 Generic 13.atph & listr trojans |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
  Jun 29 2009, 06:17 PM
Post
#1
|
|
|
New Member  Group: Members Posts: 10 Joined: 29-June 09 Member No.: 346,654  |
I'm running into issues with Generic 13.atph and listr trojans. I'll try to run another scan on regular startup mode, but for now all I can get you is the stuff from safe mode. Something's leading me to windowsclick sites, and my computer's slowing to a crawl that firefox won't even boot anymore. At first notice of the issue, iexplorer was trying to open on its own. Any help is appreciated. Thanks! DDS (Ver_09-06-26.01) - NTFSx86 NETWORK Run by Alex Cheng at 15:56:07.32 on Mon 06/29/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1.#QNAN.2984 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex Cheng\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart uSearch Bar = hxxp://www.toshiba.com/search uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\docume~1\admini~1\locals~1\temp\wzse1.tmp\GoogleAFE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [Google Update] "c:\documents and settings\alex cheng\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe uRun: [Aim6] mRun: [00THotkey] c:\windows\system32\00THotkey.exe mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe mRun: [000StTHK] 000StTHK.exe mRun: [TFNF5] TFNF5.exe mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [TRot.exe] c:\program files\toshiba\toshiba rotation utility\TRot.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe" mRun: [NDSTray.exe] NDSTray.exe mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe mRun: [ThpSrv] c:\windows\system32\thpsrv /logon mRun: [TFncKy] TFncKy.exe mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [TPSMain] TPSMain.exe mRun: [TPSODDCtl] TPSODDCtl.exe mRun: [TOSDCR] TOSDCR.EXE mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [TabletWizard] c:\windows\help\SplshWrp.exe mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [net] "c:\windows\system32\net.net" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\alexch~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll Notify: psfus - psqlpwd.dll Notify: TabBtnWL - TabBtnWL.dll Notify: tpgwlnotify - tpgwlnot.dll Notify: TSigNP - TSigNP.dll AppInit_DLLs: c:\progra~1\manson\liser.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli psqlpwd ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alexch~1\applic~1\mozilla\firefox\profiles\5ro7qjhq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\alex cheng\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\alex cheng\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\alex cheng\local settings\application data\huludesktop\instances\0.9.6.1\npHDPlg.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-12 6144] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 108552] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-5-12 8832] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-5-12 14208] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 327688] S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-14 27784] S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-12 5888] S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-14 298776] S2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568] S2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024] S2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2006-5-12 14336] S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2009-5-12 151552] S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536] S2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456] S2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-4 124928] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-3-24 98560] S2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-12 126976] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-26 24652] S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2009-5-12 19584] =============== Created Last 30 ================ 2009-06-29 01:52 <DIR> --dsh--- c:\documents and settings\alex cheng\PrivacIE 2009-06-29 01:52 10 a------- c:\windows\system32\kr_done1 2009-06-29 01:52 8 a------- c:\windows\system32\comsa32.sys 2009-06-29 01:52 <DIR> --dshr-- c:\program files\Manson 2009-06-19 03:35 <DIR> --d----- c:\program files\Windows Media Connect 2 2009-06-19 03:33 <DIR> --d----- c:\windows\system32\LogFiles 2009-06-10 16:16 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-10 16:16 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-10 16:16 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-06-10 16:16 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-06-09 15:43 <DIR> --d----- c:\program files\Altitude 2009-06-06 17:44 <DIR> --dsh--- c:\documents and settings\alex cheng\IETldCache 2009-06-06 10:34 <DIR> --d----- c:\windows\ie8updates 2009-06-06 10:33 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-06-06 10:31 <DIR> -cd-h--- c:\windows\ie8 2009-06-02 08:35 <DIR> --d----- c:\program files\iPod 2009-06-02 08:35 <DIR> --d----- c:\program files\iTunes 2009-06-01 11:30 <DIR> --d----- c:\program files\PostgreSQL 2009-06-01 11:24 <DIR> --d----- c:\program files\PokerTracker 3 2009-06-01 08:45 2,838 a------- c:\windows\machine.ver ==================== Find3M ==================== 2009-06-23 21:33 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-23 21:33 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-14 02:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-12 05:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_PulseUsb_01007.Wdf 2009-05-12 05:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-05-08 20:32 95,411 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll 2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll 2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll 2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll 2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll 2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 13:25 129,784 -------- c:\windows\system32\pxafs.dll 2009-04-15 13:25 120,056 -------- c:\windows\system32\pxcpyi64.exe 2009-04-15 13:25 118,520 -------- c:\windows\system32\pxinsi64.exe 2009-04-15 13:24 90,112 a------- c:\windows\system32\dpl100.dll 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll ============= FINISH: 15:58:11.10 =============== |
 |
 
|
|
Jun 30 2009, 01:09 AM
Post
#2
|
|
|
New Member Group: Members Posts: 10 Joined: 29-June 09 Member No.: 346,654 |
Hey guys, this is my second run at this, without safe mode.... I wonder if it makes a difference at all in the first place, but I figured it couldn't hurt. Thanks again in advance.
