Smitfraud-C.Toolbar888 and other related problems

Unfortunately, now Panda seems to be unable to get past the preliminary stage of scanning....it says 'Scanning Processes in Memory' then just sits there for about half an hour. Before it went through the whole thing fairly quickly, so I don't really know what happened with it.
 
Hi

Do this instead of panda:

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download MWav:
  • Unzip it to its predetermined directory (C:\Kaspersky)
  • Locate kavupd.exe in the new folder and double-click to Update.
  • If your firewall gives any messages about this program accessing to internet, allow it.
  • If it says the signatures are more than 30 days old, keep trying, until you get the actual definition updates.
  • When you see Updates Downloaded Successfully, hit Enter to continue.
  • Restart onto Safe Mode and locate the Kaspersky folder.
  • Locate mwavscan.com and double-click on it to launch the MWAV Scanner.
Now lets do the settings:
  • Leave the Default Settings checked.
  • Add a check to Drives
  • This will light up All Drives
  • Add a check to Scan all Files
  • Click Scan Clean to begin.
This scan might take around 3+ hours to finish when set to scan everything.
  • Please be sure it has finished before proceeding.
  • Once the Scan has finished, all entries identified as Infected, will be displayed in the lower panel.
  • Highlight everything that is inside the lower panel and hit Ctrl+C at the same time to copy.
  • Open an empty notepad file and paste the results (Ctrl+V) to it. Save the notepad to your desktop, name it as you want (e.g; MWav Results).
Reboot into normal Windows and post the results here along with a fresh HijackThis log.
 
Hi, here are the results of the scans you mentioned in the last post.

File C:\Documents and Settings\Graham\Favorites\Hell Teacher Nube - Wikipedia, the free encyclopedia.url infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Graham\Local Settings\Temporary Internet Files\Content.IE5\RO950OKL\136[1].net tagged as not-a-virus:AdWare.Win32.Softomate.u. No Action Taken.
File C:\Program Files\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Program Files\SmitfraudFix TOOL1.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe tagged as not-a-virus:Dialer.Win32.BT.g. No Action Taken.



And the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 13:24:17, on 21/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\AOL\1148742530\ee\AOLHostManager.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AOL\1148742530\ee\AOLServiceHost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
c:\program files\common files\aol\1148742530\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\analyse\analyse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148742530\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2998D2-3CE3-451D-AE12-8BA124D29021}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2998D2-3CE3-451D-AE12-8BA124D29021}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks
 
Hi

Empty Internet Explorer temporary internet files

Otherwise looking good

Still problems?
 
Hi, I still seem to be getting random Internet Explorer popups leading to cell phone ringtone ads and occasionally when I search for something in Yahoo or other search engine setups a smaller window pops up with CasaleMedia at the top saying 'no results found for _____'

There were shortcuts appearing on the desktop when I used MSN Messenger or sometimes just when I opened an Internet Explorer window, but these seem to have stopped. I would send them to the Recycle Bin and delete them, but they'd always appear again the next time. Also, Spybot hasn't found anything at all the last few times I've run a check.

Thanks a lot for all your help so far, all I can say is I'm really glad places like this forum exist ^_^
 
Hi

Download F-Secure Blacklight and save it to your desktop -> https://europe.f-secure.com/blacklight/try.shtml

Doubleclick fsbl.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (xxxx= random numbers,blacklight log from your desktop)
 
Here is the result of the scan, doesn't seem to have found anything (I didn't rename the file or anything)

04/21/07 14:23:48 [Info]: BlackLight Engine 1.0.61 initialized
04/21/07 14:23:48 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/21/07 14:23:48 [Note]: 7019 4
04/21/07 14:23:48 [Note]: 7005 0
04/21/07 14:23:51 [Note]: 7006 0
04/21/07 14:23:51 [Note]: 7011 1672
04/21/07 14:23:51 [Note]: 7026 0
04/21/07 14:23:51 [Note]: 7026 0
04/21/07 14:23:54 [Note]: FSRAW library version 1.7.1021
04/21/07 14:30:18 [Note]: 2000 1012
04/21/07 15:56:19 [Note]: 7007 0
 
Hi

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in.
 
