PDA

View Full Version : Crapware



Blam
02-02-2009, 09:08 PM
Recently got a reimage of the pc and need to make sure no toshiba crapware is running:p

Thanks speedy(Or whoever).

BTW I'm on a domain.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:10 p.m., on 2/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PMM\WsUIMgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\12189\AppData\Local\Google\Update\GoogleU pdate.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WerFault.exe
D:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintkentigern.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://skcproxy/proxy1.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WsUiMgr] C:\Program Files\PMM\WsUIMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\12189\AppData\Local\Google\Update\GoogleU pdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu
O20 - AppInit_DLLs: nvaux32
O20 - Winlogon Notify: crypt - C:\Windows\SYSTEM32\crypts.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\PMM\WDC.exe

--
End of file - 7028 bytes

Speedy Gonzales
02-02-2009, 09:28 PM
Well most of that is Toshiba

Whats this extension to this?? exe or dll?? If its dll its dangerous

O20 - AppInit_DLLs: nvaux32

Looks like nvaux32.dll belongs to a trojan / backdoor

You can tick these then tick fix checked

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Users\12189\AppData\Local\Google\Update\Google Update.exe" /c

Close browsers

Uninstall all versions of java then update it

Blam
02-02-2009, 09:56 PM
Ok cheers, think its all done:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:54:20 p.m., on 2/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\PMM\WsUIMgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintkentigern.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://skcproxy/proxy1.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [WsUiMgr] C:\Program Files\PMM\WsUIMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.sk.edu
O20 - Winlogon Notify: crypt - C:\Windows\SYSTEM32\crypts.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\PMM\WDC.exe

--
End of file - 6220 bytes


I'll update java tomorrow.

Blam

pcuser42
03-02-2009, 09:14 AM
Why didn't you just format the hard drive? :p

Blam
03-02-2009, 09:22 AM
Simple-because I would no longer be on the domain and access many of the school services, such as wi-fi internet and printing.

pcuser42
03-02-2009, 09:23 AM
Oh. >_<

Blam
03-02-2009, 09:30 AM
School reimages at school cost $40 but its the only solution:(

I haven't tried imaging the HDD though...might work...

pctek
03-02-2009, 09:41 AM
toshiba crapware is running

Yep there sure is.
And windows crapware


C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PMM\WsUIMgr.exe



C:\Program Files\Protector Suite QL\psqltray.exe


C:\Users\12189\AppData\Local\Google\Update\GoogleU pdate.exe
C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe
C:\Windows\system32\WerFault.exe


O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WsUiMgr] C:\Program Files\PMM\WsUIMgr.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\12189\AppData\Local\Google\Update\GoogleU pdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL



O20 - Winlogon Notify: crypt - C:\Windows\SYSTEM32\crypts.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe


O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe


O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\PMM\WDC.exe

Blam
03-02-2009, 11:43 AM
A few of those I need, some I don't, which I which I will tick

Agent_24
03-02-2009, 01:01 PM
Use PC Decrapifier. http://www.pcdecrapifier.com/

Blam
03-02-2009, 01:38 PM
Great idea-I forgot about that!

Never knew it cleaned toshiba crapware too...

Thanks
Blam

Blam
03-02-2009, 05:40 PM
Somethings some how gone wrong-and now I can't lauch firefox...
Tried system restore, but didn't work.

Avast! keeps popping up about an infected files with trojans...

I tried scanning with trojan remover but it said that userinit.exe was infected but it could not find something to restore it to...I have posted a log:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2562. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 5:27:13 p.m. 03 Feb 2009
Using Database v7278
Operating System: Windows Vista Business
File System: NTFS
User Account Control is DISABLED.
UserData directory: C:\Users\12189\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************** **********
The following Anti-Malware program(s) are loaded:
[AV Warnings are suppressed]
Avast! Antivirus

************************************************** **********


************************************************** **********
5:27:13 p.m.: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

************************************************** **********
5:27:13 p.m.: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

