- c:\windows\system32\FFTIFF16.dll
2009-09-21 18:11 . 2009-09-21 18:12 -------- d-----w- c:\program files\FinePixViewer
2009-09-21 18:11 . 2001-11-25 11:11 81924 ------w- c:\windows\system32\drivers\VC4CB104.SYS
2009-09-21 18:11 . 2009-09-21 18:11 -------- d-----w- c:\program files\REGSHAVE
2009-09-21 18:11 . 2002-06-25 15:06 45056 ------w- c:\windows\system32\FINFCOPY.dll
2009-09-21 18:11 . 2002-02-27 11:27 65536 ------w- c:\windows\system32\FINFCHECK.dll
2009-09-21 18:11 . 2002-02-13 10:00 45056 ------w- c:\windows\system32\FCLKBTN.DLL
2009-09-21 18:11 . 2002-02-05 16:33 69632 ------w- c:\windows\system32\FREGSHEX.DLL
2009-09-21 18:01 . 2009-09-22 00:22 -------- d-----w- c:\documents and settings\Sarah\Application Data\Apple Computer
2009-09-21 18:01 . 2009-05-18 19:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-21 18:01 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-09-21 18:00 . 2009-09-21 18:00 -------- d-----w- c:\program files\iPod
2009-09-21 18:00 . 2009-09-21 18:01 -------- d-----w- c:\program files\iTunes
2009-09-21 18:00 . 2009-09-21 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 17:59 . 2009-09-21 17:59 -------- d-----w- c:\program files\Bonjour
2009-09-21 17:58 . 2009-09-21 17:59 -------- d-----w- c:\program files\QuickTime
2009-09-21 17:58 . 2009-09-21 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-21 17:57 . 2009-09-21 17:57 -------- d-----w- c:\documents and settings\Sarah\Local Settings\Application Data\Apple
2009-09-21 17:57 . 2009-09-21 17:57 -------- d-----w- c:\program files\Apple Software Update
2009-09-21 15:12 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-21 15:12 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-09-21 15:12 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-09-21 15:12 . 2009-07-19 23:48 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-09-21 15:12 . 2009-07-03 17:09 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-09-21 15:12 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-21 15:10 . 2009-09-21 15:11 -------- dc-h--w- c:\windows\ie8
2009-09-21 15:02 . 2009-09-21 15:02 -------- d-----w- c:\program files\MSXML 4.0
2009-09-21 13:49 . 2009-09-21 13:49 -------- d-----w- c:\windows\system32\scripting
2009-09-21 13:49 . 2009-09-21 13:49 -------- d-----w- c:\windows\l2schemas
2009-09-21 13:48 . 2009-09-21 13:48 -------- d-----w- c:\windows\system32\en
2009-09-21 13:48 . 2009-09-21 13:48 -------- d-----w- c:\windows\system32\bits
2009-09-21 13:43 . 2009-09-21 13:43 -------- d-----w- c:\windows\ServicePackFiles
2009-09-21 13:21 . 2009-09-21 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-21 13:21 . 2009-09-21 13:21 -------- d-----w- c:\program files\NOS
2009-09-21 13:17 . 2008-04-14 00:12 276992 ------w- c:\windows\system32\wmphoto.dll
2009-09-21 13:17 . 2008-04-14 00:12 69120 ------w- c:\windows\system32\wlanapi.dll
2009-09-21 13:15 . 2008-04-14 00:12 33792 ------w- c:\windows\system32\mmcperf.exe
2009-09-21 13:14 . 2008-04-14 00:11 3775 ------w- c:\windows\system32\drivers\adv11nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3711 ------w- c:\windows\system32\drivers\adv09nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3647 ------w- c:\windows\system32\drivers\adv07nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3615 ------w- c:\windows\system32\drivers\adv05nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3135 ------w- c:\windows\system32\drivers\adv08nt5.dll
2009-09-21 13:14 . 2008-04-13 18:36 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2009-09-21 13:14 . 2008-04-13 18:36 42368 ------w- c:\windows\system32\drivers\agp440.sys
2009-09-21 13:14 . 2007-04-02 18:26 19456 -c--a-w- c:\windows\system32\dllcache\agt040d.dll
2009-09-21 13:14 . 2007-04-02 18:25 19456 -c--a-w- c:\windows\system32\dllcache\agt0404.dll
2009-09-21 13:14 . 2007-04-02 18:25 19456 -c--a-w- c:\windows\system32\dllcache\agt0401.dll
2009-09-21 13:14 . 2008-04-14 00:11 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 3967 ------w- c:\windows\system32\drivers\adv02nt5.dll
2009-09-21 13:14 . 2008-04-14 00:11 136192 ------w- c:\windows\system32\aaclient.dll
2009-09-21 12:57 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-09-21 12:57 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-09-21 12:57 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-09-21 12:55 . 2008-10-03 10:02 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-09-21 12:55 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-09-21 12:55 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-09-21 12:55 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-09-21 12:55 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-09-21 07:11 . 2009-09-21 07:11 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-24 19:03 . 2006-02-16 16:59 62224 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-23 03:54 . 2006-02-16 10:39 -------- d-----w- c:\program files\Microsoft Works
2009-09-22 18:33 . 2006-02-15 16:25 -------- d-----w- c:\program files\TOSHIBA
2009-09-22 18:27 . 2006-02-16 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-09-22 00:53 . 2006-02-15 16:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-22 00:47 . 2006-02-16 09:55 -------- d-----w- c:\program files\Pure Networks
2009-09-22 00:47 . 2006-02-16 09:55 -------- d-----w- c:\program files\Common Files\AOL
2009-09-22 00:43 . 2006-02-25 04:32 -------- d-----w- c:\program files\Toshiba Games
2009-09-22 00:38 . 2006-02-16 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-09-22 00:37 . 2006-02-16 09:56 -------- d-----w- c:\program files\Common Files\Real
2009-09-22 00:34 . 2009-09-21 07:12 -------- d-----w- c:\documents and settings\Sarah\Application Data\AOL
2009-09-22 00:34 . 2009-09-21 07:11 -------- d-----w- c:\documents and settings\Default User\Application Data\AOL
2009-09-22 00:34 . 2006-02-16 09:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-09-21 18:09 . 2006-02-16 10:41 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-21 18:00 . 2009-09-21 17:56 -------- d-----w- c:\program files\Common Files\Apple
2009-09-21 17:56 . 2009-09-21 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-21 07:11 . 2009-09-21 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-09-21 07:11 . 2006-02-15 16:18 -------- d-----w- c:\program files\Intel
2009-09-21 07:11 . 2009-09-21 07:12 -------- d-----w- c:\documents and settings\Sarah\Application Data\Intel
2009-09-21 07:11 . 2009-09-21 07:11 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2009-09-21 07:11 . 2009-09-21 07:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2009-09-21 06:59 . 2006-02-16 09:25 -------- d-----w- c:\program files\InterVideo
2009-09-21 04:25 . 2009-09-21 07:12 128 ----a-w- c:\documents and settings\Sarah\Local Settings\Application Data\fusioncache.dat
2009-08-05 09:01 . 2006-02-15 14:03 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2006-02-15 14:04 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:37 . 2006-02-15 14:02 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-26 21:44 . 2009-07-26 21:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2006-02-15 14:02 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 15:08 . 2006-02-15 14:05 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2006-02-15 14:04 915456 ------w- c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-24_18.58.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-24 22:38 . 2009-09-25 02:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-02-15 15:41 . 2009-09-25 02:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-02-15 15:41 . 2009-09-24 14:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-24 22:38 . 2009-09-25 02:39 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-02-15 15:41 . 2009-09-24 14:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-05-13 22:34 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Webroot Desktop Firewall"="c:\program files\Webroot\Webroot Desktop Firewall\WDF.exe" [2008-07-31 2401672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-09-22 198160]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-05-13 6345840]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM(135)