Hi, I downloaded the WinPFind3U program but unfortunately it freezes up within a few seconds, do you think I should try it in safe mode?
 
WinPFind3 logfile created on: 22/04/2007 19:11:31
WinPFind3U by OldTimer - Version 1.0.34 Folder = C:\Documents and Settings\Graham\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

502.42 Mb Total Physical Memory | 376.48 Mb Available Physical Memory | 74.93% Memory free
1.20 Gb Paging File | 1.14 Gb Available in Paging File | 95.36% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 12.62 Gb Free Space | 33.87% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: GRAHAMLAPTOP
Current User Name: Graham
Logged in as Administrator.
Cannot determine boot mode.


[Processes - Non-Microsoft Only]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.34.0 | Size = 318976 bytes | Modified Date = 10/04/2007 22:00:18 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(AntiVirScheduler) AntiVir PersonalEdition Classic Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\AntiVir PersonalEdition Classic\sched.exe -> Avira GmbH [Ver = 7.00.00.34 | Size = 45608 bytes | Modified Date = 13/11/2006 14:31:52 | Attr = ]
(AntiVirService) AntiVir PersonalEdition Classic Guard [Win32_Own | Auto | Stopped] -> %ProgramFiles%\AntiVir PersonalEdition Classic\avguard.exe -> AVIRA GmbH [Ver = 7.00.00.44 | Size = 190504 bytes | Modified Date = 24/11/2006 13:11:08 | Attr = ]
(AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.6.6.3.UK.53 | Size = 1140312 bytes | Modified Date = 10/11/2004 00:22:18 | Attr = ]
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Toshiba\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 6, 0, 0, 1 | Size = 40960 bytes | Modified Date = 18/01/2005 00:38:38 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 13:00:00 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 451136 bytes | Modified Date = 25/09/2006 14:54:22 | Attr = ]
(LexBceS) LexBce Server [Win32_Own | Auto | Stopped] -> %System32%\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.29 | Size = 303104 bytes | Modified Date = 18/08/2003 15:37:10 | Attr = ]
(WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 25/04/2003 05:35:06 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
%FP%Friendly fts.exe -> %ProgramFiles%\VoyagerTest\fts.exe -> Friendly Technologies [Ver = 1, 0, 2, 2 | Size = 72192 bytes | Modified Date = 06/05/2003 09:28:34 | Attr = ]
AGRSMMSG -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.49 2.1.49 12/20/2004 15:10:02 | Size = 88358 bytes | Modified Date = 22/12/2004 09:10:04 | Attr = ]
AOLDialer -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe -> America Online, Inc [Ver = 2.6.6.3.UK.53 | Size = 497240 bytes | Modified Date = 10/11/2004 00:22:18 | Attr = ]
Apoint -> %ProgramFiles%\Apoint2K\Apoint.exe -> Alps Electric Co., Ltd. [Ver = 6.0.2.186 | Size = 196608 bytes | Modified Date = 24/03/2004 06:40:42 | Attr = ]
avgnt -> %ProgramFiles%\AntiVir PersonalEdition Classic\avgnt.exe -> Avira GmbH [Ver = 7.00.01.06 | Size = 299048 bytes | Modified Date = 31/10/2006 17:07:42 | Attr = ]
CeEKEY -> %ProgramFiles%\Toshiba\E-KEY\CeEKey.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 31 | Size = 671744 bytes | Modified Date = 06/09/2005 14:04:52 | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122941 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
DSLAGENTEXE -> %System32%\dslagent.exe -> [Ver = | Size = 16384 bytes | Modified Date = 25/04/2003 10:22:10 | Attr = ]
GSICONEXE -> %System32%\gsicon.exe -> GlobespanVirata, Inc. [Ver = 3.1.3 | Size = 90112 bytes | Modified Date = 14/05/2003 20:26:22 | Attr = ]
HostManager -> %CommonProgramFiles%\AOL\1148742530\ee\AOLHostManager.exe -> America Online, Inc. [Ver = 1.3.6.0 | Size = 159832 bytes | Modified Date = 29/07/2005 17:53:50 | Attr = ]
HWSetup -> %ProgramFiles%\Toshiba\TOSHIBA Applet\HWSetup.exe -> TOSHIBA CO.,LTD. [Ver = 1, 0, 0, 18 | Size = 28672 bytes | Modified Date = 01/05/2004 13:45:30 | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 19/07/2005 19:06:12 | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 19/07/2005 19:10:06 | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4363 | Size = 94208 bytes | Modified Date = 19/07/2005 19:09:26 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.1.8 | Size = 229952 bytes | Modified Date = 25/09/2006 14:54:24 | Attr = ]
Lexmark X1100 Series -> %ProgramFiles%\Lexmark X1100 Series\lxbkbmgr.exe -> Lexmark International, Inc. [Ver = 0.1.1.1 | Size = 57344 bytes | Modified Date = 19/08/2003 15:43:48 | Attr = ]
LogitechImageStudioTray -> %ProgramFiles%\Logitech\ImageStudio\LogiTray.exe -> Logitech Inc. [Ver = 7.3.0.1113 | Size = 61440 bytes | Modified Date = 10/12/2002 18:31:34 | Attr = ]
