Check on these and the following & ActiveX objects: (check against virustotal.com)
If found suspicious cleanse using BHO-demon: http://majorgeeks.com/downloadget.php?id=3550&file=15&evp=245a87539eea8ed6904332b4b8b8442d
Check the following entries -
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Deluxe 6.0\ReminderApp.exe see below
Unknown application.
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp.cab
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words ‘dialer’, ‘casino’, ‘free plugin’ etc, it should be fixed!
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/install/Crusher.cab
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words ‘dialer’, ‘casino’, ‘free plugin’ etc, it should be fixed! O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} (TIClientControl Object) - https://techinline.net/Client/TIClient.cab
Very safe
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words ‘dialer’, ‘casino’, ‘free plugin’ etc, it should be fixed!
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words ‘dialer’, ‘casino’, ‘free plugin’ etc, it should be fixed!
O24 - Desktop Component 0: (no name) - http://i8.ebayimg.com/05/i/08/3d/0d/5d_3.JPG
O24 - Desktop Component 1: (no name) - http://images.andale.com/115/106/2269252/2006/10/10/73tx650_1.jpg
O24 - Desktop Component 2: (no name) - http://omarsdtr.com/bedwards.jpg
Short analysis
Check on the following unknown tasks"
ZuneBusEnum.exe
Description: File ZuneBusEnum.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 61,856 bytes (65% of all occurrence), 59,296 bytes, 61,872 bytes, 60,032 bytes.
There is no description of the program. The program is not visible. File ZuneBusEnum.exe is certified by a trustworthy company. File ZuneBusEnum.exe is not a Windows system file. The process listens for or sends data on open ports to LAN or Internet. The application can be removed using the control panel Add\Remove programs applet. Therefore the technical security rating is 48% dangerous, however also read the users reviews.
Some malware camouflage themselves as ZuneBusEnum.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the ZuneBusEnum.exe process on your pc whether it is pest.
ReminderApp.exe
Some malware camouflage themselves as ReminderApp.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the ReminderApp.exe process on your pc whether it is pest.
Consider this cleansing procedure:
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t245332.html
polonus