************************************************** **********
5:27:14 p.m.: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************** **********
5:27:17 p.m.: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created: 22/11/2007 10:39 a.m.
Modified: 22/11/2007 10:39 a.m.
Company: Microsoft Corporation
----------
[B]This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 2/11/2006 9:43 p.m.
Modified: 2/11/2006 10:45 p.m.
Company: Microsoft Corporation
C:\Windows\system32\userinit.exe - this userinit.exe file is either the wrong size, or has missing/incorrect version information
C:\Windows\system32\userinit.exe - cannot restore a good copy of this file
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Apoint
Value Data: C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apoint.exe
200704 bytes
Created: 21/12/2006 6:00 a.m.
Modified: 11/09/2006 8:21 p.m.
Company: Alps Electric Co., Ltd.
--------------------
Value Name: ThpSrv
Value Data: C:\Windows\system32\thpsrv /logon
C:\Windows\system32\thpsrv.exe
531264 bytes
Created: 25/11/2006 11:05 p.m.
Modified: 25/11/2006 11:05 p.m.
Company: TOSHIBA Corporation
--------------------
Value Name: PSQLLauncher
Value Data: "C:\Program Files\Protector Suite QL\launcher.exe" /startup
C:\Program Files\Protector Suite QL\launcher.exe
49168 bytes
Created: 4/12/2006 1:29 p.m.
Modified: 4/12/2006 1:29 p.m.
Company: UPEK Inc.
--------------------
Value Name: TPwrMain
Value Data: %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE
411192 bytes
Created: 29/03/2007 10:39 a.m.
Modified: 29/03/2007 10:39 a.m.
Company: TOSHIBA Corporation
--------------------
Value Name: SmoothView
Value Data: %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
448080 bytes
Created: 15/06/2007 9:01 p.m.
Modified: 15/06/2007 9:01 p.m.
Company: TOSHIBA Corporation
--------------------
Value Name: WsUiMgr
Value Data: C:\Program Files\PMM\WsUIMgr.exe
C:\Program Files\PMM\WsUIMgr.exe
25088 bytes
Created: 8/05/2007 8:18 p.m.
Modified: 8/05/2007 8:18 p.m.
Company: Websense
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
81000 bytes
Created: 1/02/2009 10:15 p.m.
Modified: 27/11/2008 6:18 a.m.
Company: ALWIL Software
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1231752 bytes
Created: 3/02/2009 5:19 p.m.
Modified: 1/01/2009 8:43 p.m.
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once
This Registry Key appears to be empty

************************************************** **********
5:28:21 p.m.: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

************************************************** **********
5:28:21 p.m.: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************** **********
5:28:21 p.m.: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\logon.scr
C:\Windows\system32\logon.scr
5714432 bytes
Created: 2/11/2006 9:48 p.m.
Modified: 2/11/2006 10:44 p.m.
Company: Microsoft Corporation
--------------------

************************************************** **********
5:28:21 p.m.: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
IEDKCS32.DLL
384000 bytes
Created: 2/11/2006 9:49 p.m.
Modified: 2/11/2006 10:46 p.m.
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe /s /n /i:U shell32.dll
shell32.dll
11315712 bytes
Created: 15/04/2008 3:42 p.m.
Modified: 15/04/2008 3:42 p.m.
Company: Microsoft Corporation
----------