LVCOMS -> %CommonProgramFiles%\Logitech\QCDriver3\LVComS.exe -> Logitech Inc. [Ver = 7.3.0.1113 | Size = 127022 bytes | Modified Date = 10/12/2002 17:54:04 | Attr = ]
PadTouch -> %ProgramFiles%\Toshiba\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 9, 0 | Size = 1077329 bytes | Modified Date = 30/08/2005 11:53:06 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 24/09/2006 03:24:54 | Attr = ]
RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 26/05/2006 14:43:32 | Attr = ]
SmoothView -> %ProgramFiles%\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 23 | Size = 118784 bytes | Modified Date = 12/05/2005 10:31:38 | Attr = ]
SVPWUTIL -> %ProgramFiles%\Toshiba\Windows Utilities\SVPWUTIL.exe -> TOSHIBA [Ver = 1, 0, 0, 15 | Size = 65536 bytes | Modified Date = 01/05/2004 13:45:40 | Attr = ]
TCtryIOHook -> %System32%\TCtrlIOHook.exe -> TOSHIBA [Ver = 1, 0, 0, 4 | Size = 28672 bytes | Modified Date = 22/08/2005 16:49:28 | Attr = ]
TPNF -> %ProgramFiles%\Toshiba\TouchPad\TPTray.exe -> COMPAL ELECTRONIC INC. [Ver = 1, 0, 0, 7 | Size = 53248 bytes | Modified Date = 25/08/2005 19:11:58 | Attr = ]
TPSMain -> %System32%\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 15, 0 | Size = 266240 bytes | Modified Date = 11/08/2005 14:33:46 | Attr = ]
Tvs -> %ProgramFiles%\Toshiba\Tvs\TvsTray.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 4 | Size = 73728 bytes | Modified Date = 05/04/2005 16:25:34 | Attr = ]
Zooming -> %System32%\ZoomingHook.exe -> TOSHIBA [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 06/06/2005 09:58:44 | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
services -> -> File not found
TOSCDSPD -> %ProgramFiles%\Toshiba\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 6, 0 | Size = 65536 bytes | Modified Date = 11/04/2005 11:26:06 | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 04:44:06 | Attr = ]
%AllUsersStartup%\AOL 8.0 Tray Icon.lnk -> %ProgramFiles%\AOL 8.0\aoltray.exe -> [Ver = | Size = 36937 bytes | Modified Date = 25/04/2003 05:32:46 | Attr = H ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4363 | Size = 135168 bytes | Modified Date = 19/07/2005 19:05:16 | Attr = ]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts
127.0.0.1 localhost -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Local Page -> C:\windows\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Local Page -> C:\windows\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch ->
HKCU: Start Page -> http://www.yahoo.com/ ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 07/06/2006 11:09:22 | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 01:56:50 | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118844 bytes | Modified Date = 31/05/2005 05:33:00 | Attr = ]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2120768 bytes | Modified Date = 17/10/2006 16:04:26 | Attr = R ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2120768 bytes | Modified Date = 17/10/2006 16:04:26 | Attr = R ]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 385024 bytes | Modified Date = 22/03/2004 15:58:04 | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 07/06/2006 11:09:22 | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\googletoolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1020, 3054 | Size = 2120768 bytes | Modified Date = 17/10/2006 16:04:26 | Attr = R ]
WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKLM] -> %ProgramFiles%\AOL Toolbar\toolbar.dll [AOL Toolbar] -> IE Toolbar [Ver = 1, 0, 0, 4 | Size = 385024 bytes | Modified Date = 22/03/2004 15:58:04 | Attr = ]
WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 07/06/2006 11:09:22 | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_03\bin\npjpi150_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 69746 bytes | Modified Date = 13/04/2005 04:06:32 | Attr = ]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} -> Reg Data - Value does not exist [ButtonText: AOL Toolbar] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll\SEARCH.HTM -> File not found
E&xport to Microsoft Excel -> -> File not found
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{401A11B9-0C2A-4FE2-A414-D89E501BCE9D} -> (GlobeSpan USB ADSL LAN Modem) ->
{626BF14B-F55E-4E8E-B365-A873E2FF964D} -> () ->
{6EF7F487-9044-4879-977C-96B34A0907AB} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{B86A0ACF-8EB5-4313-B7D3-E575F2EEA343} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
{D4A6FC3B-CBC1-4799-8DC9-A41BA5D536A8} -> (1394 Net Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab ->


