Karl`s PC Help Forums Last active: Never
Not logged in [Login ]
Go To Bottom

In memory of Karl Davis, founder of this board, who made his final journey 12th June 2007

Printable Version | Subscribe | Add to Favourites   Post new thread Poll:
Author: Subject: Kernel32x.SYS
Andre
Proud to be called a BRIT
*




Posts: 9
Registered: 20-4-2008
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 331834 posted on 20-4-2008 at 22:38 Reply With Quote
Kernel32x.SYS



I have the same problem as Minlee (see seperate post). i.e. get the following error message:

Your system is unstable.
... Kernel32x.SYS ... Windows has been shut down buggy... and it then gives me a minute or so until it shuts the system.

Can you assist?

My Hijack log is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:52 AM, on 4/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\BigPond_CM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\PC Registry Cleaner\PCRegistryCleaner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Telstra BigPond Home Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\bpwbb2ad.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFCB3A3-5306-4693-A11C-BCBD5FCBF75E}: NameServer = 192.168.1.1,0.0.0.0
O20 - Winlogon Notify: xlymqpiv - C:\WINDOWS\SYSTEM32\xlymqpiv.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Microsoft DDE+ server (c2fb6950) - Unknown owner - C:\WINDOWS\system32\.c2fb6950\c2fb6950.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9340 bytes
View User's Profile View All Posts By User
Pancake
Custom User Title
*******


Avatar


Posts: 537
Registered: 17-4-2006
Location: Victoria Australia
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 331838 posted on 20-4-2008 at 23:29 Reply With Quote


Please download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe SDFix from here and save it to your desktop

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Report.txt will also be copied to Clipboard ready for posting back on the forum).
Please copy and paste that log in your next reply.

=================================


Ok.We need to download ComboFix.exe. This will give a better view to the files running and also hidden on your computer.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix Please visit this webpage for download links, and instructions for running ComboFix


When the tool is finished, it will produce a report for you. Please copy and paste the "C:\ComboFix.txt" along with a new 'HijackThis' log so that we can continue to do any further cleaning that your system may require.

Caution: Never run and remove files with Combofix unless supervised by a security analyst.

NOTE: Combofix prevents autorun of all CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you - please let me know.
View User's Profile View All Posts By User
Andre
Proud to be called a BRIT
*




Posts: 9
Registered: 20-4-2008
Theme: KF Blue (Default)
Member Is Offline

Mood: No Mood

[*] Post 332196 posted on 22-4-2008 at 00:42 Reply With Quote


ComboFix and new HijackThis Log belwo:

ComboFix 08-04-20.2 - Andre Weich 2008-04-22 10:12:30.1 - NTFSx86
Running from: C:\Documents and Settings\Andre Weich\Desktop\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Andre Weich\Application Data\WinAntiSpyware 2006
C:\Documents and Settings\Andre Weich\Application Data\WinAntiSpyware 2006\activator_info.txt
C:\Documents and Settings\Andre Weich\Application Data\WinAntiSpyware 2006\Logs\Activate.log
C:\Documents and Settings\Andre Weich\Application Data\WinAntiSpyware 2006\Logs\update.log
C:\Documents and Settings\Andre Weich\err.log
C:\Program Files\Common Files\WinAntiSpyware 2006
C:\Program Files\Common Files\WinAntiSpyware 2006\err.log
C:\Program Files\Common Files\WinAntiSpyware 2006\was6chk.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 08:28 . 2008-04-22 08:28 <DIR> d-------- C:\VundoFix Backups
2008-04-21 20:15 . 2008-04-21 15:10 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-21 20:15 . 2008-04-21 15:10 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-21 20:15 . 2008-04-21 15:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-21 20:15 . 2008-04-21 15:10 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-21 20:15 . 2008-04-21 15:10 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-21 20:15 . 2008-04-21 15:10 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-21 20:15 . 2008-04-21 15:10 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-21 17:30 . 2008-04-22 09:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-21 17:30 . 2008-04-21 17:30 <DIR> d-------- C:\Documents and Settings\Andre Weich\Application Data\SUPERAntiSpyware.com
2008-04-21 17:30 . 2008-04-21 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-21 16:51 . 2008-04-21 17:04 <DIR> d-------- C:\b282354aeffeaee5df3b85
2008-04-21 15:54 . 2008-04-21 16:35 <DIR> d-------- C:\[u]0[/u]3e46523e4c594cc4951f3d3
2008-04-21 15:12 . 2008-04-21 20:16 3,828 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-21 10:24 . 2008-04-21 10:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-04-21 10:16 . 2008-04-20 07:19 <DIR> d-------- C:\SDFix
2008-04-21 07:54 . 2008-04-21 07:54 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-20 12:06 . 2008-04-20 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers Headquarters
2008-04-20 12:03 . 2008-04-20 12:03 <DIR> d-------- C:\Program Files\PC Drivers HeadQuarters
2008-04-20 10:17 . 2008-04-21 09:54 <DIR> d-------- C:\Program Files\Panda Security
2008-04-18 12:20 . 2008-04-18 12:35 <DIR> d-------- C:\Program Files\PC Doc Pro
2008-04-18 12:20 . 2004-03-09 09:30 662,288 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-18 12:20 . 2000-05-22 10:30 608,448 --a------ C:\WINDOWS\system32\COMCTL32.OCX
2008-04-18 12:20 . 2001-08-17 00:00 494,352 --a------ C:\WINDOWS\system32\SHDOC401.DLL
2008-04-18 12:20 . 1998-06-24 00:00 164,144 --a------ C:\WINDOWS\system32\COMCT232.OCX
2008-04-18 12:20 . 2000-05-22 15:58 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-04-18 12:20 . 2007-12-19 16:12 53,248 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-04-18 12:04 . 2008-04-18 12:04 <DIR> d-------- C:\!KillBox
2008-04-18 06:04 . 2008-04-21 07:56 <DIR> dr-h----- C:\$VAULT$.AVG
2008-04-18 06:02 . 2008-04-18 06:02 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-18 06:02 . 2008-04-22 08:00 <DIR> d-------- C:\Documents and Settings\Andre Weich\Application Data\AVG7
2008-04-18 06:01 . 2008-04-18 06:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-18 06:01 . 2008-04-18 06:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-18 03:02 . 2008-04-18 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-17 17:25 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-17 17:25 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-17 17:25 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-17 15:46 . 2008-04-17 15:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-17 15:46 . 2008-04-17 15:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-17 14:32 . 2008-04-17 14:32 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-04-17 08:14 . 2008-04-17 08:14 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-17 08:13 . 2007-03-29 22:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-17 08:13 . 2007-03-29 22:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-04-17 06:18 . 2008-04-17 06:18 248,832 --a------ C:\WINDOWS\system32\xlymqpiv.dll
2008-04-16 16:37 . 2008-03-01 23:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-16 16:37 . 2007-04-17 19:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-16 16:37 . 2007-03-08 15:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-16 16:37 . 2008-03-01 23:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-16 16:37 . 2008-03-01 23:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-16 16:37 . 2008-03-01 23:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-16 16:37 . 2008-03-01 23:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-16 16:37 . 2008-03-01 23:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-16 16:37 . 2008-02-22 20:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-16 16:23 . 2004-08-04 22:00 68,608 --a------ C:\WINDOWS\system32\dllcache\plugin.ocx
2008-04-13 10:22 . 2005-08-13 08:26 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-04-13 10:22 . 2005-08-13 08:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\toshiba
2008-04-13 10:22 . 2005-08-13 08:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-04-13 10:22 . 2008-04-18 06:02 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-13 10:22 . 2008-04-22 10:12 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
2008-04-13 04:33 . 2008-04-13 04:33 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-12 13:23 . 2008-04-22 08:19 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-12 13:01 . 2004-08-04 00:56 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-12 13:01 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-12 13:01 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-12 13:01 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-12 13:01 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-12 13:01 . 2001-08-17 22:36 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-12 13:01 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-12 13:01 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-12 12:59 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-04-12 12:58 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-12 12:57 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-04-12 12:56 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-12 12:55 . 2001-08-17 14:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-04-12 12:54 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-12 12:53 . 2004-08-04 22:00 456,704 --a--c--- C:\WINDOWS\system32\dllcache\smtpsvc.dll
2008-04-12 12:52 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-12 12:51 . 2001-08-17 14:56 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll
2008-04-12 12:50 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-12 12:49 . 2004-08-04 00:56 397,056 --a--c--- C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-04-12 12:48 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-12 12:47 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-04-12 12:46 . 2004-08-04 00:56 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-12 12:45 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-12 12:44 . 2004-08-04 00:56 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-04-12 12:43 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-04-12 12:42 . 2004-08-04 00:56 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-12 12:41 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys
2008-04-12 12:40 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-12 12:39 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-04-12 12:38 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-04-12 12:37 . 2004-08-03 22:41 1,041,536 --a--c--- C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-04-12 12:36 . 2001-08-17 22:36 324,608 --a--c--- C:\WINDOWS\system32\dllcache\hpojwia.dll
2008-04-12 12:35 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-12 12:34 . 2001-08-17 13:28 595,647 --a--c--- C:\WINDOWS\system32\dllcache\es56cvmp.sys
2008-04-12 12:04 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-04-12 12:03 . 2004-08-04 22:00 514,587 --a--c--- C:\WINDOWS\system32\dllcache\edb500.dll
2008-04-12 12:02 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-12 12:01 . 2001-08-17 22:36 256,512 --a--c--- C:\WINDOWS\system32\dllcache\devcon32.dll
2008-04-12 12:00 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-12 11:59 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-12 11:58 . 2004-08-04 00:56 870,784 --a--c--- C:\WINDOWS\system32\dllcache\ati3d1ag.dll
2008-04-12 11:57 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
2008-04-12 07:58 . 2008-04-12 10:57 <DIR> d-------- C:\Documents and Settings\Andre Weich\Application Data\Spyware Terminator
2008-04-12 04:31 . 2008-04-12 04:31 <DIR> d-------- C:\Documents and Settings\Andre Weich\Application Data\AdwareAlert
2008-04-11 10:12 . 2008-04-21 07:56 <DIR> d--h----- C:\WINDOWS\system32\.c2fb6950
2008-04-05 06:15 . 2008-04-22 08:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 07:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-20 02:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-18 23:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-04-14 23:51 --------- d-----w C:\Program Files\Banner Maker Pro 6
2008-04-09 03:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-04-08 22:09 --------- d-----w C:\Documents and Settings\Andre Weich\Application Data\skypePM
2008-04-04 20:15 --------- d-----w C:\Program Files\Google
2008-03-14 01:53 --------- d-----w C:\Documents and Settings\Andre Weich\Application Data\Unyte
2008-03-14 01:43 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-10 10:35 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 17:32 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 12:37 68856]
"AdwareAlert"="C:\Program Files\AdwareAlert\AdwareAlert.exe" [ ]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-06 14:05 344064]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2004-03-24 00:40 196608]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2005-07-01 03:05 671744]
"NDSTray.exe"="NDSTray.exe" []
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2005-06-09 08:51 53248]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2005-05-31 22:33 122941]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-08 07:03 1077301]
"ZoomingHook"="ZoomingHook.exe" [2005-06-07 02:58 24576 C:\WINDOWS\system32\ZoomingHook.exe]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 09:13 122880]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-02 06:45 65536]
"TPSMain"="TPSMain.exe" [2005-06-01 10:16 282624 C:\WINDOWS\system32\TPSMain.exe]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-02 06:45 28672]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-04-06 09:25 73728]
"AGRSMMSG"="AGRSMMSG.exe" [2004-12-22 02:10 88358 C:\WINDOWS\agrsmmsg.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2005-08-06 10:02 28672 C:\WINDOWS\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-26 09:58 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-31 00:36 256576]
"BigPondWirelessBroadbandCM"="C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\BigPond_CM.exe" [2007-06-26 17:08 2048000]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 15:14 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-18 06:01 579584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-18 06:01 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-05 06:15:22 124400]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-06 15:00:00 111376]
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-06 15:00:00 333824]
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [1997-08-06 15:00:00 51984]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-08-13 08:11:00 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xlymqpiv]
xlymqpiv.dll 2008-04-17 06:18 248832 C:\WINDOWS\system32\xlymqpiv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\c2fb6950]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=

S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2006-03-28 22:48]
S3 GTFFBUS;GT FF BUS;C:\WINDOWS\system32\DRIVERS\gtffbus.sys [2006-10-14 01:02]
S3 GTMNDISIRPXP;GT M 3G+ IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2006-10-14 01:02]
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2006-03-28 22:48]
S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2006-03-28 22:48]
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2006-10-14 01:02]
S3 TSClient;Tatara Protocol Driver;C:\WINDOWS\system32\drivers\tsclient.sys [2005-12-01 17:20]

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 04:23:54 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-04-16 09:43:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 10:16:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\xlymqpiv.dll
.
Completion time: 2008-04-22 10:19:31
ComboFix-quarantined-files.txt 2008-04-22 00:19:26

Pre-Run: 47,925,018,624 bytes free
Post-Run: 47,933,337,600 bytes free

235 --- E O F --- 2008-04-17 17:09:39

----------------------------------------------------------------------------------

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:37 AM, on 4/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\BigPond_CM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: BigPond Wireless Broadband 2.0 Auto Dial - {DB92EC3F-697D-4C3B-9A3B-3ABBD23D4A85} - C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\bpwbb2ad.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BigPondWirelessBroadbandCM] "C:\Program Files\Telstra\BigPond Wireless Broadband 2.7.3\BigPond_CM.exe" -tsr
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DFCB3A3-5306-4693-A11C-BCBD5FCBF75E}: NameServer = 192.168.1.1,0.0.0.0
O20 - Winlogon Notify: xlymqpiv - C:\WINDOWS\SYSTEM32\xlymqpiv.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Microsoft DDE+ server (c2fb6950) - Unknown owner - C:\WINDOWS\system32\.c2fb6950\c2fb6950.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 9346 bytes
View User's Profile View All Posts By User
Post new thread Poll:

Guest Notice
You are a guest, as a guest you can only see a maximum of 3 posts per thread.

If you want to see the rest, please click here to register.