• Welcome Guest, to the Spybot Forums! It's 2025, and we just upgraded our forum software.

    Today is Safer Internet Day, and with our new forum, you can finally use passkeys to login. That was about time!

    Of course, you could ask if a forum is still useful, with so many social media networks out there where you might already have an account, and met a lot of users. You can now use your login from some of those networks to log in here. And by posting here, your question and data is stored on our servers and not automatically shared with a whole social media network.

    We'll also start using the forum for small bits of information, announcements and more again.

Virtumonde - please help!

Status
Not open for further replies.
E

ehannahr

New member
Hi there experts - I've got Virtmonde hijacking internet explorer and a couple of other infections which Spybot keeps throwing up. I've pasted an HJT log. Can you help? Many thanks, EHR




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:58, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system\Cm106eye.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {482E583A-6494-419E-80F4-C2AE3A373D51} - C:\WINDOWS\system32\tuvWQigF.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9A50B2AF-3B2B-47DD-AECD-5D80A886F504} - C:\WINDOWS\system32\rqRJDwxY.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: {1e46ac4d-5e22-c72b-02f4-01c49ed3598e} - {e8953de9-4c10-4f20-b27c-22e5d4ca64e1} - C:\WINDOWS\system32\ndkivd.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [002d7f3c] rundll32.exe "C:\WINDOWS\system32\aakslbfw.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [GoldenFTPserver] "C:\Program Files\Golden FTP Server\gftp.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22F785C3-D9CB-4B14-A683-BECA06169DED}: NameServer = 192.168.99.1,192.168.99.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B1343CE-89F9-4DF1-A80A-CFDB33090615}: NameServer = 192.168.99.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{22F785C3-D9CB-4B14-A683-BECA06169DED}: NameServer = 192.168.99.1,192.168.99.10
O20 - Winlogon Notify: rqRJDwxY - rqRJDwxY.dll (file missing)
O20 - Winlogon Notify: winqap32 - C:\WINDOWS\SYSTEM32\winqap32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: DVRMSFileWatcherService - - c:\program files\dvrmstoolbox\dvrmsfilewatcherservice.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: WebGuideTranscode - WebGuide LLC - C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe

--
End of file - 14554 bytes
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You are infected, I suggest you keep this computer offline except when troubleshooting, the junk may download more. If you have any tool I use, delete it and download it new from the link I provide. Read and follow the directions carefully, the tools will not work unless you do.
This can be a tough infection to remove so do not expect fast or easy.

C:\WINDOWS\system\Cm106eye.exe <<< do you know what this is? If not scan it here: http://virusscan.jotti.org/
and post the results.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

Remove any old copies of combofix before you proceed.

Thanks to sUBs and anyone else who helped with this fix.

It is important that it is saved directly to your Desktop

Download ComboFix from Here to your Desktop
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the combofix log and a new HJT log.

Tutorial
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks
 
Hi pskelly, thanks so much for your advice. Sorry it's taken me so long to do this, but I've had a shot at what you suggested and here are the log results.


1. scanning C:\WINDOWS\system\Cm106eye.exe showed no virus detected.
2. Combofix produced the following:
ComboFix 08-07-05.1 - Hannah Robinson 2008-07-08 8:41:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.583 [GMT 1:00]
Running from: C:\Documents and Settings\Hannah Robinson\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hannah Robinson\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\WebGuide
C:\Program Files\WebGuide\WebGuide4\about.aspx
C:\Program Files\WebGuide\WebGuide4\app_data\config_error.txt
C:\Program Files\WebGuide\WebGuide4\app_data\config_log.txt
C:\Program Files\WebGuide\WebGuide4\app_data\FilterGraph.grf
C:\Program Files\WebGuide\WebGuide4\app_data\FilterGraph0.grf
C:\Program Files\WebGuide\WebGuide4\app_data\license.xml
C:\Program Files\WebGuide\WebGuide4\app_data\roles.xml
C:\Program Files\WebGuide\WebGuide4\app_data\roles.xsd
C:\Program Files\WebGuide\WebGuide4\app_data\settings.xml
C:\Program Files\WebGuide\WebGuide4\app_data\settings.xsd
C:\Program Files\WebGuide\WebGuide4\app_data\temp.wmv
C:\Program Files\WebGuide\WebGuide4\app_data\users.xml
C:\Program Files\WebGuide\WebGuide4\app_data\users.xsd
C:\Program Files\WebGuide\WebGuide4\app_data\web_error.txt
C:\Program Files\WebGuide\WebGuide4\app_data\web_log.txt
C:\Program Files\WebGuide\WebGuide4\app_data\wg_connect.xml
C:\Program Files\WebGuide\WebGuide4\app_data\WGStreamService_error.txt
C:\Program Files\WebGuide\WebGuide4\app_data\WGStreamService_log.txt
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\ae_logo.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\arrow_down.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\arrow_down_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\arrow_up.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\arrow_up_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\bg.jpg
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\box-bottom.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\box-middle.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\box-narrow-bottom.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\box-narrow-middle.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\box-narrow-top.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\box-top.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\box.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\cell-background.jpg
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\check.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\check_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\chicklet-off.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\divider.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\friend_shared_big.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\friend_shared_sm.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\header_grad.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\header_icon_alert.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\header_icon_info.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\header_icon_recording.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\header_icon_settings.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\header_icon_submenu.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_button_blank.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_button_blank_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_button_close.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_button_close_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_button_info.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_button_info_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_button_zoom.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_button_zoom_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_calendar.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_record_series.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_record_series_exclude.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_record_single.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_series_alert.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_single_alert.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_pause.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_pause_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_play.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_play_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_skipb.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_skipb_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_skipf.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_skipf_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_stop.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\icon_transport_stop_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\info-bottom.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\info-middle.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\info-top.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\leftblock.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\leftcontinue.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\leftcontinue.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\main-button-off.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\main-button-over.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\menu-over.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\narrow-box-bottom.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\narrow-box-middle.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\narrow-box-top.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\navbar.jpg
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\page-background.jpg
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\prism_icon_big.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\prism_icon_sm.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\refresh.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\refresh_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_back.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_back_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_chan_down.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_chan_down_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_chan_up.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_chan_up_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_down.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_down_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_dvd.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_dvd_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_forward.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_forward_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_guide.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_guide_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_info.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_info_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_left.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_left_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_livetv.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_livetv_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_music.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_music_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_mute.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_mute_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_next.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_next_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_ok.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_ok_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_pause.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_pause_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_pictures.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_pictures_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_play.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_play_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_previous.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_previous_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_rec_tv.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_rec_tv_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_record.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_record_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_rewind.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_rewind_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_right.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_right_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_start.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_start_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_stop.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_stop_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_up.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_up_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_vol_down.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_vol_down_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_vol_up.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\remote_vol_up_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\rightcontinue.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\search-button.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\search.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\share_icon_music.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\share_icon_picture.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\share_icon_tv.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\share_icon_video.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\small-button-off.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\small-button-over.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\time_back.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\time_back_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\time_forward.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\time_forward_over.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\top-bar.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\wg-logo-mirror.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\wg-logo-silver-on-gray.gif
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\wg4-logo-silver-big.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\images\wg4-logo-silver.png
C:\Program Files\WebGuide\WebGuide4\App_Themes\SkinFile\Styles.css
C:\Program Files\WebGuide\WebGuide4\banner.jpg
C:\Program Files\WebGuide\WebGuide4\bin\about.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\about.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\about.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\addin.xml
C:\Program Files\WebGuide\WebGuide4\bin\album.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\App_Code.compiled
C:\Program Files\WebGuide\WebGuide4\bin\App_Code.dll
C:\Program Files\WebGuide\WebGuide4\bin\App_global.asax.compiled
C:\Program Files\WebGuide\WebGuide4\bin\App_global.asax.dll
C:\Program Files\WebGuide\WebGuide4\bin\App_WebReferences.compiled
C:\Program Files\WebGuide\WebGuide4\bin\App_WebReferences.dll
C:\Program Files\WebGuide\WebGuide4\bin\artist.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\asx.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\asx2.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\controls.dll
C:\Program Files\WebGuide\WebGuide4\bin\default.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\default.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\default.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\dropin_calendar.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\epg_category.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\epg_channel.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\error.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\ExtractThumb.dll
C:\Program Files\WebGuide\WebGuide4\bin\gadgetservice.asmx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\grid_program.ascx.26552ef.compiled
C:\Program Files\WebGuide\WebGuide4\bin\grid_program.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\grid_row.ascx.26552ef.compiled
C:\Program Files\WebGuide\WebGuide4\bin\grid_row.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\guide.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\guide.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\header.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\header_button.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\help.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\icon_button.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_box.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_movie.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_movie.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_movie.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_music.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_picture.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_tv.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_tv.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_tv.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_tv_edit.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_video.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_video.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\info_video.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\Interop.COMAdmin.dll
C:\Program Files\WebGuide\WebGuide4\bin\Interop.NetFwTypeLib.dll
C:\Program Files\WebGuide\WebGuide4\bin\Interop.Shell32.dll
C:\Program Files\WebGuide\WebGuide4\bin\Interop.WHSInfoIF.dll
C:\Program Files\WebGuide\WebGuide4\bin\login.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\login.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\login.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\main_button.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\masterpage.master.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\mce.dll
C:\Program Files\WebGuide\WebGuide4\bin\mce.master.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\mobile.controls.dll
C:\Program Files\WebGuide\WebGuide4\bin\mobile.dll
C:\Program Files\WebGuide\WebGuide4\bin\music.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\music.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\now_playing.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\now_playing.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\open_popup.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\pictures.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Audio-200kbps.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\default.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-1000kbps-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-1000kbps-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-1000kbps-wide.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-1000kbps.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-2000kbps-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-2000kbps-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-2000kbps-wide.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-2000kbps.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\High-200kbps-audio.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Low-100kbps-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Low-100kbps-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Low-100kbps.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Low-200kbps-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Low-200kbps-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Low-200kbps.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Low-64kbps-audio.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-128kbps-audio.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-350kbps-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-350kbps-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-350kbps.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-500kbps-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-500kbps-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-500kbps.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-650kbps-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-650kbps-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Medium-650kbps.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-High-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-High-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-High-audio.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-Low-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-Low-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-Low-audio.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-Medium-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-Medium-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Palm-Kinoma-Medium-audio.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\PocketPC-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\PocketPC-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\PocketPC-normal.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\PocketPC-wide.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Ultra-10Mbps-720p-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Ultra-8Mbps-16x9.prx
C:\Program Files\WebGuide\WebGuide4\bin\profiles\Ultra-8Mbps-4x3.prx
C:\Program Files\WebGuide\WebGuide4\bin\recommend.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\recording_list.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\recordings.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\recordings.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\recordings.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\remote.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\remote.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\RemoteConnection.dll
C:\Program Files\WebGuide\WebGuide4\bin\remoteservice.asmx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\restart.cmd
C:\Program Files\WebGuide\WebGuide4\bin\Root.dll
C:\Program Files\WebGuide\WebGuide4\bin\rss.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\search.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\settings.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\SharedIPC.dll
C:\Program Files\WebGuide\WebGuide4\bin\small_button.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\small_entry_list.ascx.cc671b29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\stream_profile.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\stream_profile.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\stream_profile.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\stream_tv.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\stream_tv2.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\StreamServer.dll
C:\Program Files\WebGuide\WebGuide4\bin\streamservice.asmx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\streamservice2.asmx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\System.Web.Extensions.dll
C:\Program Files\WebGuide\WebGuide4\bin\system_info.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\test.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\Theme.dll
C:\Program Files\WebGuide\WebGuide4\bin\Theme_SkinFile.compiled
C:\Program Files\WebGuide\WebGuide4\bin\ThumbExtract.dll
C:\Program Files\WebGuide\WebGuide4\bin\Toub.MediaCenter.Dvrms.dll
C:\Program Files\WebGuide\WebGuide4\bin\UltiDevCassiniServerConfiguration.dll
C:\Program Files\WebGuide\WebGuide4\bin\UltiDevCassiniServerConfiguration.InstallState
C:\Program Files\WebGuide\WebGuide4\bin\UPnP.dll
C:\Program Files\WebGuide\WebGuide4\bin\UPnP_WHS.dll
C:\Program Files\WebGuide\WebGuide4\bin\videos.aspx.cb5fd73c.compiled
C:\Program Files\WebGuide\WebGuide4\bin\videos.aspx.cdcab7d2.compiled
C:\Program Files\WebGuide\WebGuide4\bin\videos.aspx.da240a29.compiled
C:\Program Files\WebGuide\WebGuide4\bin\WebGuide_Configuration.exe
C:\Program Files\WebGuide\WebGuide4\bin\WebGuide_Configuration.exe.config
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideServicedComponent.dll
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideServicedComponent.tlb
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideServicedComponent.xml
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideServiceMonitor.exe
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe.config
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.InstallState
C:\Program Files\WebGuide\WebGuide4\bin\WGMCEAddin.dll
C:\Program Files\WebGuide\WebGuide4\bin\WGStream.dll
C:\Program Files\WebGuide\WebGuide4\bin\WGUPnP.dll
C:\Program Files\WebGuide\WebGuide4\bin\WGUsers.dll
C:\Program Files\WebGuide\WebGuide4\bin\WGUtility.dll
C:\Program Files\WebGuide\WebGuide4\bin\WindowsMediaLib.dll
C:\Program Files\WebGuide\WebGuide4\bin\WMPLib.dll
C:\Program Files\WebGuide\WebGuide4\bin\XmlProviders.dll
C:\Program Files\WebGuide\WebGuide4\blank.htm
C:\Program Files\WebGuide\WebGuide4\dcomperm.exe
C:\Program Files\WebGuide\WebGuide4\Default.aspx
C:\Program Files\WebGuide\WebGuide4\docwrite.js
C:\Program Files\WebGuide\WebGuide4\dropin_calendar.aspx
C:\Program Files\WebGuide\WebGuide4\epg_category.aspx
C:\Program Files\WebGuide\WebGuide4\epg_channel.aspx
C:\Program Files\WebGuide\WebGuide4\error.aspx
C:\Program Files\WebGuide\WebGuide4\favicon.ico
C:\Program Files\WebGuide\WebGuide4\GadgetService.asmx
C:\Program Files\WebGuide\WebGuide4\guide.aspx
C:\Program Files\WebGuide\WebGuide4\help.aspx
C:\Program Files\WebGuide\WebGuide4\history.htm
C:\Program Files\WebGuide\WebGuide4\identity.config
C:\Program Files\WebGuide\WebGuide4\images\blank.gif
C:\Program Files\WebGuide\WebGuide4\images\cell-background.jpg
C:\Program Files\WebGuide\WebGuide4\images\cell_over.png
C:\Program Files\WebGuide\WebGuide4\images\cell_over_opaque.png
C:\Program Files\WebGuide\WebGuide4\images\dvd.png
C:\Program Files\WebGuide\WebGuide4\images\dvd_large.png
C:\Program Files\WebGuide\WebGuide4\images\feed-icon.gif
C:\Program Files\WebGuide\WebGuide4\images\feed-icon.png
C:\Program Files\WebGuide\WebGuide4\images\feed-icon16x16.png
C:\Program Files\WebGuide\WebGuide4\images\folder.png
C:\Program Files\WebGuide\WebGuide4\images\header_grad.gif
C:\Program Files\WebGuide\WebGuide4\images\icon_calendar.png
C:\Program Files\WebGuide\WebGuide4\images\leftcontinue.gif
C:\Program Files\WebGuide\WebGuide4\images\musicNoCover-lg.png
C:\Program Files\WebGuide\WebGuide4\images\musicNoCover.png
C:\Program Files\WebGuide\WebGuide4\images\no_picture.png
C:\Program Files\WebGuide\WebGuide4\images\play.gif
C:\Program Files\WebGuide\WebGuide4\images\remote.png
C:\Program Files\WebGuide\WebGuide4\images\remote_busy.png
C:\Program Files\WebGuide\WebGuide4\images\rightcontinue.gif
C:\Program Files\WebGuide\WebGuide4\images\speedtest.jpg
C:\Program Files\WebGuide\WebGuide4\images\tv-background.jpg
C:\Program Files\WebGuide\WebGuide4\images\tv_noimage.jpg
C:\Program Files\WebGuide\WebGuide4\images\video.png
C:\Program Files\WebGuide\WebGuide4\images\wait.swf
C:\Program Files\WebGuide\WebGuide4\images\white_opaque.png
C:\Program Files\WebGuide\WebGuide4\info_movie.aspx
C:\Program Files\WebGuide\WebGuide4\info_music.aspx
C:\Program Files\WebGuide\WebGuide4\info_picture.aspx
C:\Program Files\WebGuide\WebGuide4\info_tv.aspx
C:\Program Files\WebGuide\WebGuide4\info_tv_edit.aspx
C:\Program Files\WebGuide\WebGuide4\info_video.aspx
C:\Program Files\WebGuide\WebGuide4\localization\strings-cs-CZ.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-da-dk.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-de-de.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-en-gb.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-en-us.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-es-ES.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-fr-fr.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-he-IL.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-hu-HU.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-it-it.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-nb-no.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-nl-nl.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-sv-se.xml
C:\Program Files\WebGuide\WebGuide4\localization\strings-xx.xml
C:\Program Files\WebGuide\WebGuide4\LocalStart.htm
C:\Program Files\WebGuide\WebGuide4\login.aspx
C:\Program Files\WebGuide\WebGuide4\mce\about.aspx
C:\Program Files\WebGuide\WebGuide4\mce\BasicFunctions.js
C:\Program Files\WebGuide\WebGuide4\mce\Command.InstallAndRegister.cmd
C:\Program Files\WebGuide\WebGuide4\mce\Default.aspx
C:\Program Files\WebGuide\WebGuide4\mce\Hilite.htc
C:\Program Files\WebGuide\WebGuide4\mce\Hilite.js
C:\Program Files\WebGuide\WebGuide4\mce\images\ArrowDown.gif
C:\Program Files\WebGuide\WebGuide4\mce\images\ArrowUp.gif
C:\Program Files\WebGuide\WebGuide4\mce\images\cell-background.jpg
C:\Program Files\WebGuide\WebGuide4\mce\images\cell_over.png
C:\Program Files\WebGuide\WebGuide4\mce\images\dvd.png
C:\Program Files\WebGuide\WebGuide4\mce\images\dvd_large.png
C:\Program Files\WebGuide\WebGuide4\mce\images\folder.png
C:\Program Files\WebGuide\WebGuide4\mce\images\icon_button_blank.png
C:\Program Files\WebGuide\WebGuide4\mce\images\icon_button_blank_over.png
C:\Program Files\WebGuide\WebGuide4\mce\images\main-button-off.gif
C:\Program Files\WebGuide\WebGuide4\mce\images\main-button-off.png
C:\Program Files\WebGuide\WebGuide4\mce\images\main-button-over.gif
C:\Program Files\WebGuide\WebGuide4\mce\images\main-button-over.png
C:\Program Files\WebGuide\WebGuide4\mce\images\nowplaying.png
C:\Program Files\WebGuide\WebGuide4\mce\images\page-background.jpg
C:\Program Files\WebGuide\WebGuide4\mce\images\page-background_trans.png
C:\Program Files\WebGuide\WebGuide4\mce\images\remote_pad.png
C:\Program Files\WebGuide\WebGuide4\mce\images\trackbar.gif
C:\Program Files\WebGuide\WebGuide4\mce\images\video.png
C:\Program Files\WebGuide\WebGuide4\mce\images\wait.swf
C:\Program Files\WebGuide\WebGuide4\mce\info_movie.aspx
C:\Program Files\WebGuide\WebGuide4\mce\info_tv.aspx
C:\Program Files\WebGuide\WebGuide4\mce\info_video.aspx
C:\Program Files\WebGuide\WebGuide4\mce\login.aspx
C:\Program Files\WebGuide\WebGuide4\mce\Main.css
C:\Program Files\WebGuide\WebGuide4\mce\MoveFocus.js
C:\Program Files\WebGuide\WebGuide4\mce\now_playing.aspx
C:\Program Files\WebGuide\WebGuide4\mce\recordings.aspx
C:\Program Files\WebGuide\WebGuide4\mce\Scrolling.js
C:\Program Files\WebGuide\WebGuide4\mce\stream_profile.aspx
C:\Program Files\WebGuide\WebGuide4\mce\TextBoxHilite.htc
C:\Program Files\WebGuide\WebGuide4\mce\TextFile.txt
C:\Program Files\WebGuide\WebGuide4\mce\TextInput.htc
C:\Program Files\WebGuide\WebGuide4\mce\TextInput.js
C:\Program Files\WebGuide\WebGuide4\mce\videos.aspx
C:\Program Files\WebGuide\WebGuide4\mce\WebGuide.mcl
C:\Program Files\WebGuide\WebGuide4\mce\WebGuide.xml
C:\Program Files\WebGuide\WebGuide4\mobile\about.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\album.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\artist.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\asx.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\asx2.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\Default.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\guide.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\images\leftblock.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\leftcontinue.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\recordseries.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\recordseries_skip.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\recordsingle.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\recordsingle_skip.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_back.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_chan_down.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_chan_up.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_down.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_dvd.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_forward.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_guide.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_info.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_left.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_livetv.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_music.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_mute.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_next.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_ok.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_pause.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_pictures.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_play.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_previous.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_rec_tv.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_record.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_rewind.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_right.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_start.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_stop.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_up.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_vol_down.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\remote_vol_up.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\rightcontinue.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\warning_series.gif
C:\Program Files\WebGuide\WebGuide4\mobile\images\warning_single.gif
C:\Program Files\WebGuide\WebGuide4\mobile\info_movie.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\info_tv.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\info_video.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\login.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\music.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\now_playing.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\recordings.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\remote.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\stream_profile.aspx
C:\Program Files\WebGuide\WebGuide4\mobile\Styles.css
C:\Program Files\WebGuide\WebGuide4\mobile\videos.aspx
C:\Program Files\WebGuide\WebGuide4\music.aspx
C:\Program Files\WebGuide\WebGuide4\open_popup.aspx
C:\Program Files\WebGuide\WebGuide4\pictures.aspx
C:\Program Files\WebGuide\WebGuide4\PrecompiledApp.config
C:\Program Files\WebGuide\WebGuide4\prism_icon_large.png
C:\Program Files\WebGuide\WebGuide4\prism_icon_small.png
C:\Program Files\WebGuide\WebGuide4\recommend.aspx
C:\Program Files\WebGuide\WebGuide4\recordings.aspx
C:\Program Files\WebGuide\WebGuide4\remote.aspx
C:\Program Files\WebGuide\WebGuide4\RemoteService.asmx
C:\Program Files\WebGuide\WebGuide4\rss.aspx
C:\Program Files\WebGuide\WebGuide4\script.js
C:\Program Files\WebGuide\WebGuide4\search.aspx
C:\Program Files\WebGuide\WebGuide4\settings.aspx
C:\Program Files\WebGuide\WebGuide4\stream_profile.aspx
C:\Program Files\WebGuide\WebGuide4\stream_script.js
C:\Program Files\WebGuide\WebGuide4\stream_tv.aspx
C:\Program Files\WebGuide\WebGuide4\stream_tv2.aspx
C:\Program Files\WebGuide\WebGuide4\StreamService.asmx
C:\Program Files\WebGuide\WebGuide4\StreamService2.asmx
C:\Program Files\WebGuide\WebGuide4\Styles.css
C:\Program Files\WebGuide\WebGuide4\system_info.aspx
C:\Program Files\WebGuide\WebGuide4\test.aspx
C:\Program Files\WebGuide\WebGuide4\videos.aspx
C:\Program Files\WebGuide\WebGuide4\wait.js
C:\Program Files\WebGuide\WebGuide4\web.config
C:\Program Files\WebGuide\WebGuide4\WebGuideMCEInstaller.exe
C:\Program Files\WebGuide\WebGuide4\WebGuideMCEInstaller.zip
C:\Program Files\WebGuide\WebGuide4\zoom.html
C:\Program Files\WebGuide\WebGuide4\zoom.swf
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\FgiQWvut.ini
C:\WINDOWS\system32\FgiQWvut.ini2
C:\WINDOWS\system32\gugnpphr.ini
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\media
C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\wfblskaa.ini

.
((((((((((((((((((((((((( Files Created from 2008-06-08 to 2008-07-08 )))))))))))))))))))))))))))))))
.

2008-07-06 22:03 . 2008-07-06 22:05 <DIR> d-------- C:\Program Files\Microsoft AutoRoute
2008-07-05 10:01 . 2008-07-05 10:01 <DIR> d-------- C:\DVRMSToolbox1107
2008-07-04 20:28 . 2008-07-04 21:25 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-07-04 20:28 . 2008-07-04 20:28 <DIR> d-------- C:\Documents and Settings\Hannah Robinson\Application Data\PC Tools
2008-07-04 20:28 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-07-04 20:28 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-07-04 20:28 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-07-04 20:28 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-07-04 19:49 . 2008-07-04 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-07-04 17:19 . 2008-07-04 17:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-24 20:30 . 2008-06-24 20:30 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-16 19:53 . 2008-06-16 19:56 <DIR> d-------- C:\Documents and Settings\Hannah Robinson\Application Data\U3
2008-06-15 18:55 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-15 18:55 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 07:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-07 22:40 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-06 21:00 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-06 20:59 --------- d-----w C:\Program Files\Toshiba Games
2008-07-06 20:58 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-07-06 20:46 --------- d-----w C:\Documents and Settings\Hannah Robinson\Application Data\uTorrent
2008-07-05 09:03 --------- d-----w C:\Program Files\DVRMSToolbox
2008-06-27 18:58 --------- d-----w C:\Program Files\eMule
2008-06-06 07:01 --------- d-----w C:\Program Files\MagicDisc
2008-06-02 19:56 --------- d-----w C:\Program Files\iTunes
2008-06-02 19:56 --------- d-----w C:\Program Files\iPod
2008-06-02 19:54 --------- d-----w C:\Program Files\QuickTime
2008-06-02 19:54 --------- d-----w C:\Program Files\Bonjour
2008-05-28 18:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-27 11:11 96,896 ----a-w C:\WINDOWS\system32\drivers\mcdbus.sys
2008-05-26 21:37 --------- d-----w C:\Program Files\TomTom HOME
2008-05-26 21:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-02-26 22:34 16,496 --sha-w C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Windows NT\DiskQuota\NTDiskQuotaSidCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 09:32 65536]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 00:13 1207080]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 15:52 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12 139264]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 09:42 202088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 06:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 06:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 06:55 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 22:56 64512]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 23:02 352256]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 09:34 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 09:32 761945]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 21:25 73728]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 01:13 122880]
"dla"="C:\WINDOWS\system32\dla\DLACTRLW.exe" [2005-10-06 14:20 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 02:37 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 20:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 19:41 602182]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-10-15 12:28 454144]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 11:23 1032640]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 12:29 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TDispVol"="TDispVol.exe" [2005-03-12 00:03 73728 C:\WINDOWS\system32\TDispVol.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-06-01 06:00 282624 C:\WINDOWS\system32\TPSMain.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-05 06:59 16206848 C:\WINDOWS\RTHDCPL.exe]

C:\Documents and Settings\Hannah Robinson\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-15 09:35:06 113664]
MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe [2008-06-06 08:00:41 547840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-15 09:35:06 113664]
Metamail Trust Manager.lnk - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe [2006-06-06 04:37:44 329472]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-15 17:31:42 155648]
TMMonitor.lnk - C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe [2008-02-18 20:44:49 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\bittorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"4662:TCP"= 4662:TCP:emule tcp
"4672:TCP"= 4672:TCP:emule udp
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"2404:TCP"= 2404:TCP:WebGuide
"2405:TCP"= 2405:TCP:WebGuide

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
S3 AF15BDA;AF9015 BDA Filter;C:\WINDOWS\system32\Drivers\AF15BDA.sys [2006-09-28 12:47]
S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys [2001-08-17 14:12]
S3 BrSerWDM;Brother WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys [2003-03-13 16:04]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\WINDOWS\system32\Drivers\BrUsbMdm.sys [2001-08-17 14:12]
S3 BrUsbScn;Brother MFC USB Scanner driver;C:\WINDOWS\system32\Drivers\BrUsbScn.sys [2001-08-17 14:12]
S3 CM1063264;C-Media CM106 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\CM106.sys [2007-02-02 07:29]
S3 serusb;Motorola USB Comm Port;C:\WINDOWS\system32\DRIVERS\usbser.sys [2004-08-04 00:08]
S3 UltiDev Cassini Web Server for ASP.NET 2.0;UltiDev Cassini Web Server for ASP.NET 2.0;C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe [2007-02-08 01:06]
S3 WebGuideTranscode;WebGuideTranscode;C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8fc3a1b6-f658-11dc-9f05-001302bd5c8c}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-01 07:07:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-04 18:49:40 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-GoldenFTPserver - C:\Program Files\Golden FTP Server\gftp.exe
HKLM-Run-PadTouch - C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
HKLM-Run-TFncKy - TFncKy.exe
HKLM-Run-CM106Sound - CM106.cpl
ShellExecuteHooks-{9A50B2AF-3B2B-47DD-AECD-5D80A886F504} - (no file)
Notify-rqRJDwxY - rqRJDwxY.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 08:48:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-08 8:57:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-08 07:56:53

Pre-Run: 26,035,077,120 bytes free
Post-Run: 26,985,152,512 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

738 --- E O F --- 2008-07-01 23:40:06

3. The HJT report produced this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:02:38, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\AvidSDMService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Kontiki\KHost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {2A493D5F-8914-4D3E-8BF3-767F281862F4} (TraderMediaImgX Control) - http://sell.autotrader.co.uk/uk-ola/common/TraderMediaX.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{22F785C3-D9CB-4B14-A683-BECA06169DED}: NameServer = 192.168.99.1,192.168.99.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B1343CE-89F9-4DF1-A80A-CFDB33090615}: NameServer = 192.168.99.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{22F785C3-D9CB-4B14-A683-BECA06169DED}: NameServer = 192.168.99.1,192.168.99.10
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Avid SDM Service (AvidSDMService) - Avid Technology, Inc. - C:\WINDOWS\system32\AvidSDMService.exe
O23 - Service: Avid Startup (AvidStartup) - Unknown owner - C:\WINDOWS\system32\AvidStartup.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: WebGuideTranscode - Unknown owner - C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe (file missing)

--
End of file - 13044 bytes

Whats the prognosis? Very grateful for your help, EHR
 
Thanks for returning your information, you asked:
Whats the prognosis?
Click to expand...
From what I can see, it is very good, I would like to hear from you. How is the computer running.

Avast4 <<< update your resident AV and make sure it is working right also.

I can not see any malware in the HJT log, let's have MBAM take a look.

Download Malwarebytes' Anti-Malware to your Desktop
http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file in your next reply.

Thanks
 
Hi Pskelly, the laptop seems to be running okay, no pop ups interrupting explorer. I haven't tried out all the programs, I'm guessing MediaCentre will have problems because so much of webguide was taken out. Can you tell why that was?
Malwarebytes threw up a couple of infections which it does not consider serious. See log below.
It seems a good program, should I be using it instead of Spybot S&D?
Many thanks again,
EHR

Malwarebytes' Anti-Malware 1.20
Database version: 933
Windows 5.1.2600 Service Pack 2

10:46:36 09/07/2008
mbam-log-7-9-2008 (10-46-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161613
Time elapsed: 42 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Hannah Robinson\My Documents\Installs\WinRar install\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\CyberLink\PowerDVD\Patch.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
 
I'm guessing MediaCentre will have problems because so much of webguide was taken out.
Click to expand...
No I can not, but if that is a valid program, we can restore it from C:\combofix\quarantine\
and I can link sUBs, the creator of combofix to this topic and have him fix the issues within combofix. Let me know if you would like to proceed with this.

Thanks
 
Thanks, but that's cool - you've done enough for me. Media Centre seems fine and if there's anything weird I'll just reinstall.

Much gratitude - you made this a very easy and stress free process.
Best, EHR
 
Thanks for your comments, you asked me this:
It seems a good program, should I be using it instead of Spybot S&D?
Click to expand...
Both are good on demand scanners, Spybot S&D has been around many years and the data bases probably cover more area that MBAM that is specifically aimed at the rouge junk (fraud) hackers are using now. Unless you have a space problem on your drive, I would keep them both, they do not run unless you call them to and use no resources. Spybot is also free and will stay that way, MBAM is free now and I hope it stays that way.

I discussed this with sUBs, he also has no media player, and he made changes, so the items are no longer removed, rather combofix now looks in the folder for malware. If you want any of those files prior to removing combofix, you would have to do it now. You could create a folder and move any you want to save to that folder, if not then these instructions will remove combofix from your computer:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

CF_Cleanup.png


If all is running as it should be, I will leave you with this information and my wish for safe surfing:bigthumb:

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...Phil
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
 
Status
Not open for further replies.
Back
Top