DDS (Ver_09-06-26.01) - NTFSx86 Run by Alex Cheng at 16:26:51.70 on Mon 06/29/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2430 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\WINDOWS\system32\thpsrv.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SkyTel.EXE C:\WINDOWS\system32\igfxext.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxpers.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe C:\Program Files\Apoint2K\Apntex.exe svchost.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\sopidkc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\Program Files\iTunes\iTunes.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex Cheng\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart uSearch Bar = hxxp://www.toshiba.com/search uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\docume~1\admini~1\locals~1\temp\wzse1.tmp\GoogleAFE.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [Google Update] "c:\documents and settings\alex cheng\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe uRun: [Aim6] mRun: [00THotkey] c:\windows\system32\00THotkey.exe mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe mRun: [000StTHK] 000StTHK.exe mRun: [TFNF5] TFNF5.exe mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [TRot.exe] c:\program files\toshiba\toshiba rotation utility\TRot.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe" mRun: [NDSTray.exe] NDSTray.exe mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe mRun: [ThpSrv] c:\windows\system32\thpsrv /logon mRun: [TFncKy] TFncKy.exe mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [TPSMain] TPSMain.exe mRun: [TPSODDCtl] TPSODDCtl.exe mRun: [TOSDCR] TOSDCR.EXE mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [TabletWizard] c:\windows\help\SplshWrp.exe mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [net] "c:\windows\system32\net.net" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\alexch~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll Notify: psfus - psqlpwd.dll Notify: TabBtnWL - TabBtnWL.dll Notify: tpgwlnotify - tpgwlnot.dll Notify: TSigNP - TSigNP.dll AppInit_DLLs: c:\progra~1\manson\liser.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli psqlpwd ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alexch~1\applic~1\mozilla\firefox\profiles\5ro7qjhq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\alex cheng\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\alex cheng\local settings\application data\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\alex cheng\local settings\application data\huludesktop\instances\0.9.6.1\npHDPlg.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-12 6144] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-14 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 108552] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-12 5888] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-14 298776] R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568] R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024] R2 msncache;msncache;c:\windows\system32\svchost.exe -k netsvcs [2006-5-12 14336] R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2009-5-12 151552] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536] R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456] R2 sopidkc;sopidkc Service;c:\windows\system32\sopidkc.exe [2004-8-4 124928] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-3-24 98560] R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-12 126976] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-5-12 8832] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-5-12 14208] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-26 24652] S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2009-5-12 19584] =============== Created Last 30 ================ 2009-06-29 01:52 <DIR> --dsh--- c:\documents and settings\alex cheng\PrivacIE 2009-06-29 01:52 10 a------- c:\windows\system32\kr_done1 2009-06-29 01:52 8 a------- c:\windows\system32\comsa32.sys 2009-06-29 01:52 <DIR> --dshr-- c:\program files\Manson 2009-06-19 03:35 <DIR> --d----- c:\program files\Windows Media Connect 2 2009-06-19 03:33 <DIR> --d----- c:\windows\system32\LogFiles 2009-06-10 16:16 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll 2009-06-10 16:16 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll 2009-06-10 16:16 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll 2009-06-10 16:16 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll 2009-06-09 15:43 <DIR> --d----- c:\program files\Altitude 2009-06-06 17:44 <DIR> --dsh--- c:\documents and settings\alex cheng\IETldCache 2009-06-06 10:34 <DIR> --d----- c:\windows\ie8updates 2009-06-06 10:33 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll 2009-06-06 10:31 <DIR> -cd-h--- c:\windows\ie8 2009-06-02 08:35 <DIR> --d----- c:\program files\iPod 2009-06-02 08:35 <DIR> --d----- c:\program files\iTunes 2009-06-01 11:30 <DIR> --d----- c:\program files\PostgreSQL 2009-06-01 11:24 <DIR> --d----- c:\program files\PokerTracker 3 2009-06-01 08:45 2,838 a------- c:\windows\machine.ver ==================== Find3M ==================== 2009-06-23 21:33 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-23 