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [4/21/2009 8:27 PM 29808]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [7/31/2008 5:19 PM 103304]
R2 WDFNet;Webroot Desktop Firewall network service;c:\program files\Webroot\Webroot Desktop Firewall\wdfsvc.exe [7/31/2008 5:19 PM 353672]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [9/20/2009 11:26 PM 1205760]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [2/15/2006 9:04 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-09-21 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]

2009-09-21 c:\windows\Tasks\WebReg psc C3100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-19 21:45]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Sarah\Application Data\Mozilla\Firefox\Profiles\hzjjhdyu.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - plugin: c:\documents and settings\Sarah\Application Data\Mozilla\Firefox\Profiles\hzjjhdyu.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-24 21:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\wdfproc.dll

- - - - - - - > 'lsass.exe'(952)
c:\windows\system32\wdfproc.dll

- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\WININET.dll
c:\windows\system32\wdfproc.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\TDispVol.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Webroot\WebrootSecurity\SSU.exe
.
**************************************************************************
.
Completion time: 2009-09-25 21:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-25 02:43
ComboFix2.txt 2009-09-24 19:00

Pre-Run: 75,307,388,928 bytes free
Post-Run: 75,183,562,752 bytes free

366 --- E O F --- 2009-09-24 03:46

descriptionUnknown Virus EmptyRe: Unknown Virus25th September 2009, 9:17 am

more_horiz
Hello.
Last thing we need to do now.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Unknown Virus DXwU4
Unknown Virus VvYDg

descriptionUnknown Virus EmptyRe: Unknown Virus25th September 2009, 1:52 pm

more_horiz
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bejeweled 2 Deluxe
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Bonjour
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
DVD-RAM Driver
FinePixViewer Ver.4.2
FUJIFILM USB Driver
GemMaster Mystic
GIMP 2.6.7
Google Toolbar for Internet Explorer
Haali Media Splitter
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Software Update
HP Solution Center 7.0
ImageMixer VCD2 for FinePix
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
Macromedia Flash Player 8
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Choice Guard
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox (3.5.3)
mPfMgr
mPfWiz
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
mWlsSafe
mXML
mZConfig
OCR Software by I.R.I.S 7.0
Office 2003 Trial Assistant
Otto
Photo Transport
QuickTime
RAW FILE CONVERTER LE
RealPlayer
Realtek High Definition Audio Driver
SD Secure Module
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Spy Sweeper Core
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Media Player 10 (KB910393)
Update for Windows XP (KB951978)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.6i
Viewpoint Media Player
Webroot AntiVirus with AntiSpyware
Webroot Desktop Firewall
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

descriptionUnknown Virus EmptyRe: Unknown Virus25th September 2009, 6:33 pm

more_horiz
Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 4
    Viewpoint Media Player

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Unknown Virus CF_Cleanup

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Unknown Virus DXwU4
Unknown Virus VvYDg

descriptionUnknown Virus EmptyRe: Unknown Virus29th September 2009, 1:08 am

more_horiz
It seems to be working alright now. Thank you! Hooray!

descriptionUnknown Virus EmptyRe: Unknown Virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum