Hijackthis log - computer deleted shared network files

Discussion in 'Windows - Virus and spyware problems' started by ladeeeda, Dec 12, 2006.

  1. ladeeeda

    ladeeeda Member

    Joined:
    Dec 12, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Can anyone help - I've fnished running Adware, Search & Destroy and this is the final HijackThis Log -

    I think my compuer has been deleting shared network files so was really looking for trojan with the scan, but only found cookies.

    I'd appreciate any help!

    Logfile of HijackThis v1.99.1
    Scan saved at 00:12:38, on 13/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ORL\VNC\WinVNC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MICROS~3\rapimgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\spider.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\SHAZIYA\Desktop\HijackThis_v1.99.1.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: CutePDF Writer Companion - {8C3733AE-F794-439A-A959-844DCA64F1A2} - C:\Program Files\Acro Software\CutePDF Writer Companion\CPWC_Co.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Tun Inetd Service (TunNetd) - Esker - C:\Program Files\TUN\TCPW\tunnetd.exe
    O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)
     
    ladeeeda, Dec 12, 2006
    #1
  2. ladeeeda

    ladeeeda Member

    Joined:
    Dec 12, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    I have now also completed the combofix - See report below


    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,20,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-12-13 11:58:58.79
    C:\ComboFix.txt ... 06-12-13 11:58




    CAN ANYONE PLEASE HELP WITH THE ABOVE!
     
    ladeeeda, Dec 13, 2006
    #2
  3. ladeeeda

    ladeeeda Member

    Joined:
    Dec 12, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    11
    Sorry for the double post. I omitted the first part of the log.

    Full log is now included!

    Can anyone help please.

    -----------------------------------------------------------------

    My Machine - 06-12-13 11:58:15.59 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\My Machine\Desktop"

    ((((((((((((((((((((((((((((((( Files Created from 2006-11-13 to 2006-12-13 ))))))))))))))))))))))))))))))))))


    2006-12-12 23:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2006-12-12 23:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2006-12-12 22:58 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2006-12-12 22:56 <DIR> d-------- C:\Program Files\Lavasoft
    2006-12-12 22:56 <DIR> d-------- C:\Documents and Settings\My Machine\Application Data\Lavasoft
    2006-12-12 22:56 <DIR> d-------- C:\Documents and Settings\My Machine\.housecall6.6
    2006-12-12 22:01 <DIR> d-------- C:\Program Files\Windows Media Connect 2
    2006-12-12 21:59 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
    2006-12-08 12:02 <DIR> d-------- C:\WINDOWS\ASTULogTemp
    2006-12-05 09:34 <DIR> d-------- C:\WINDOWS\WBEM
    2006-12-05 09:34 <DIR> d-------- C:\WINDOWS\system32\en-US
    2006-12-05 09:32 <DIR> d--h-c--- C:\WINDOWS\ie7
    2006-12-05 09:31 121,856 --------- C:\WINDOWS\system32\xmllite.dll
    2006-12-05 09:31 <DIR> d-------- C:\WINDOWS\network diagnostic
    2006-11-21 10:04 <DIR> d-------- C:\Documents and Settings\My Machine\Application Data\Talkback
    2006-11-19 01:18 <DIR> d-------- C:\Program Files\MSXML 4.0
    2006-11-19 01:18 <DIR> d-------- C:\125e3fbda99c590ac59a8e


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-12-13 11:08 -------- d-------- C:\Program Files\Apple Software Update
    2006-12-13 09:46 -------- d-------- C:\Program Files\Mozilla Firefox
    2006-12-13 09:22 -------- d-------- C:\Program Files\Outlook Express
    2006-12-12 22:19 -------- d-------- C:\Program Files\Windows Media Player
    2006-12-12 14:00 -------- d-------- C:\Documents and Settings\My Machine\Application Data\AVG7
    2006-12-05 09:39 -------- d-------- C:\Program Files\Internet Explorer
    2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
    2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
    2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
    2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
    2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
    2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
    2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
    2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
    2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
    2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
    2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
    2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
    2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
    2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
    2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
    2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
    2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
    2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
    2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
    2006-11-02 12:23 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
    2006-10-29 22:57 -------- d-------- C:\Program Files\WinRAR
    2006-10-28 19:17 -------- d-------- C:\Documents and Settings\My Machine\Application Data\Apple Computer
    2006-10-28 19:16 -------- d-------- C:\Program Files\QuickTime
    2006-10-28 19:16 -------- d-------- C:\Program Files\iTunes
    2006-10-28 19:16 -------- d-------- C:\Program Files\iPod
    2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
    2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
    2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
    2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
    2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
    2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
    2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
    2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
    2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
    2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
    2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
    2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
    2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
    2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
    2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
    2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
    2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
    2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
    2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
    2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
    2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
    2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
    2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
    2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
    2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
    2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
    2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
    2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
    2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
    2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
    2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
    2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
    2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
    2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
    2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
    2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
    2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
    2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
    2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
    2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
    2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
    2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
    2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
    2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
    2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
    2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
    2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
    2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
    2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
    2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
    2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
    2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
    2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
    2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
    2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
    2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
    2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
    2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
    2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
    2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
    2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
    2006-10-18 20:00 38528 --a------ C:\WINDOWS\system32\drivers\wpdusb.sys
    2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
    2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
    2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
    2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
    2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
    2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
    2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
    2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
    2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
    2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
    2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
    2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
    2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
    2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
    2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
    2006-10-13 12:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
    2006-10-13 12:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
    2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-13 11:26 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
    2006-10-13 10:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
    2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
    2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
    2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
    2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
    2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
    2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
    2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
    "SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "AGRSMMSG"="AGRSMMSG.exe"
    "Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
    "CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
    @=""
    "TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
    "HWSetup"="C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
    "SVPWUTIL"="C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
    "Zooming"="ZoomingHook.exe"
    "TCtryIOHook"="TCtrlIOHook.exe"
    "TPSMain"="TPSMain.exe"
    "SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
    "TFncKy"="TFncKy.exe"
    "PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
    "Tvs"="C:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "WinVNC"="\"C:\\Program Files\\ORL\\VNC\\WinVNC.exe\" -servicehelper"
    "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\""
    "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
    "HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
    "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,20,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
    "AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
    "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-12-13 11:58:58.79
    C:\ComboFix.txt ... 06-12-13 11:58
     
    ladeeeda, Dec 13, 2006
    #3

Share This Page