21:33 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-14 02:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-12 05:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_PulseUsb_01007.Wdf 2009-05-12 05:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-05-08 20:32 95,411 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll 2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll 2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll 2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll 2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll 2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 13:25 129,784 -------- c:\windows\system32\pxafs.dll 2009-04-15 13:25 120,056 -------- c:\windows\system32\pxcpyi64.exe 2009-04-15 13:25 118,520 -------- c:\windows\system32\pxinsi64.exe 2009-04-15 13:24 90,112 a------- c:\windows\system32\dpl100.dll 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll ============= FINISH: 16:29:23.12 ===============
Attached File(s)
|
|
|
|
|
Jul 3 2009, 06:14 PM
Post
#3
|
|
 Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Hello and welcome to Bleeping Computer.
My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would be grateful if you would note the following:
First I would like to see a new log since alot could have changed since your origional post.
Thanks --------------------  Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
Jul 3 2009, 11:16 PM
Post
#4
|
|
|
New Member Group: Members Posts: 10 Joined: 29-June 09 Member No.: 346,654 |
Hi Syler, thanks for your help.
The problems are seemingly gone now: I leave my computer on overnight, and AVG does its typical scans when I'm away. Should I disable that? Logfile of random's system information tool 1.06 (written by random/random) Run by Alex Cheng at 2009-07-03 21:06:39 Microsoft Windows XP Professional Service Pack 3 System drive C: has 63 GB (66%) free of 95 GB Total RAM: 3319 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:06:56 PM, on 7/3/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\WINDOWS\system32\thpsrv.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SkyTel.EXE C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\WINDOWS\system32\mshta.exe C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Pidgin\pidgin.exe C:\toshiba\ivp\netint\netint.exe C:\toshiba\ivp\ism\ivpsvmgr.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Alex Cheng\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Alex Cheng.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE1.TMP\GoogleAFE.dll (file missing) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TRot.exe] c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe O4 - HKUS\S-1-5-21-102128359-1042325796-3802484420-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'postgres') O4 - HKUS\S-1-5-21-102128359-1042325796-3802484420-1006\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'postgres') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: TSigNP - C:\WINDOWS\SYSTEM32\TSigNP.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Livescribe Pulse Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 13844 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-102128359-1042325796-3802484420-1005Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-102128359-1042325796-3802484420-1005UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-14 1107224] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-05-12 720896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE1.TMP\GoogleAFE.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-05-12 720896] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2006-04-26 258048] "CrossMenu"=C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe [2006-04-12 798720] "000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576] "TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2006-04-10 622592] "SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-05-23 122880] "TRot.exe"=c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe [2005-11-29 266240] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608] "TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976] "LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203] "TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152] "NDSTray.exe"=NDSTray.exe [] "TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2005-12-14 126976] "TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2006-02-22 86016] "TAcelMgr"=C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe [2004-12-16 90112] "TSkrMain"=C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe [2004-06-30 49152] "ThpSrv"=C:\WINDOWS\system32\thpsrv /logon [] "TFncKy"=TFncKy.exe [] "PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208] "DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-12 299008] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-09 16207360] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-04-24 1448960] "TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2006-04-24 315392] "TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2006-04-24 110592] "TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-13 