[Files/Folders - Created Within 30 days]
23990098.$$$ -> %SystemDrive%\23990098.$$$ -> [Ver = | Size = 0 bytes | Created Date = 21/04/2007 12:03:52 | Attr = ]
Bases -> %SystemDrive%\Bases -> [Folder | Created Date = 21/04/2007 10:11:01 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 20/04/2007 19:00:11 | Attr = HS]
Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 21/04/2007 10:11:01 | Attr = ]
Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Created Date = 21/04/2007 10:12:56 | Attr = ]
MWav -> %SystemDrive%\MWav -> [Folder | Created Date = 21/04/2007 10:07:28 | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 18/04/2007 10:17:58 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 08/04/2007 19:08:02 | Attr = ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Created Date = 06/04/2007 12:08:24 | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Created Date = 13/04/2007 15:45:04 | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Created Date = 13/04/2007 15:45:12 | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Created Date = 13/04/2007 15:45:24 | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Created Date = 13/04/2007 15:44:50 | Attr = H ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 13/04/2007 15:44:56 | Attr = ]
tci.exe -> %SystemRoot%\tci.exe -> [Ver = | Size = 129082 bytes | Created Date = 06/04/2007 10:51:45 | Attr = ]
tci0.exe -> %SystemRoot%\tci0.exe -> [Ver = | Size = 184209 bytes | Created Date = 14/04/2007 22:03:51 | Attr = ]
updater.exe -> %SystemRoot%\updater.exe -> [Ver = 1, 0, 0, 1 | Size = 55808 bytes | Created Date = 16/04/2007 19:56:20 | Attr = R ]
w0.exe -> %SystemRoot%\w0.exe -> [Ver = | Size = 111067 bytes | Created Date = 16/04/2007 10:25:09 | Attr = ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 17/04/2007 22:32:08 | Attr = ]
asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 17/04/2007 22:32:37 | Attr = ]
dumphive.exe -> %System32%\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 17/04/2007 19:57:48 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 17/04/2007 22:32:11 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 17/04/2007 22:32:10 | Attr = ]
Process.exe -> %System32%\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 17/04/2007 19:57:47 | Attr = ]
 
SrchSTS.exe -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 17/04/2007 19:57:48 | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 17/04/2007 19:57:47 | Attr = ]
swsc.exe -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 17/04/2007 19:57:47 | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 17/04/2007 19:57:48 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5080 bytes | Created Date = 08/04/2007 18:55:45 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 17/04/2007 22:32:11 | Attr = ]
yzxhnbtbq -> %System32%\yzxhnbtbq -> [Folder | Created Date = 05/04/2007 00:13:40 | Attr = HS]
ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 17/04/2007 22:32:37 | Attr = ]
avgntdd.sys -> %System32%\drivers\avgntdd.sys -> AVIRA GmbH [Ver = 6.37.00.02 | Size = 34304 bytes | Created Date = 20/04/2007 19:03:30 | Attr = ]
avgntmgr.sys -> %System32%\drivers\avgntmgr.sys -> AVIRA GmbH [Ver = 6.37.01.01 | Size = 14848 bytes | Created Date = 20/04/2007 19:03:30 | Attr = ]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 161849 bytes | Created Date = 17/04/2007 12:22:50 | Attr = ]
core.sys -> %System32%\drivers\core.sys -> [Ver = | Size = 72320 bytes | Created Date = 17/04/2007 12:22:50 | Attr = ]

[Files/Folders - Modified Within 30 days]
23990098.$$$ -> %SystemDrive%\23990098.$$$ -> [Ver = | Size = 0 bytes | Modified Date = 21/04/2007 13:03:54 | Attr = ]
Bases -> %SystemDrive%\Bases -> [Folder | Modified Date = 21/04/2007 11:15:40 | Attr = ]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 20/04/2007 20:02:06 | Attr = HS]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 21/04/2007 11:15:34 | Attr = ]
Kaspersky -> %SystemDrive%\Kaspersky -> [Folder | Modified Date = 21/04/2007 11:23:44 | Attr = ]
MWav -> %SystemDrive%\MWav -> [Folder | Modified Date = 21/04/2007 11:10:26 | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 20/04/2007 20:03:24 | Attr = R ]
RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 08/04/2007 18:25:58 | Attr = HS]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 18/04/2007 22:20:12 | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 17/04/2007 13:23:02 | Attr = ]
VALUEADD -> %SystemDrive%\VALUEADD -> [Folder | Modified Date = 06/04/2007 12:25:00 | Attr = ]
VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 08/04/2007 20:08:04 | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 22/04/2007 17:46:24 | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/04/2007 11:48:12 | Attr = H ]
$NtUninstallKB925902$ -> %SystemRoot%\$NtUninstallKB925902$ -> [Folder | Modified Date = 06/04/2007 13:08:26 | Attr = H ]
$NtUninstallKB930178$ -> %SystemRoot%\$NtUninstallKB930178$ -> [Folder | Modified Date = 13/04/2007 16:45:06 | Attr = H ]
$NtUninstallKB931261$ -> %SystemRoot%\$NtUninstallKB931261$ -> [Folder | Modified Date = 13/04/2007 16:45:14 | Attr = H ]
$NtUninstallKB931784$ -> %SystemRoot%\$NtUninstallKB931784$ -> [Folder | Modified Date = 13/04/2007 16:45:28 | Attr = H ]
$NtUninstallKB932168$ -> %SystemRoot%\$NtUninstallKB932168$ -> [Folder | Modified Date = 13/04/2007 16:44:52 | Attr = H ]
AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 22/04/2007 14:09:08 | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 22/04/2007 19:08:24 | Attr = S]
Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 08/04/2007 19:54:40 | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 22/04/2007 14:07:16 | Attr = S]
Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 25/03/2007 01:09:38 | Attr = R S]
ime -> %SystemRoot%\ime -> [Folder | Modified Date = 22/04/2007 14:07:28 | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 13/04/2007 16:45:18 | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 17/04/2007 23:32:44 | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 20/04/2007 20:00:14 | Attr = HS]
lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 338 bytes | Modified Date = 19/04/2007 11:36:48 | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 08/04/2007 19:54:38 | Attr = ]
msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 13/04/2007 17:23:26 | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 22/04/2007 14:34:04 | Attr = ]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 20/04/2007 21:32:46 | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 22/04/2007 17:46:24 | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 08/04/2007 20:17:22 | Attr = S]
tci.exe -> %SystemRoot%\tci.exe -> [Ver = | Size = 129082 bytes | Modified Date = 12/04/2007 16:49:44 | Attr = ]
tci0.exe -> %SystemRoot%\tci0.exe -> [Ver = | Size = 184209 bytes | Modified Date = 15/04/2007 00:57:30 | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 22/04/2007 13:48:00 | Attr = ]
updater.exe -> %SystemRoot%\updater.exe -> [Ver = 1, 0, 0, 1 | Size = 55808 bytes | Modified Date = 16/04/2007 20:56:20 | Attr = R ]
w0.exe -> %SystemRoot%\w0.exe -> [Ver = | Size = 111067 bytes | Modified Date = 18/04/2007 16:48:02 | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 725 bytes | Modified Date = 22/04/2007 17:39:28 | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 22/04/2007 19:07:12 | Attr = H ]
ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 22/04/2007 14:07:16 | Attr = ]
CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 06/04/2007 13:08:24 | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 18/04/2007 00:17:20 | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 20/04/2007 21:33:18 | Attr = ]
dla -> %System32%\dla -> [Folder | Modified Date = 22/04/2007 14:08:10 | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 13/04/2007 17:23:26 | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 20/04/2007 21:33:50 | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 223224 bytes | Modified Date = 06/04/2007 13:27:02 | Attr = ]
Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 22/04/2007 14:06:20 | Attr = ]
pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 22/04/2007 14:06:20 | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 53166 bytes | Modified Date = 25/03/2007 14:44:48 | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 380918 bytes | Modified Date = 25/03/2007 14:44:48 | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 439376 bytes | Modified Date = 25/03/2007 14:44:48 | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 05/04/2007 01:17:52 | Attr = ]
tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5080 bytes | Modified Date = 17/04/2007 20:58:54 | Attr = ]
Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 22/04/2007 14:06:20 | Attr = ]
wbem -> %System32%\wbem -> [Folder | Modified Date = 22/04/2007 14:08:50 | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 17/04/2007 23:10:00 | Attr = ]
yzxhnbtbq -> %System32%\yzxhnbtbq -> [Folder | Modified Date = 20/04/2007 20:11:00 | Attr = HS]
core.cache.dsk -> %System32%\drivers\core.cache.dsk -> [Ver = | Size = 161849 bytes | Modified Date = 17/04/2007 13:22:52 | Attr = ]
core.sys -> %System32%\drivers\core.sys -> [Ver = | Size = 72320 bytes | Modified Date = 17/04/2007 13:22:52 | Attr = ]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 20/04/2007 20:10:44 | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , -> %SystemRoot%\updater.exe -> [Ver = 1, 0, 0, 1 | Size = 55808 bytes | Modified Date = 16/04/2007 20:56:20 | Attr = R ]
WSUD , -> %System32%\alsndmgr.cpl -> Realtek Semiconductor Corp. [Ver = 2.2.0.45 | Size = 18751488 bytes | Modified Date = 21/06/2005 18:09:06 | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 04/08/2004 13:00:00 | Attr = ]
WSUD , -> %System32%\oembios.bin -> [Ver = | Size = 13107200 bytes | Modified Date = 02/09/2001 10:29:22 | Attr = ]
UPX! , UPX0 , -> %System32%\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 27/04/2006 17:49:30 | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 29/08/2006 19:43:54 | Attr = ]
UPX! , UPX0 , -> %System32%\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 09/01/2006 10:36:06 | Attr = ]
UPX! , UPX0 , -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 01/12/2006 06:20:34 | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 04/08/2004 13:00:00 | Attr = ]

< End of report >
 
Hi

Upload these files to VirusTotal and post back results here, please :)

C:\Windows\System32\drivers\core.cache.dsk
C:\Windows\System32\drivers\core.sys
C:\Windows\updater.exe
C:\Windows\w0.exe
C:\Windows\tci.exe
C:\Windows\tci0.exe
 
Hi

I don't mean email attachments here.

In VirusTotal go to Browse..., find corresponding file and click Send (do this one file at a time)

Then just wait for results and cop/paste them to here, please :)
 
Ah I see, it's just when I tried to select the file a message came up saying it'd be queued at number four hundred and something and that I could do it by e-mail. I'll just do it the first way then, thanks for clearing that up :)
 
Hi, unfortunately I've tried sending the first file on the list about 6 times since last night, each time waiting at least an hour for something to happen, but it just sits there saying '0 bytes received'. I'm doing exactly what the website's instructions say, but it doesn't seem to want to work.
 
Hi

Ok, then we do this:

Delete these files (they are bad, I just checked):

C:\Windows\System32\drivers\core.cache.dsk
C:\Windows\System32\drivers\core.sys

Rename these and move them to another folder:

C:\Windows\updater.exe
C:\Windows\w0.exe
C:\Windows\tci.exe
C:\Windows\tci0.exe

Still problems?
 
You must log in or register to reply here.
Back
Top