# Laptop Synaptic Pointing Device



## 123688 (Oct 5, 2006)

Hi I need help in getting my touch pad working properly. BEfore THere was a sensor in the bottom right hand side of the screen and if you touched the touchpad it would go gree. Now it is gone and I also get a popup saying "THis application has failed to start because DLACResW.dll was not found. Reinstalling application may fix this problem.
Basically I think I have a virus or somelthing and my touch pad doesnt work proeprly because I can now double click by touching it twice which is annoying becasue it opens up stuff I dont want it to. I prefer clickin with the buttons on laptop. 
Thanks any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 4:16:57 PM, on 04/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk870YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://s1.travian.us
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


----------



## 123688 (Oct 5, 2006)

can someone please help me? thanks


----------



## Cookiegal (Aug 27, 2003)

Download FindAWF.exe from *here* or *here* and save it to your desktop.

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with the following Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT​
*Select option 1*, then press Enter
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.


----------



## 123688 (Oct 5, 2006)

Here's the report file

ind AWF report by noahdfear ©2006
Version 1.40

The current date is: 11/10/2007 
The current time is: 20:37:55.37


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

14/09/2007 10:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\LTMOH\BAK

17/08/2004 01:37 PM 184,320 Ltmoh.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

23/03/2005 05:26 PM 217,088 point32.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

29/06/2007 06:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/08/2004 06:00 AM 15,360 ctfmon.exe
27/11/2005 11:52 PM 77,824 hkcmd.exe
27/11/2005 11:55 PM 118,784 igfxpers.exe
27/11/2005 11:55 PM 98,304 igfxtray.exe
19/07/2005 05:32 PM 221,184 LVCOMSX.EXE
5 File(s) 531,456 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

11/05/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK

08/06/2005 03:24 PM 458,752 ISStart.exe
08/06/2005 03:14 PM 217,088 LogiTray.exe
08/06/2005 02:44 PM 196,608 ManifestEngine.exe
3 File(s) 872,448 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

02/03/2006 02:02 AM 761,948 SynTPEnh.exe
1 File(s) 761,948 bytes

Directory of C:\PROGRA~1\TELUSE~1\SMARTB~1\BAK

24/09/2007 10:27 PM 393,216 MotiveSB.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

30/12/2004 02:32 AM 65,536 toscdspd.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~2\BAK

26/04/2005 06:13 PM 122,880 SmoothView.exe
1 File(s) 122,880 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK

05/01/2006 04:02 PM 352,256 thotkey.exe
1 File(s) 352,256 bytes

Directory of C:\PROGRA~1\TOSHIBA\TVS\BAK

30/11/2005 02:25 PM 73,728 TvsTray.exe
1 File(s) 73,728 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

06/10/2005 07:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

02/10/2006 07:09 AM 185,784 realsched.exe
1 File(s) 185,784 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

28/11/2005 11:41 AM 602,182 ifrmewrk.exe
05/12/2005 12:37 PM 667,718 ZCfgSvc.exe
2 File(s) 1,269,900 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

09/11/2006 04:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

19/03/2007 08:13 AM 67,128 LogitechDesktopMessenger.exe
1 File(s) 67,128 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

27664 Oct 2 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 25 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
27664 Oct 2 2007 "C:\Program Files\ltmoh\Ltmoh.exe"
184320 Aug 17 2004 "C:\Program Files\ltmoh\bak\Ltmoh.exe"
27664 Oct 2 2007 "C:\Program Files\Microsoft IntelliPoint\point32.exe"
217088 Mar 23 2005 "C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
27664 Oct 2 2007 "C:\Program Files\QuickTime\QTTask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\hkcmd.exe"
77824 Nov 27 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\hkcmd.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\igfxpers.exe"
118784 Nov 27 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
118784 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\igfxpers.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\igfxtray.exe"
98304 Nov 27 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
98304 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\igfxtray.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\LVCOMSX.EXE"
221184 Jul 19 2005 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
27664 Oct 2 2007 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
27664 Oct 2 2007 "C:\Program Files\Logitech\Video\ISStart.exe"
458752 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
27664 Oct 2 2007 "C:\Program Files\Logitech\Video\LogiTray.exe"
217088 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
27664 Oct 2 2007 "C:\Program Files\Logitech\Video\ManifestEngine.exe"
196608 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
761948 Mar 2 2006 "C:\Synaptics Touchpad.temp\SynTPEnh.exe"
761948 Mar 2 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\SynTPEnh.exe"
27664 Oct 2 2007 "C:\Program Files\TELUS eCare\SmartBridge\MotiveSB.exe"
393216 Sep 24 2007 "C:\Program Files\TELUS eCare\SmartBridge\bak\MotiveSB.exe"
393216 Oct 27 2006 "C:\Program Files\TELUS eCare\SmartBridge\Original\MotiveSB.exe"
393216 Sep 24 2007 "C:\Program Files\TELUS eCare\SmartBridge\Updates\MotiveSB.exe"
27664 Oct 2 2007 "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe"
27664 Oct 2 2007 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"
27664 Oct 2 2007 "C:\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe"
352256 Jan 5 2006 "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe"
27664 Oct 2 2007 "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
73728 Nov 30 2005 "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 Oct 6 2005 "C:\Program Files\Sonic\DLA\install\dlactrlw.exe"
122940 Oct 6 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
27664 Oct 2 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185784 Oct 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
 27664 Oct 2 2007 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
602182 Nov 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
27664 Oct 2 2007 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
667718 Dec 5 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
27664 Oct 2 2007 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
27664 Oct 2 2007 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
27664 Oct 2 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
67128 Mar 19 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"


end of report


----------



## Cookiegal (Aug 27, 2003)

Copy the file paths below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\ltmoh\bak\Ltmoh.exe"
"C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\igfxpers.exe"
"C:\WINDOWS\system32\bak\igfxtray.exe"
"C:\WINDOWS\system32\bak\LVCOMSX.EXE"
"C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
"C:\Program Files\Logitech\Video\bak\ISStart.exe"
"C:\Program Files\Logitech\Video\bak\LogiTray.exe"
"C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
"C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe
"C:\Program Files\TELUS eCare\SmartBridge\bak\MotiveSB.exe"
"C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe"
"C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"
"C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe"
"C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe"
"C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
"C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
"C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"
*

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
*Select option 2* from the menu and press Enter.
Press any key to continue.
A Notepad document *FindAWF.txt* will appear with instructions to click below the line and paste the list of files to be restored.
Right click below this line and select* Paste*, to paste the list of files copied to the clipboard earlier. Save and close the document.
The program will proceed to move the legit files and will perform another scan for bak folders.
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called *AWF.txt*.
Please copy and paste the contents of the *AWF.txt* file in your next reply.


----------



## 123688 (Oct 5, 2006)

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: 13/10/2007 
The current time is: 12:32:45.14


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

14/09/2007 10:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\LTMOH\BAK

17/08/2004 01:37 PM 184,320 Ltmoh.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

23/03/2005 05:26 PM 217,088 point32.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

29/06/2007 06:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/08/2004 06:00 AM 15,360 ctfmon.exe
27/11/2005 11:52 PM 77,824 hkcmd.exe
27/11/2005 11:55 PM 118,784 igfxpers.exe
27/11/2005 11:55 PM 98,304 igfxtray.exe
19/07/2005 05:32 PM 221,184 LVCOMSX.EXE
5 File(s) 531,456 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

11/05/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK

08/06/2005 03:24 PM 458,752 ISStart.exe
08/06/2005 03:14 PM 217,088 LogiTray.exe
08/06/2005 02:44 PM 196,608 ManifestEngine.exe
3 File(s) 872,448 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

02/03/2006 02:02 AM 761,948 SynTPEnh.exe
1 File(s) 761,948 bytes

Directory of C:\PROGRA~1\TELUSE~1\SMARTB~1\BAK

24/09/2007 10:27 PM 393,216 MotiveSB.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

30/12/2004 02:32 AM 65,536 toscdspd.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~2\BAK

26/04/2005 06:13 PM 122,880 SmoothView.exe
1 File(s) 122,880 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK

05/01/2006 04:02 PM 352,256 thotkey.exe
1 File(s) 352,256 bytes

Directory of C:\PROGRA~1\TOSHIBA\TVS\BAK

30/11/2005 02:25 PM 73,728 TvsTray.exe
1 File(s) 73,728 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

06/10/2005 07:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

02/10/2006 07:09 AM 185,784 realsched.exe
1 File(s) 185,784 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

28/11/2005 11:41 AM 602,182 ifrmewrk.exe
05/12/2005 12:37 PM 667,718 ZCfgSvc.exe
2 File(s) 1,269,900 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

09/11/2006 04:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

19/03/2007 08:13 AM 67,128 LogitechDesktopMessenger.exe
1 File(s) 67,128 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267064 Sep 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 25 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
184320 Aug 17 2004 "C:\Program Files\ltmoh\Ltmoh.exe"
184320 Aug 17 2004 "C:\Program Files\ltmoh\bak\Ltmoh.exe"
217088 Mar 23 2005 "C:\Program Files\Microsoft IntelliPoint\point32.exe"
217088 Mar 23 2005 "C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Nov 27 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Nov 27 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\hkcmd.exe"
118784 Nov 27 2005 "C:\WINDOWS\system32\igfxpers.exe"
118784 Nov 27 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
118784 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\igfxpers.exe"
98304 Nov 27 2005 "C:\WINDOWS\system32\igfxtray.exe"
98304 Nov 27 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
98304 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\igfxtray.exe"
221184 Jul 19 2005 "C:\WINDOWS\system32\LVCOMSX.EXE"
221184 Jul 19 2005 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
458752 Jun 8 2005 "C:\Program Files\Logitech\Video\ISStart.exe"
458752 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
217088 Jun 8 2005 "C:\Program Files\Logitech\Video\LogiTray.exe"
217088 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
196608 Jun 8 2005 "C:\Program Files\Logitech\Video\ManifestEngine.exe"
196608 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
761948 Mar 2 2006 "C:\Synaptics Touchpad.temp\SynTPEnh.exe"
761948 Mar 2 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\SynTPEnh.exe"
393216 Sep 24 2007 "C:\Program Files\TELUS eCare\SmartBridge\MotiveSB.exe"
393216 Sep 24 2007 "C:\Program Files\TELUS eCare\SmartBridge\bak\MotiveSB.exe"
393216 Oct 27 2006 "C:\Program Files\TELUS eCare\SmartBridge\Original\MotiveSB.exe"
393216 Sep 24 2007 "C:\Program Files\TELUS eCare\SmartBridge\Updates\MotiveSB.exe"
65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe"
122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"
352256 Jan 5 2006 "C:\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe"
352256 Jan 5 2006 "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe"
73728 Nov 30 2005 "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
73728 Nov 30 2005 "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe"
122940 Oct 6 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 Oct 6 2005 "C:\Program Files\Sonic\DLA\install\dlactrlw.exe"
122940 Oct 6 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
185784 Oct 2 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185784 Oct 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
602182 Nov 28 2005 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
602182 Nov 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
667718 Dec 5 2005 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
667718 Dec 5 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
67128 Mar 19 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
67128 Mar 19 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"


end of report


----------



## Cookiegal (Aug 27, 2003)

Open notepad and copy/paste the text in the quote box below into it:



> @ECHO OFF
> if exist "C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\SynTPEnh.exe"
> copy "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe" "C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\SynTPEnh.exe"
> if exist "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
> copy "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"


Save this as Fix.bat and choose "Save type as - All Files". It should look like this:







Double click the Fix.bat file and allow it to run.

Then run *Option 1 *of FindAWF again please and post the results.


----------



## 123688 (Oct 5, 2006)

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: 14/10/2007 
The current time is: 16:12:09.54


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\ITUNES\BAK

14/09/2007 10:00 AM 267,064 iTunesHelper.exe
1 File(s) 267,064 bytes

Directory of C:\PROGRA~1\LTMOH\BAK

17/08/2004 01:37 PM 184,320 Ltmoh.exe
1 File(s) 184,320 bytes

Directory of C:\PROGRA~1\MIFB84~1\BAK

23/03/2005 05:26 PM 217,088 point32.exe
1 File(s) 217,088 bytes

Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

29/06/2007 06:24 AM 286,720 qttask.exe
1 File(s) 286,720 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

04/08/2004 06:00 AM 15,360 ctfmon.exe
27/11/2005 11:52 PM 77,824 hkcmd.exe
27/11/2005 11:55 PM 118,784 igfxpers.exe
27/11/2005 11:55 PM 98,304 igfxtray.exe
19/07/2005 05:32 PM 221,184 LVCOMSX.EXE
5 File(s) 531,456 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\HP\HPSOFT~1\BAK

11/05/2005 11:12 PM 49,152 HPWuSchd2.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\LOGITECH\VIDEO\BAK

08/06/2005 03:24 PM 458,752 ISStart.exe
08/06/2005 03:14 PM 217,088 LogiTray.exe
08/06/2005 02:44 PM 196,608 ManifestEngine.exe
3 File(s) 872,448 bytes

Directory of C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

02/03/2006 02:02 AM 761,948 SynTPEnh.exe
1 File(s) 761,948 bytes

Directory of C:\PROGRA~1\TELUSE~1\SMARTB~1\BAK

24/09/2007 10:27 PM 393,216 MotiveSB.exe
1 File(s) 393,216 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSCDSPD\BAK

30/12/2004 02:32 AM 65,536 toscdspd.exe
1 File(s) 65,536 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~2\BAK

26/04/2005 06:13 PM 122,880 SmoothView.exe
1 File(s) 122,880 bytes

Directory of C:\PROGRA~1\TOSHIBA\TOSHIB~3\BAK

05/01/2006 04:02 PM 352,256 thotkey.exe
1 File(s) 352,256 bytes

Directory of C:\PROGRA~1\TOSHIBA\TVS\BAK

30/11/2005 02:25 PM 73,728 TvsTray.exe
1 File(s) 73,728 bytes

Directory of C:\WINDOWS\SYSTEM32\DLA\BAK

06/10/2005 07:20 AM 122,940 DLACTRLW.EXE
1 File(s) 122,940 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

02/10/2006 07:09 AM 185,784 realsched.exe
1 File(s) 185,784 bytes

Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK

28/11/2005 11:41 AM 602,182 ifrmewrk.exe
05/12/2005 12:37 PM 667,718 ZCfgSvc.exe
2 File(s) 1,269,900 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_1\BIN\BAK

09/11/2006 04:07 PM 49,263 jusched.exe
1 File(s) 49,263 bytes

Directory of C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

06/06/2005 11:46 PM 57,344 apdproxy.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\LOGITECH\DESKTO~1\8876480\PROGRAM\BAK

19/03/2007 08:13 AM 67,128 LogitechDesktopMessenger.exe
1 File(s) 67,128 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267064 Sep 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
267064 Sep 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Sep 25 2007 "C:\WINDOWS\Installer\{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}\iTunesIco.exe"
116024 Sep 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.4.2.4\iTunesSetupAdmin.exe"
184320 Aug 17 2004 "C:\Program Files\ltmoh\Ltmoh.exe"
184320 Aug 17 2004 "C:\Program Files\ltmoh\bak\Ltmoh.exe"
217088 Mar 23 2005 "C:\Program Files\Microsoft IntelliPoint\point32.exe"
217088 Mar 23 2005 "C:\Program Files\Microsoft IntelliPoint\bak\point32.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\qttask.exe"
286720 Jun 29 2007 "C:\Program Files\QuickTime\bak\qttask.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
77824 Nov 27 2005 "C:\WINDOWS\system32\hkcmd.exe"
77824 Nov 27 2005 "C:\WINDOWS\system32\bak\hkcmd.exe"
77824 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\hkcmd.exe"
118784 Nov 27 2005 "C:\WINDOWS\system32\igfxpers.exe"
118784 Nov 27 2005 "C:\WINDOWS\system32\bak\igfxpers.exe"
118784 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\igfxpers.exe"
98304 Nov 27 2005 "C:\WINDOWS\system32\igfxtray.exe"
98304 Nov 27 2005 "C:\WINDOWS\system32\bak\igfxtray.exe"
98304 Nov 27 2005 "C:\TOSHIBA\DISPLAY\INTEL\Win2000\igfxtray.exe"
221184 Jul 19 2005 "C:\WINDOWS\system32\LVCOMSX.EXE"
221184 Jul 19 2005 "C:\WINDOWS\system32\bak\LVCOMSX.EXE"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
49152 May 11 2005 "C:\Program Files\HP\HP Software Update\bak\HPWuSchd2.exe"
458752 Jun 8 2005 "C:\Program Files\Logitech\Video\ISStart.exe"
458752 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ISStart.exe"
217088 Jun 8 2005 "C:\Program Files\Logitech\Video\LogiTray.exe"
217088 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\LogiTray.exe"
196608 Jun 8 2005 "C:\Program Files\Logitech\Video\ManifestEngine.exe"
196608 Jun 8 2005 "C:\Program Files\Logitech\Video\bak\ManifestEngine.exe"
761948 Mar 2 2006 "C:\Synaptics Touchpad.temp\SynTPEnh.exe"
761948 Mar 2 2006 "C:\Program Files\Synaptics\SynTP\bak\SynTPEnh.exe"
27664 Oct 2 2007 "C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\SynTPEnh.exe"
393216 Sep 24 2007 "C:\Program Files\TELUS eCare\SmartBridge\MotiveSB.exe"
393216 Sep 24 2007 "C:\Program Files\TELUS eCare\SmartBridge\bak\MotiveSB.exe"
393216 Oct 27 2006 "C:\Program Files\TELUS eCare\SmartBridge\Original\MotiveSB.exe"
393216 Sep 24 2007 "C:\Program Files\TELUS eCare\SmartBridge\Updates\MotiveSB.exe"
65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
65536 Dec 30 2004 "C:\Program Files\TOSHIBA\TOSCDSPD\bak\toscdspd.exe"
122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
122880 Apr 26 2005 "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak\SmoothView.exe"
352256 Jan 5 2006 "C:\Program Files\TOSHIBA\TOSHIBA Applet\thotkey.exe"
352256 Jan 5 2006 "C:\Program Files\TOSHIBA\TOSHIBA Applet\bak\thotkey.exe"
73728 Nov 30 2005 "C:\Program Files\TOSHIBA\Tvs\TvsTray.exe"
73728 Nov 30 2005 "C:\Program Files\TOSHIBA\Tvs\bak\TvsTray.exe"
122940 Oct 6 2005 "C:\WINDOWS\system32\DLA\DLACTRLW.EXE"
122940 Oct 6 2005 "C:\Program Files\Sonic\DLA\install\dlactrlw.exe"
122940 Oct 6 2005 "C:\WINDOWS\system32\DLA\bak\DLACTRLW.EXE"
185784 Oct 2 2006 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
185784 Oct 2 2006 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
602182 Nov 28 2005 "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe"
602182 Nov 28 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
667718 Dec 5 2005 "C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe"
667718 Dec 5 2005 "C:\Program Files\Intel\Wireless\Bin\bak\ZCfgSvc.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
49263 Oct 12 2006 "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
49263 Nov 9 2006 "C:\Program Files\Java\jre1.5.0_10\bin\bak\jusched.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 Jun 6 2005 "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
67128 Mar 19 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
67128 Mar 19 2007 "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak\LogitechDesktopMessenger.exe"


end of report


----------



## Cookiegal (Aug 27, 2003)

Copy the file paths below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\Program Files\iTunes\bak
C:\Program Files\ltmoh\bak
C:\Program Files\Microsoft IntelliPoint\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\system32\bak
C:\Program Files\HP\HP Software Update\bak
C:\Program Files\Logitech\Video\bak
C:\Program Files\Synaptics\SynTP\bak
C:\Program Files\TELUS eCare\SmartBridge\bak
C:\Program Files\TOSHIBA\TOSCDSPD\bak
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\bak
C:\Program Files\TOSHIBA\TOSHIBA Applet\bak
C:\Program Files\TOSHIBA\Tvs\bak
C:\WINDOWS\system32\DLA\bak
C:\Program Files\Common Files\Real\Update_OB\bak
C:\Program Files\Intel\Wireless\Bin\bak
C:\Program Files\Intel\Wireless\Bin\bak
C:\Program Files\Java\jre1.5.0_10\bin\bak
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\bak
*


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
*Select option 3* from the menu and press Enter.
Press any key to continue. 
A Notepad document *FindAWF.txt* will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below this line and select* Paste*, to paste the list of folders copied to the clipboard earlier. Save and close the document.
The program will proceed to remove the bad folders and will perform another scan for bak folders.
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.


----------



## 123688 (Oct 5, 2006)

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: 15/10/2007 
The current time is: 19:37:38.17


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\MSNMES~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


----------



## Cookiegal (Aug 27, 2003)

Locate and delete these *bak *folders:

C:\Program Files\Common Files\Symantec Shared\*bak*
C:\Program Files\MSN Messenger\*bak*

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders".
Click "Apply" then "OK".

Go to Start > Search - All Files and Folders and under "More advanced search options". 
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

Now do a search for this file and let me know the entire path to each instance found. Also, right click on each one and let me know the size of the file please.

*SynTPEnh.exe*

Also, please post a new HijackThis log.


----------



## 123688 (Oct 5, 2006)

Pathway: C:\Synaptics Touchpad.temp 
Size: 745KB

Pathway: C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles
Size: 28KB

Logfile of HijackThis v1.99.1
Scan saved at 5:43:43 PM, on 16/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk870YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: http://s1.travian.us
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


----------



## Cookiegal (Aug 27, 2003)

You don't have one in this folder?

C:\Program Files\Synaptics\SynTP


----------



## 123688 (Oct 5, 2006)

Nope I dont have it in that folder. Its empty.


----------



## Cookiegal (Aug 27, 2003)

Right-click on this file and select "copy":

C:\Synaptics Touchpad.temp\*SynTPEnh.exe*

Now navigate to this folder:

C:\Program Files\Synaptics\*SynTP*

Open the *SynTP *folder and then right click and select "paste".

There will be another step to do but I want to see that this has worked first so please do another search for the same file and let me know the locations it is now found and the size of each one please.

Also, do this:


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
*Select option 4* from the menu and press Enter.
Press any key to continue. 
You will receive a warning to reset domain zones
Press 1 then press Enter.
If you have manually included sites in the trusted zones, these will need to be re-inserted.

I'm attaching a ResetProtcolDefaults.zip file to this post. Save it to your desktop. Unzip it and double-click the ResetProtocolDefaults.reg file and allow it to enter into the registry.


----------



## 123688 (Oct 5, 2006)

Pathways for SynTPEnh.exe:

C:\Synaptics Touchpad.temp  Size: 745 KB
C:\Program Files\Synapatics\SynTP Size: 745 KB
C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles Size: 28 KB

THis also showed up in my search results:

SYNTPENH.EXE-16AC069B.pf Pathways is: C:\WINDOWS\Prefetch Size: 21KB


----------



## Cookiegal (Aug 27, 2003)

That's good.

Now delete the *SynTPEnh.exe *file that's in the following location as it's the infected file (size is 28KB):

C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\

and then copy one of the good ones (size 745 KB) to the above location to replace it using the same procedure you did before. If you don't understand, let me know and I'll explain it in more detail but you're basically doing the same thing you did before, only to a different location.


----------



## 123688 (Oct 5, 2006)

ok its done, what do i do next?


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## 123688 (Oct 5, 2006)

Logfile of HijackThis v1.99.1
Scan saved at 4:20:52 PM, on 18/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk870YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


----------



## Cookiegal (Aug 27, 2003)

Please go *HERE* to run Panda's ActiveScan
You need to use IE to run this scan
Once you are on the Panda site click the *Scan your PC* button
A new window will open...click the *Check Now* button
Enter your *Country*
Enter your *State/Province*
Enter your *e-mail address* and click *send*
Select either *Home User* or *Company*
Click the big *Scan Now* button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on *My Computer* to start the scan
When the scan completes, if anything malicious is detected, click the *See Report* button, *then Save Report* and save it to a convenient location. Post the contents of the ActiveScan report


----------



## 123688 (Oct 5, 2006)

Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf 
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239} 
Adware:adware/oemji Not disinfected Windows Registry 
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Philip Yu\Application Data\Mozilla\Firefox\Profiles\w0k3bz9j.default\cookies.txt[ad.yieldmanager.com/] 
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Philip Yu\Application Data\Mozilla\Firefox\Profiles\w0k3bz9j.default\cookies.txt[.bluestreak.com/] 
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Philip Yu\Application Data\Mozilla\Firefox\Profiles\w0k3bz9j.default\cookies.txt[.2o7.net/] 
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Philip Yu\Application Data\Mozilla\Firefox\Profiles\w0k3bz9j.default\cookies.txt[.perf.overture.com/] 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Philip Yu\Application Data\Mozilla\Firefox\Profiles\w0k3bz9j.default\cookies.txt[.doubleclick.net/] 
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Philip Yu\Application Data\Mozilla\Firefox\Profiles\w0k3bz9j.default\cookies.txt[.888.com/] 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Serving-sys Not disinfected  C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][2].txt 
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt 
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Philip Yu\Cookies\[email protected][1].txt


----------



## Cookiegal (Aug 27, 2003)

Navigate to this file and delete it:

c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf

I'm attaching a Fix123688.zip file to this post. Save it to your desktop. Unzip it and double-click the Fix123688.reg file and allow it to enter into the registry.

Download *ComboFix* and save it to your desktop.

***Note: It is important that it is saved directly to your desktop***


Close any open browsers. 
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. 
Double click on *combofix.exe* and follow the prompts.

When finished, it will produce a report for you. Please post the *C:\ComboFix.txt* along with a *new HijackThis log* for further review.

Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.


----------



## 123688 (Oct 5, 2006)

I have had my HijackThis program for over a year without updating it. SHould I update it or not?

Also I couldnt find the file c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf 
so i couldnt delete it.

Logfile of HijackThis v1.99.1
Scan saved at 11:55:28 PM, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk870YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe


----------



## 123688 (Oct 5, 2006)

I have split the combo fix to 2 parts as its too long.

ComboFix 07-10-20.6 - Philip Yu 2007-10-19 23:41:24.1 - NTFSx86 
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.430 [GMT -6:00]
Running from: C:\Documents and Settings\Philip Yu\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Philip Yu\Application Data\macromedia\Flash Player\#SharedObjects\TK5K583Z\iforex.com
C:\Documents and Settings\Philip Yu\Application Data\macromedia\Flash Player\#SharedObjects\TK5K583Z\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Philip Yu\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Philip Yu\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\deskbar
C:\Program Files\WinBudget
C:\Program Files\WinBudget\bin\crap.1191382076.old
C:\Program Files\WinBudget\bin\crap.1192292456.old
C:\Program Files\WinBudget\bin\matrix.dat
C:\Program Files\WinBudget\bin\matrix.dll
C:\Program Files\WinBudget\bin\matrix.dll.1192292455.old
C:\uniq
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin


----------



## 123688 (Oct 5, 2006)

C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINDOWS\Downloaded Program Files\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
.
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.

2007-10-19 23:40	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-10-18 19:59 d--------	C:\WINDOWS\system32\ActiveScan
2007-10-12 15:08 d--------	C:\Travian
2007-10-11 23:20 d--------	C:\Documents and Settings\Philip Yu\Application Data\PowerChallenge
2007-10-09 13:25	582,656	-----c---	C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 20:31 d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-03 19:54 d--------	C:\Synaptics Touchpad.temp
2007-09-27 21:05 d--------	C:\Program Files\PowerChallenge
2007-09-25 20:12	2,560	--a------	C:\WINDOWS\system32\bitcometres.dll
2007-09-25 14:32 d--------	C:\Program Files\iPod
2007-09-25 14:28 d--------	C:\Program Files\QuickTime
2007-09-25 14:25 d--------	C:\Program Files\Common Files\Apple
2007-09-25 14:25 d--------	C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 13:52 d--------	C:\Program Files\LimeWire
2007-09-24 22:47	69,632	--a------	C:\WINDOWS\system32\MCCDevice.dll
2007-09-24 22:47	6,048	--a------	C:\WINDOWS\system32\MCC16.dll
2007-09-24 22:34	228	--a------	C:\TEMP.REG
2007-09-24 22:27 d--------	C:\Program Files\Motive
2007-09-22 18:07	139,536	--a------	C:\WINDOWS\system32\javaee.dll
2007-09-20 15:05 d--------	C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2007-09-20 10:36 d--------	C:\Documents and Settings\Philip Yu\Application Data\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 02:56	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2007-10-19 03:23	---------	d-----w	C:\Program Files\Windows Live Toolbar
2007-10-19 03:21	---------	d-----w	C:\Program Files\Symantec
2007-10-19 03:18	---------	d-----w	C:\Program Files\MSN Messenger
2007-10-19 03:16	---------	d-----w	C:\Program Files\Microsoft IntelliPoint
2007-10-19 03:16	---------	d-----w	C:\Program Files\ltmoh
2007-10-19 03:15	---------	d-----w	C:\Program Files\iTunes
2007-10-19 03:06	---------	d-----w	C:\Program Files\Common Files\Motive
2007-10-19 02:48	---------	d-----w	C:\Documents and Settings\Philip Yu\Application Data\Symantec
2007-10-19 02:44	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-13 18:52	---------	d-----w	C:\Program Files\Java
2007-10-12 20:43	---------	d-----w	C:\Program Files\BitComet
2007-10-08 15:33	---------	d-----w	C:\Documents and Settings\Philip Yu\Application Data\U3
2007-10-01 22:50	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-10-01 22:45	---------	d-----w	C:\Documents and Settings\Philip Yu\Application Data\AdobeUM
2007-09-28 23:00	---------	d--h--w	C:\Documents and Settings\Philip Yu\Application Data\Move Networks
2007-09-25 20:26	---------	d-----w	C:\Program Files\Apple Software Update
2007-09-25 04:48	---------	d-----w	C:\Program Files\TELUS eCare
2007-09-20 04:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Motive
2007-09-02 05:21	---------	d-----w	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-24 19:51	---------	d-----w	C:\Program Files\StepMania
2007-02-22 00:32	8	-c--a-w	C:\Documents and Settings\Philip Yu\Application Data\usb.dat.bin
2006-12-07 04:39	25,704	-c--a-w	C:\Documents and Settings\Philip Yu\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 16:29 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 01:49 C:\WINDOWS\RTHDCPL.exe]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 07:20]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 18:13]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 14:25]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 16:02]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-03-11 17:03 C:\WINDOWS\system32\TDispVol.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 13:37]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-27 23:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-27 23:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-27 23:55]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 12:30]
"CFSServ.exe"="CFSServ.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-02 07:09]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2007-09-24 22:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 02:32]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-19 08:13]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
IEHOME.LNK - C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat [2006-07-29 12:13:24]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
IEHOME.LNK - C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat [2006-07-29 12:13:24]

C:\Documents and Settings\Philip Yu\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14]

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
IEHOME.LNK - C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat [2006-07-29 12:13:24]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-13 12:32:44]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-21 09:29:18]
TELUS eCare.lnk - C:\Program Files\TELUS eCare\bin\matcli.exe [2007-09-24 22:27:32]

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 04:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-20 05:18:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-20 02:00:29 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Philip Yu.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-19 23:46:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-19 23:50:08 - machine was rebooted 
.
--- E O F ---


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download ATF Cleaner by Atribune and save it to your desktop.
Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*
[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.

Then please post a new HijackThis log but remove the version you have and download the latest one first.

*Click here* and then scroll down to and click on *hijackthis self installer* to download *HJTsetup.exe*

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This. 
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Addition Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.


----------



## 123688 (Oct 5, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:19:31 PM, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk870YYCA
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 15272 bytes


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk870YYCA

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab*

Reboot and post a new HijackThis log please.

I presume you are aware of this batch?

*iehome.bat*


----------



## 123688 (Oct 5, 2006)

What is "iehome.bat"?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:16 PM, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14960 bytes


----------



## Cookiegal (Aug 27, 2003)

I'm not sure so let's take a look at it to see what it does.

Open Notepad and copy and paste the text in the quote box below into it:



> FileLook::
> C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat


Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## 123688 (Oct 5, 2006)

ComboFix 07-10-20.6 - Philip Yu 2007-10-21 17:18:10.2 - NTFSx86 
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.350 [GMT -6:00]
Running from: C:\Documents and Settings\Philip Yu\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Philip Yu\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-09-21 to 2007-10-21 )))))))))))))))))))))))))))))))
.

2007-10-20 16:18 d--------	C:\Program Files\Trend Micro
2007-10-19 23:40	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-10-18 19:59 d--------	C:\WINDOWS\system32\ActiveScan
2007-10-12 15:08 d--------	C:\Travian
2007-10-11 23:20 d--------	C:\Documents and Settings\Philip Yu\Application Data\PowerChallenge
2007-10-09 13:25	582,656	-----c---	C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-03 20:31 d--------	C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-03 19:54 d--------	C:\Synaptics Touchpad.temp
2007-09-27 21:05 d--------	C:\Program Files\PowerChallenge
2007-09-25 20:12	2,560	--a------	C:\WINDOWS\system32\bitcometres.dll
2007-09-25 14:32 d--------	C:\Program Files\iPod
2007-09-25 14:28 d--------	C:\Program Files\QuickTime
2007-09-25 14:25 d--------	C:\Program Files\Common Files\Apple
2007-09-25 14:25 d--------	C:\Documents and Settings\All Users\Application Data\Apple
2007-09-25 13:52 d--------	C:\Program Files\LimeWire
2007-09-24 22:47	69,632	--a------	C:\WINDOWS\system32\MCCDevice.dll
2007-09-24 22:47	6,048	--a------	C:\WINDOWS\system32\MCC16.dll
2007-09-24 22:34	228	--a------	C:\TEMP.REG
2007-09-24 22:27 d--------	C:\Program Files\Motive
2007-09-22 18:07	139,536	--a------	C:\WINDOWS\system32\javaee.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 01:23	---------	d-----w	C:\Documents and Settings\Philip Yu\Application Data\SopCast
2007-10-21 01:22	---------	d-----w	C:\Program Files\SopCast
2007-10-20 05:52	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2007-10-19 03:23	---------	d-----w	C:\Program Files\Windows Live Toolbar
2007-10-19 03:21	---------	d-----w	C:\Program Files\Symantec
2007-10-19 03:18	---------	d-----w	C:\Program Files\MSN Messenger
2007-10-19 03:16	---------	d-----w	C:\Program Files\Microsoft IntelliPoint
2007-10-19 03:16	---------	d-----w	C:\Program Files\ltmoh
2007-10-19 03:15	---------	d-----w	C:\Program Files\iTunes
2007-10-19 03:06	---------	d-----w	C:\Program Files\Common Files\Motive
2007-10-19 02:48	---------	d-----w	C:\Documents and Settings\Philip Yu\Application Data\Symantec
2007-10-19 02:44	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Symantec
2007-10-13 18:52	---------	d-----w	C:\Program Files\Java
2007-10-12 20:43	---------	d-----w	C:\Program Files\BitComet
2007-10-08 15:33	---------	d-----w	C:\Documents and Settings\Philip Yu\Application Data\U3
2007-10-01 22:50	---------	d-----w	C:\Program Files\Common Files\Adobe
2007-10-01 22:45	---------	d-----w	C:\Documents and Settings\Philip Yu\Application Data\AdobeUM
2007-09-28 23:00	---------	d--h--w	C:\Documents and Settings\Philip Yu\Application Data\Move Networks
2007-09-25 20:26	---------	d-----w	C:\Program Files\Apple Software Update
2007-09-25 04:48	---------	d-----w	C:\Program Files\TELUS eCare
2007-09-20 21:05	---------	d-----w	C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2007-09-20 16:36	---------	d-----w	C:\Documents and Settings\Philip Yu\Application Data\Motive
2007-09-20 04:06	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Motive
2007-09-02 05:21	---------	d-----w	C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-24 19:51	---------	d-----w	C:\Program Files\StepMania
2007-08-21 06:15	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-07-31 01:19	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-07-31 01:19	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
2007-07-31 01:19	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-07-31 01:19	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
2007-07-31 01:19	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
2007-07-31 01:19	271,224	----a-w	C:\WINDOWS\system32\mucltui.dll
2007-07-31 01:19	207,736	----a-w	C:\WINDOWS\system32\muweb.dll
2007-07-31 01:19	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
2007-07-31 01:19	1,712,984	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-07-31 01:18	33,624	----a-w	C:\WINDOWS\system32\wups.dll
2007-02-22 00:32	8	-c--a-w	C:\Documents and Settings\Philip Yu\Application Data\usb.dat.bin
2006-12-07 04:39	25,704	-c--a-w	C:\Documents and Settings\Philip Yu\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_23.49.02.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-11 15:41:46	53,166	-c--a-w	C:\WINDOWS\system32\perfc009.dat
+ 2007-10-20 05:51:00	53,166	----a-w	C:\WINDOWS\system32\perfc009.dat
- 2007-03-11 15:41:46	380,918	-c--a-w	C:\WINDOWS\system32\perfh009.dat
+ 2007-10-20 05:51:00	380,918	----a-w	C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 16:29 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 01:49 C:\WINDOWS\RTHDCPL.exe]
"NDSTray.exe"="NDSTray.exe" []
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 07:20]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 18:13]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 14:25]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 16:02]
"TFncKy"="TFncKy.exe" []
"TDispVol"="TDispVol.exe" [2005-03-11 17:03 C:\WINDOWS\system32\TDispVol.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 13:37]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-27 23:55]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-27 23:52]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-27 23:55]
"TPSMain"="TPSMain.exe" [2005-05-31 21:00 C:\WINDOWS\system32\TPSMain.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-04-12 12:30]
"CFSServ.exe"="CFSServ.exe" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-02 07:09]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-23 17:26]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"Motive SmartBridge"="C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe" [2007-09-24 22:27]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-14 10:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 02:32]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-19 08:13]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []

C:\Documents and Settings\Philip Yu\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-03-17 14:06:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-13 12:32:44]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-02-21 09:29:18]
TELUS eCare.lnk - C:\Program Files\TELUS eCare\bin\matcli.exe [2007-09-24 22:27:32]

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-16 04:54:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-21 23:18:08 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-20 02:00:29 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Philip Yu.job"
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-21 17:20:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully 
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-21 17:20:55
C:\ComboFix2.txt ... 2007-10-19 23:50
.
--- E O F ---


----------



## 123688 (Oct 5, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:23 PM, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 15020 bytes


----------



## Cookiegal (Aug 27, 2003)

Please navigate to this file. You will have to unhide files first:

Click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders".
Click "Apply" then "OK".

Go to Start > Search - All Files and Folders and under "More advanced search options". 
Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

C:\Documents and Settings\Default User\Local Settings\Temp\*iehome.bat *

Right-click on it (be carefuly not to left click as we don't want to run it) and select "edit" and it will open up in Notepad. Copy and paste the contents here please.


----------



## 123688 (Oct 5, 2006)

it says there are no search results to display


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## 123688 (Oct 5, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:36 AM, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')
O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14932 bytes


----------



## Cookiegal (Aug 27, 2003)

Can you not find it by navigating to its location? It's showing in the log.

C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat


----------



## 123688 (Oct 5, 2006)

i went to the folder by typing C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat but it says it cant find the file. But I typed in C:\Documents and Settings\Default User\Local Settings\Temp and that worked but the folder is empty.


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*O4 - S-1-5-18 Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'SYSTEM')

O4 - .DEFAULT Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')

O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')*

Reboot and post a new HijackThis log please.


----------



## 123688 (Oct 5, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:07:15 PM, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14526 bytes


----------



## Cookiegal (Aug 27, 2003)

How are things now?


----------



## 123688 (Oct 5, 2006)

I still dont have the icon to my touchpad on the right hand corner of the screen? My touchpad is always double clickin when i touch it twice and it didnt before cause I used the button on the laptop.


----------



## Cookiegal (Aug 27, 2003)

Synaptics was infected but cleaning it doesn't seem to get it working properly so it may have been damaged. Try reinstalling the software and drivers. Let me know how it goes please.


----------



## 123688 (Oct 5, 2006)

where can I reinstall the driver? and how do I get another one


----------



## Cookiegal (Aug 27, 2003)

Try just reinstalling the drivers first. That may be all you need to do.

http://www.synaptics.com/support/drive.cfm


----------



## 123688 (Oct 5, 2006)

I downloaded the Windows 2000/XP v8.3.4 version. I opened it up in WinRar but there are so many files. I dont know how to use WInrar well. Can you please tell me what to do?
Thanks


----------



## Cookiegal (Aug 27, 2003)

Is there a ReadMe.txt file in there? If so, that should explain what to do.


----------



## 123688 (Oct 5, 2006)

Im not able to find a ReadMe text


----------



## Cookiegal (Aug 27, 2003)

Who is the manufacturer of your computer?

I see this on Synaptic's website. The ones I pointed you to are generic so don't use them.

*To ensure that you get the appropriate device driver for your system, download your Synaptics device driver from your system manufacturer's support website.*


----------



## 123688 (Oct 5, 2006)

the manufacturer is toshiba


----------



## Cookiegal (Aug 27, 2003)

What is the exact model of your Toshiba?


----------



## 123688 (Oct 5, 2006)

Toshiba Satellite A100


----------



## Cookiegal (Aug 27, 2003)

Apparently there's more to the model than just A-100. There should be other letters and numbers that follow, such as: A100-S2211TD


----------



## 123688 (Oct 5, 2006)

Do you know where I can find it on my system? The closest I can get is A100-SK4


----------



## Cookiegal (Aug 27, 2003)

Do you have your product recovery disks? You should be able to reinstall the drivers for the Touchpad from there.


Insert Product Recovery CD-ROM #1. 
From the pop up window choose install applications and drivers 
Choose "Synaptic touchpad utility", and install it 
After the installation is finished you should restart the notebook


----------



## 123688 (Oct 5, 2006)

my laptop didn't come with recovery disks. Is there another way to do this?


----------



## Triple6 (Dec 26, 2002)

Is the full Toshiba model on the bottom of the laptop? Usually its there on a sticker.

Also, Toshiba's can have the original drivers on the hard drive. I can't remember the exact name of the folder but its located in the root of the C drive, perhaps Drivers.

Also if you go to the Control Panel, and then to Mouse, you may have the Synaptics settings still there. Possibly only the system tray icon is missing.

The generic Synaptics drivers generally work fine on most laptops. Once you extrct all the files in the archive you've downloaded run the Setup.exe file to install them.


----------



## Cookiegal (Aug 27, 2003)

Thanks Rob. :up:


----------



## JohnWill (Oct 19, 2002)

I've used the Synaptics drivers from the Synaptics site for both of my laptops, they have worked fine. They're normally later than the ones at the laptop maker's site as well.


----------



## 123688 (Oct 5, 2006)

Thanks for all of your guys help so far. I really appreciate it.
I checked the bottom for a sticker and the model number is: PSAA8C-SK400E

I went to mouse on control panel and a pop up for my wireless mouse that i used from before came up but now I am not using the mouse.


----------



## Triple6 (Dec 26, 2002)

If you don't use it anymore then you can go to Add or Remove Programs and uninstall that software.

If you want the Toshiba Touchpad software and drivers then use that new number we found and download it from here: http://support.toshiba.ca/support/Download/ln_byModel.asp#

Or the direct download link: http://support.toshiba-tro.de/tools/Satellite/sa100/xp/tpdrv-sa100-psaa-xp-8292.zip


----------



## 123688 (Oct 5, 2006)

I have fixed my touch pad problem. But lately now the laptop has been freezing up and always displaying internet explorer error reports.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:28 PM, on 01/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 14671 bytes


----------



## Cookiegal (Aug 27, 2003)

Can you tell us how you fixed it please?


----------



## 123688 (Oct 5, 2006)

I went to the Toshiba site that Triple gave and downloaded it and installed the program. I have gotten back my icon back and the pad doesnt click when i double touch the pad. The error reports and sponatneous freeze episodes also occured before my touch pad was infected.


----------



## Cookiegal (Aug 27, 2003)

Download *WinPFind3U.exe* to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program.

In the *Processes * group click *ALL* 
In the *Win32 Services * group click *ALL* 
In the *Driver Services * group click *ALL* 
In the *Registry * group click *ALL* 
In the *Files Created Within* group click *60 days* Make sure Non-Microsoft only is *UNCHECKED*
In the *Files Modified Within* group select *30 days* Make sure Non-Microsoft only is *UNCHECKED*
In the *File String Search* group select *ALL*
in the *Additional Scans* sections please press select *ALL* 
Now click the *Run Scan* button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file but click on the "Format" menu and make sure that "word wrap" is not checked. If it is then click on it to uncheck it.
Please post the resulting log here as an attachment.


----------



## 123688 (Oct 5, 2006)

i have attached the file


----------



## Cookiegal (Aug 27, 2003)

Disconnect from the Internet and disable your anti-virus and firewall programs. *Be sure to remember to re-start them before going on-line again.*

Open the WinPFind3u folder and double-click on *WinPFind3U.exe* to start the program. Copy and paste the information in the box below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Post the latest .log file from the WinPFind3u folder (it will have a name in the format mmddyyyy_hhmmss.log) back here along with a new HijackThis log please.



> [Kill Explorer]
> [Files/Folders - Created Within 60 days]
> NY -> 1463.tmp -> %SystemDrive%\1463.tmp
> [Files/Folders - Modified Within 30 days]
> ...


----------



## 123688 (Oct 5, 2006)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:13 PM, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\TELUS eCare\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Philip Yu\Desktop\WinPFind3u\WinPFind3U.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.mytelus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: TELUS eCare.lnk = C:\Program Files\TELUS eCare\bin\matcli.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/229?4b205ee77c694541a2f309dfc07dd63b
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ca\msntabres.dll.mui/230?4b205ee77c694541a2f309dfc07dd63b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 15347 bytes


----------



## Cookiegal (Aug 27, 2003)

The HijackThis log looks good. Are you still having problems?


----------



## 123688 (Oct 5, 2006)

So far it has been running fine. Is there anything to make my computer run faster?


----------



## 123688 (Oct 5, 2006)

Is it because I use IE and not firefox?


----------



## Cookiegal (Aug 27, 2003)

No, it could be because you have too many items set to run at startup.

You can delete the ComboFix utility and delete this folder, which is where ComboFix stores deleted files as backups:

C:\*Qoobox*

Here are some final instructions for you.

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

Delete Temporary Files:

Go to *Start* - *Run* and type in *cleanmgr* and click OK. 
Let it scan your system for files to remove. 
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked. 
Press OK to remove them.

***

You should trim down your start-ups as there are too many running. You can research them at these sites and if they arent required at start-up then you can uncheck them in msconfig via Start - Run - type msconfig click OK and then click on the start-up tab.

http://castlecops.com/StartupList.html
http://www.bleepingcomputer.com/startups/
http://www.windowsstartup.com/wso/index.php


----------