57344] "Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784] "Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552] "TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2008-04-13 16384] "TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2008-04-13 271872] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182] "Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2007-05-30 520192] "LDTray"=C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe [2009-05-11 419136] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952] "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168] "MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-23 1948440] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-05-30 292136] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536] "Google Update"=C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-06 133104] "LDTray"=C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe [2009-05-11 419136] C:\Documents and Settings\All Users\Start Menu\Programs\Startup RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe C:\Documents and Settings\Alex Cheng\Start Menu\Programs\Startup Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-06-23 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey] C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2008-04-13 47104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL] C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify] C:\WINDOWS\system32\tpgwlnot.dll [2008-04-13 32256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TSigNP] C:\WINDOWS\system32\TSigNP.dll [2006-03-02 53248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader" "C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine" "C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Documents and Settings\Alex Cheng\Desktop\utorrent.exe"="C:\Documents and Settings\Alex Cheng\Desktop\utorrent.exe:*:Enabled:µTorrent" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Pidgin\pidgin.exe"="C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Altitude\altitude.exe"="C:\Program Files\Altitude\altitude.exe:*:Enabled:altitude" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2009-07-03 21:06:39 ----D---- C:\rsit 2009-07-01 17:09:45 ----D---- C:\Documents and Settings\Alex Cheng\Application Data\Gamelab 2009-07-01 17:08:37 ----D---- C:\Program Files\Miss Management 2009-07-01 02:55:50 ----SHD---- C:\RECYCLER 2009-06-30 16:19:02 ----A---- C:\ComboFix.txt 2009-06-30 15:50:57 ----A---- C:\WINDOWS\zip.exe 2009-06-30 15:50:57 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-06-30 15:50:57 ----A---- C:\WINDOWS\SWSC.exe 2009-06-30 15:50:57 ----A---- C:\WINDOWS\SWREG.exe 2009-06-30 15:50:57 ----A---- C:\WINDOWS\sed.exe 2009-06-30 15:50:57 ----A---- C:\WINDOWS\PEV.exe 2009-06-30 15:50:57 ----A---- C:\WINDOWS\NIRCMD.exe 2009-06-30 15:50:57 ----A---- C:\WINDOWS\grep.exe 2009-06-30 15:48:24 ----D---- C:\WINDOWS\ERDNT 2009-06-30 15:42:44 ----D---- C:\Qoobox 2009-06-30 15:20:43 ----D---- C:\Avenger 2009-06-30 15:20:43 ----A---- C:\avenger.txt 2009-06-30 09:26:11 ----N---- C:\Eula.txt 2009-06-30 09:26:11 ----A---- C:\autorunsc.exe 2009-06-30 09:26:11 ----A---- C:\autoruns.exe 2009-06-30 09:02:35 ----D---- C:\Program Files\Trend Micro 2009-06-29 15:23:04 ----SHD---- C:\WINDOWS\CSC 2009-06-29 13:22:23 ----A---- C:\WINDOWS\ntbtlog.txt 2009-06-29 01:52:27 ----RSHD---- C:\Program Files\Manson 2009-06-24 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2009-06-24 03:01:49 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2009-06-24 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$ 2009-06-24 03:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2009-06-24 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$ 2009-06-23 23:18:08 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-06-19 03:35:45 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-06-19 03:35:44 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2009-06-19 03:35:21 ----D---- C:\Program Files\Windows Media Connect 2 2009-06-19 03:34:59 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2009-06-19 03:33:48 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-06-19 03:33:01 ----D---- C:\WINDOWS\system32\LogFiles 2009-06-19 03:32:54 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$ 2009-06-11 03:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-11 03:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-11 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-11 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-06-09 15:43:52 ----D---- C:\Program Files\Altitude 2009-06-09 12:56:16 ----A---- C:\WINDOWS\system32\javaws.exe 2009-06-09 12:56:16 ----A---- C:\WINDOWS\system32\javaw.exe 2009-06-09 12:56:16 ----A---- C:\WINDOWS\system32\java.exe 2009-06-09 12:47:07 ----D---- C:\WINDOWS\Minidump 2009-06-06 10:34:25 ----D---- C:\WINDOWS\ie8updates 2009-06-06 10:33:19 ----D---- C:\WINDOWS\WBEM 2009-06-06 10:31:41 ----HDC---- C:\WINDOWS\ie8 ======List of files/folders modified in the last 1 months====== 2009-07-03 21:02:10 ----D---- C:\Documents and Settings\Alex Cheng\Application Data\.purple 2009-07-03 20:58:40 ----D---- C:\Documents and Settings\Alex Cheng\Application Data\uTorrent 2009-07-03 13:31:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-03 