************************************************** **********
5:28:23 p.m.: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************** **********
5:28:43 p.m.: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADIHdAudAddService
ImagePath: system32\drivers\ADIHdAud.sys
C:\Windows\system32\drivers\ADIHdAud.sys
333312 bytes
Created: 17/11/2007 3:32 p.m.
Modified: 13/04/2007 2:38 p.m.
Company: Analog Devices, Inc.
----------
Key: ApfiltrService
ImagePath: system32\DRIVERS\Apfiltr.sys
C:\Windows\system32\DRIVERS\Apfiltr.sys
140800 bytes
Created: 21/12/2006 6:00 a.m.
Modified: 30/08/2006 2:35 p.m.
Company: Alps Electric Co., Ltd.
----------
Key: APLMp50
ImagePath: System32\Drivers\APLMp50.sys
C:\Windows\System32\Drivers\APLMp50.sys
28224 bytes
Created: 1/02/2007 3:07 p.m.
Modified: 29/11/2006 6:46 p.m.
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\Windows\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 1/02/2009 10:16 p.m.
Modified: 27/11/2008 6:17 a.m.
Company: ALWIL Software
----------
Key: aswMonFlt
ImagePath: system32\DRIVERS\aswMonFlt.sys
C:\Windows\system32\DRIVERS\aswMonFlt.sys
51792 bytes
Created: 1/02/2009 10:10 p.m.
Modified: 27/11/2008 6:17 a.m.
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
18752 bytes
Created: 1/02/2009 10:15 p.m.
Modified: 27/11/2008 6:12 a.m.
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
155160 bytes
Created: 1/02/2009 10:15 p.m.
Modified: 27/11/2008 6:18 a.m.
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
254040 bytes
Created: 1/02/2009 10:15 p.m.
Modified: 27/11/2008 6:18 a.m.
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
352920 bytes
Created: 1/02/2009 10:15 p.m.
Modified: 27/11/2008 6:16 a.m.
Company: ALWIL Software
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: e1express
ImagePath: system32\DRIVERS\e1e6032.sys
C:\Windows\system32\DRIVERS\e1e6032.sys
200704 bytes
Created: 2/11/2006 11:25 p.m.
Modified: 2/11/2006 8:30 p.m.
Company: Intel Corporation
----------
Key: glaide32
ImagePath: \??\C:\Windows\system32\drivers\glaide32.sys
C:\Windows\system32\drivers\glaide32.sys [file not found to scan]
----------
Key: ialm
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
1609728 bytes
Created: 18/11/2007 7:37 p.m.
Modified: 26/02/2007 2:57 p.m.
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
94208 bytes
Created: 22/10/2004 3:24 a.m.
Modified: 22/10/2004 3:24 a.m.
Company: Macrovision Corporation
----------
Key: igfx
ImagePath: system32\DRIVERS\igdkmd32.sys
C:\Windows\system32\DRIVERS\igdkmd32.sys
1609728 bytes
Created: 18/11/2007 7:37 p.m.
Modified: 26/02/2007 2:57 p.m.
Company: Intel Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: KbdFIOControl
ImagePath: System32\Drivers\KbdF.sys
C:\Windows\System32\Drivers\KbdF.sys
7168 bytes
Created: 18/11/2007 1:12 p.m.
Modified: 18/11/2007 1:10 p.m.
Company: Windows (R) 2000 DDK provider
----------
Key: msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key: NETw3v32
ImagePath: system32\DRIVERS\NETw3v32.sys
C:\Windows\system32\DRIVERS\NETw3v32.sys
1786880 bytes
Created: 21/12/2006 5:59 a.m.
Modified: 30/10/2006 2:42 p.m.
Company: Intel® Corporation
----------
Key: NETw4v32
ImagePath: system32\DRIVERS\NETw4v32.sys
C:\Windows\system32\DRIVERS\NETw4v32.sys
2251776 bytes
Created: 4/12/2007 11:39 a.m.
Modified: 20/11/2007 4:03 p.m.
Company: Intel Corporation
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: ProtexisLicensing
ImagePath: C:\Windows\system32\PSIService.exe
C:\Windows\system32\PSIService.exe
177704 bytes
Created: 5/06/2007 1:20 p.m.
Modified: 5/06/2007 1:20 p.m.
Company:
----------
Key: rpcapd
ImagePath: "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini"
C:\Program Files\WinPcap\rpcapd.exe
93048 bytes
Created: 26/01/2007 6:31 a.m.
Modified: 26/01/2007 6:31 a.m.
Company: CACE Technologies
----------
Key: SBSDWSCService
ImagePath: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
600912 bytes
Created: 18/11/2007 5:16 p.m.
Modified: 31/08/2007 4:46 p.m.
Company: Safer Networking Ltd.
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 2/11/2006 9:51 p.m.
Modified: 2/11/2006 9:51 p.m.
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 2/11/2006 9:51 p.m.
Modified: 2/11/2006 9:51 p.m.
Company: Microsoft Corporation
----------
Key: TcUsb
ImagePath: System32\Drivers\tcusb.sys
C:\Windows\System32\Drivers\tcusb.sys
39056 bytes
Created: 4/12/2006 1:21 p.m.
Modified: 4/12/2006 1:21 p.m.
Company: UPEK Inc.
----------
Key: tdcmdpst
ImagePath: system32\DRIVERS\tdcmdpst.sys
C:\Windows\system32\DRIVERS\tdcmdpst.sys
16128 bytes
Created: 19/10/2006 8:50 a.m.
Modified: 19/10/2006 8:50 a.m.
Company: TOSHIBA Corporation.
----------
Key: Thpdrv
ImagePath: system32\DRIVERS\thpdrv.sys
C:\Windows\system32\DRIVERS\thpdrv.sys
16384 bytes
Created: 31/10/2006 12:47 p.m.
Modified: 31/10/2006 12:47 p.m.
Company: TOSHIBA Corporation
----------
Key: Thpevm
ImagePath: system32\DRIVERS\Thpevm.SYS
C:\Windows\system32\DRIVERS\Thpevm.SYS
6528 bytes
Created: 20/10/2006 2:11 p.m.
Modified: 20/10/2006 2:11 p.m.
Company: TOSHIBA Corporation
----------
Key: Thpsrv
ImagePath: C:\Windows\system32\ThpSrv.exe
C:\Windows\system32\ThpSrv.exe
531264 bytes
Created: 25/11/2006 11:05 p.m.
Modified: 25/11/2006 11:05 p.m.
Company: TOSHIBA Corporation
----------
Key: tifm21
ImagePath: system32\drivers\tifm21.sys
C:\Windows\system32\drivers\tifm21.sys
168448 bytes
Created: 6/07/2006 6:44 p.m.
Modified: 6/07/2006 6:44 p.m.
Company: Texas Instruments
----------
Key: TODDSrv
ImagePath: C:\Windows\system32\TODDSrv.exe
C:\Windows\system32\TODDSrv.exe
114688 bytes
Created: 21/12/2006 7:24 a.m.
Modified: 26/05/2006 3:30 p.m.
Company: TOSHIBA Corporation
----------
Key: TosCoSrv
ImagePath: "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
427576 bytes
Created: 29/03/2007 10:39 a.m.
Modified: 29/03/2007 10:39 a.m.
Company: TOSHIBA Corporation
----------
Key: TOSHIBA Bluetooth Service
ImagePath: C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
77824 bytes
Created: 1/11/2006 7:40 p.m.
Modified: 1/11/2006 7:40 p.m.
Company: TOSHIBA CORPORATION
----------
Key: tosrfec
ImagePath: system32\DRIVERS\tosrfec.sys
C:\Windows\system32\DRIVERS\tosrfec.sys
9216 bytes
Created: 24/10/2006 1:32 p.m.
Modified: 24/10/2006 1:32 p.m.
Company: TOSHIBA Corporation
----------
Key: TPM
ImagePath: system32\drivers\tpm.sys
C:\Windows\system32\drivers\tpm.sys
41064 bytes
Created: 2/11/2006 11:25 p.m.
Modified: 2/11/2006 10:50 p.m.
Company: Microsoft Corporation
----------
Key: TVALZ
ImagePath: system32\DRIVERS\TVALZ.SYS
C:\Windows\system32\DRIVERS\TVALZ.SYS
16768 bytes
Created: 6/10/2006 7:13 p.m.
Modified: 6/10/2006 7:13 p.m.
Company: TOSHIBA Corporation
----------
Key: UleadBurningHelper
ImagePath: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
49152 bytes
Created: 17/11/2007 3:25 p.m.
Modified: 23/08/2006 4:39 p.m.
Company: Ulead Systems, Inc.
----------
Key: WebsenseDesktopClient
ImagePath: C:\Program Files\PMM\WDC.exe
C:\Program Files\PMM\WDC.exe
-H- 471040 bytes
Created: 8/05/2007 8:18 p.m.
Modified: 8/05/2007 8:18 p.m.
Company: Websense
----------
Key: wscam6300
ImagePath: System32\Drivers\wscam6300.sys
C:\Windows\System32\Drivers\wscam6300.sys
33024 bytes
Created: 8/05/2007 8:18 p.m.
Modified: 8/05/2007 8:18 p.m.
Company: Websense, Inc.
----------
Key: WsFsF
ImagePath: System32\Drivers\WsFsFwlh.sys
C:\Windows\System32\Drivers\WsFsFwlh.sys
31744 bytes
Created: 8/05/2007 8:18 p.m.
Modified: 8/05/2007 8:18 p.m.
Company: Websense, Inc.
----------
Key: wstdi
ImagePath: System32\Drivers\wstdiwlh.sys
C:\Windows\System32\Drivers\wstdiwlh.sys
35328 bytes
Created: 8/05/2007 8:18 p.m.
Modified: 8/05/2007 8:18 p.m.
Company: Websense, Inc.
----------

************************************************** **********
5:29:33 p.m.: Scanning -----VXD ENTRIES-----

************************************************** **********
5:29:33 p.m.: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
igfxdev.dll
200704 bytes
Created: 21/12/2006 6:01 a.m.
Modified: 26/02/2007 2:25 p.m.
Company: Intel Corporation
----------
Key : psfus
DLLName: C:\Windows\system32\psqlpwd.dll
C:\Windows\system32\psqlpwd.dll
90112 bytes
Created: 4/12/2006 1:50 p.m.
Modified: 4/12/2006 1:50 p.m.
Company: UPEK Inc.
----------

************************************************** **********
5:29:34 p.m.: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
76880 bytes
Created: 1/02/2009 10:15 p.m.
Modified: 27/11/2008 6:15 a.m.
Company: ALWIL Software
----------
Key: YsiShellExt
CLSID: {E46B8A96-C11A-4EE5-9B0F-2050A3DD6A45}
Path: C:\Program Files\YouSendIt\Express\version2\YsiExt.dll
C:\Program Files\YouSendIt\Express\version2\YsiExt.dll
53248 bytes
Created: 3/04/2008 10:41 a.m.
Modified: 3/04/2008 10:41 a.m.
Company: YouSendIt.com
----------

************************************************** **********
5:29:35 p.m.: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************** **********
5:29:35 p.m.: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
75128 bytes
Created: 11/06/2008 10:33 p.m.
Modified: 11/06/2008 10:33 p.m.
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1122128 bytes
Created: 18/11/2007 5:16 p.m.
Modified: 31/08/2007 4:46 p.m.
Company: Safer Networking Limited
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
408952 bytes
Created: 18/11/2008 1:47 p.m.
Modified: 18/11/2008 1:47 p.m.
Company: Microsoft Corporation
----------

************************************************** **********
5:29:36 p.m.: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************** **********
5:29:36 p.m.: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************** **********
5:29:36 p.m.: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************** **********
5:29:36 p.m.: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************** **********
5:29:37 p.m.: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************** **********
5:29:37 p.m.: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 3/11/2006 1:50 a.m.
Modified: 15/04/2008 3:49 p.m.
Company: [no info]
--------------------

************************************************** **********
5:29:37 p.m.: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: 12189
[C:\Users\12189\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup]
C:\Users\12189\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 1/02/2009 9:59 p.m.
Modified: 1/02/2009 9:59 p.m.
Company: [no info]
----------
D:\Program Files\Rainmeter\Rainmeter.exe
139264 bytes
Created: 22/01/2006 12:41 a.m.
Modified: 22/01/2006 12:41 a.m.
Company: [no info]
Rainmeter.lnk - links to D:\Program Files\Rainmeter\Rainmeter.exe
----------
--------------------

************************************************** **********
5:29:38 p.m.: Scanning ----- SCHEDULED TASKS -----
Taskname: GoogleUpdateTaskUserS-1-5-21-643970264-1529554251-782984527-11869.job
File: C:\Users\12189\AppData\Local\Google\Update\GoogleU pdate.exe
C:\Users\12189\AppData\Local\Google\Update\GoogleU pdate.exe
133104 bytes
Created: 2/02/2009 8:10 p.m.
Modified: 2/02/2009 8:10 p.m.
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: One or more of the properties that are needed to run this task on a schedule have not been set
Creator: 12189
Comments: Google Update Task keeps your Google software up to date. If Google Update Task is disabled or stopped, your Google software may not be kept up to date, meaning we can't fix security vulnerabilities that may arise, and features in your Google software may not work. Google Update Task uninstalls itself when there is no Google software using it. It may take a few hours for Google Update to detect it is time to uninstall.
----------

************************************************** **********
5:29:38 p.m.: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: UEAFOverlay
CLSID: {F2F31467-B1AC-4df0-AE79-FD5FA085E22B}
File: C:\Program Files\Protector Suite QL\farchns.dll
C:\Program Files\Protector Suite QL\farchns.dll
2854912 bytes
Created: 4/12/2006 2:03 p.m.
Modified: 4/12/2006 2:03 p.m.
Company: UPEK Inc.
----------
Key: UEAFOverlayOpen
CLSID: {A3E208F7-0E3A-4182-A7A6-B169D5D691AA}
File: C:\Program Files\Protector Suite QL\farchns.dll
C:\Program Files\Protector Suite QL\farchns.dll - file already scanned
----------

************************************************** **********
5:29:39 p.m.: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\12189\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
C:\Users\12189\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
133622 bytes
Created: 1/02/2009 10:42 p.m.
Modified: 1/02/2009 10:42 p.m.
Company: [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
C:\Users\12189\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
133622 bytes
Created: 1/02/2009 10:42 p.m.
Modified: 1/02/2009 10:42 p.m.
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed

************************************************** **********
5:29:41 p.m.: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\wininit.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\lsm.exe
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\AUDIODG.EXE
--------------------
C:\Windows\system32\SLsvc.exe
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe - file already scanned
--------------------
C:\Windows\System32\spoolsv.exe
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\agrsmsvc.exe
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\PSIService.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\ThpSrv.exe - file already scanned
--------------------
C:\Windows\system32\TODDSrv.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe - file already scanned
--------------------
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - file already scanned
--------------------
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SearchIndexer.exe
--------------------
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - file already scanned
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Protector Suite QL\upeksvr.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Windows\system32\Dwm.exe
--------------------
C:\Windows\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Apoint2K\Apoint.exe - file already scanned
--------------------
C:\Windows\System32\ThpSrv.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe - file already scanned
--------------------
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe - file already scanned
--------------------
C:\Program Files\PMM\WsUIMgr.exe - file already scanned
--------------------
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
--------------------
D:\Program Files\Rainmeter\Rainmeter.exe
--------------------
C:\Program Files\Apoint2K\ApMsgFwd.exe
--------------------
C:\Program Files\Protector Suite QL\psqltray.exe
--------------------
C:\Windows\System32\mobsync.exe
--------------------
C:\Program Files\Apoint2K\Apntex.exe
--------------------
C:\Program Files\FirstClass\fcc32.exe
--------------------
C:\Windows\system32\taskeng.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2933624
[This is a Trojan Remover component]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
P:\TTFind.exe
--------------------

************************************************** **********
5:30:29 p.m.: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************** **********
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.saintkentigern.com/
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896

************************************************** **********
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 5:30:29 p.m. 03 Feb 2009
Total Scan time: 00:03:15
************************************************** **********

Blam
03-02-2009, 05:41 PM
I also have a hijackthis log if it helps:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:06 p.m., on 3/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\PMM\WsUIMgr.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
D:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\FirstClass\fcc32.exe
C:\Program Files\Trojan Remover\Rmvtrjan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\NOTEPAD.EXE
D:\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.saintkentigern.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = http://skcproxy/proxy1.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [WsUiMgr] C:\Program Files\PMM\WsUIMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.sk.edu
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\PMM\WDC.exe

--
End of file - 5994 bytes

Blam
03-02-2009, 05:57 PM
I'm going to try another system restore-as things seem to have gotten worse...

And by the looks of it..seems like my dvd drive doesn't show up in my computer anymore...may have infected drivers too...checked in device manager, Exclaimation mark next to the drive....

Blam
03-02-2009, 06:13 PM
Now windows vista thinks I'm a "Victim of Software Conterfeiting"

F^%&* virus

:(

Speedy Gonzales
03-02-2009, 06:52 PM
This isnt 64 bit Vista is it??

Because trojan remover doesnt work with 64 bit

If you've got the cd, put it in and type in sfc / scannow

If you've got SP1 install it, it may install userinit.exe

If you have / had this

ImagePath: \??\C:\Windows\system32\drivers\glaide32.sys
C:\Windows\system32\drivers\glaide32.sys [file not found to scan]

On your system, it looks like it belongs to rustock (http://www.symantec.com/security_response/writeup.jsp?docid=2006-011309-5412-99&tabid=3) a rootkit

Blam
03-02-2009, 07:06 PM
this is 32bit vista business.

I don't have a vista cd...

I've system restored back a bit and it seems like everything is working OK now.

Except this happens everytime I launch FF

Speedy Gonzales
03-02-2009, 07:13 PM
Run FF in safe mode from the programs menus and see if it crashes.

Its probably an addon thats crashing.

Disable them then run it again

Does IE crash?

Select all options under utilities as well in TR. If you havent yet

Blam
03-02-2009, 07:34 PM
Tried safe mode already, no luck.

IE works fine, using it now

I have selected all options already

Blam