06:17:40 ----D---- C:\WINDOWS\Temp 2009-07-03 04:04:13 ----HD---- C:\$AVG8.VAULT$ 2009-07-02 20:50:35 ----D---- C:\Program Files\Full Tilt Poker 2009-07-02 15:07:21 ----D---- C:\Program Files\Mozilla Firefox 2009-07-01 17:08:42 ----D---- C:\Program Files 2009-07-01 08:51:04 ----D---- C:\WINDOWS 2009-06-30 21:26:06 ----SD---- C:\WINDOWS\Tasks 2009-06-30 16:19:04 ----D---- C:\WINDOWS\system32\drivers 2009-06-30 16:19:04 ----D---- C:\WINDOWS\system32 2009-06-30 16:18:10 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-06-30 16:18:01 ----D---- C:\WINDOWS\system32\CatRoot2 2009-06-30 16:15:44 ----A---- C:\WINDOWS\system.ini 2009-06-30 16:15:31 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt 2009-06-30 16:13:21 ----D---- C:\WINDOWS\system32\config 2009-06-30 16:11:15 ----D---- C:\WINDOWS\AppPatch 2009-06-30 16:11:04 ----D---- C:\Program Files\Common Files 2009-06-30 15:50:52 ----D---- C:\WINDOWS\Prefetch 2009-06-30 00:13:10 ----HD---- C:\WINDOWS\inf 2009-06-29 15:02:02 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-06-25 18:44:40 ----D---- C:\Documents and Settings\Alex Cheng\Application Data\Move Networks 2009-06-24 03:02:37 ----D---- C:\WINDOWS\system32\CatRoot 2009-06-24 03:01:53 ----A---- C:\WINDOWS\imsins.BAK 2009-06-23 21:33:06 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2009-06-19 03:35:30 ----A---- C:\WINDOWS\win.ini 2009-06-19 03:35:21 ----D---- C:\Program Files\Windows Media Player 2009-06-19 03:35:16 ----D---- C:\WINDOWS\Help 2009-06-18 19:11:12 ----D---- C:\Documents and Settings\Alex Cheng\Application Data\gtk-2.0 2009-06-11 17:47:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-06-11 03:03:53 ----D---- C:\Program Files\Internet Explorer 2009-06-11 03:03:39 ----HD---- C:\WINDOWS\$hf_mig$ 2009-06-09 12:56:26 ----SHD---- C:\WINDOWS\Installer 2009-06-09 12:56:02 ----D---- C:\Program Files\Java 2009-06-09 09:15:58 ----D---- C:\Program Files\Common Files\DivX Shared 2009-06-07 22:08:22 ----D---- C:\Program Files\DivX 2009-06-06 10:33:19 ----D---- C:\WINDOWS\system32\en-us 2009-06-06 10:33:10 ----D---- C:\WINDOWS\Media 2009-06-04 03:44:37 ----D---- C:\Documents and Settings\Alex Cheng\Application Data\Mp3tag ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-06-23 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-23 27784] R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-14 108552] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384] R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-16 5888] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2000-01-05 21275] R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-05-12 8552] R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [] R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [] R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568] R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys [] R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-03-24 98560] R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 catchme;catchme; \??\C:\DOCUME~1\ALEXCH~1\LOCALS~1\Temp\catchme.sys [] R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-09 4273152] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] R3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver; C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 8832] R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560] R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-04-25 43776] R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096] R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2008-04-13 14208] S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys [] S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys [] S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200] S3 PulseUsb;Livescribe Pulse Smartpen USB Driver; C:\WINDOWS\system32\DRIVERS\PulseUsb.sys [2009-02-26 19584] S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-23 298776] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960] R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984] R2 PenCommService;Livescribe Pulse Smartpen Service; C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe [2009-03-30 151552] R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745] R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2005-07-12 40960] R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2006-05-11 176128] R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2005-12-14 126976] R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2005-12-20 114688] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-07-03 21:06:58 ======Uninstall list====== -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\system32\RunDll32.Exe C:\WINDOWS\system32\SetupAPI.Dll,InstallHinfSection DefaultUninstall.NTx86 4 C:\WINDOWS\INF\tdudf.Inf -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Agilix GoBinder Lite-->MsiExec.exe /I{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA} AIM 6-->C:\Program Files\AIM6\uninst.exe ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL Altitude 1.0.0-->C:\Program Files\Altitude\uninstall.exe Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Aspell English Dictionary-0.50-2-->"C:\Program Files\Aspell\unins001.exe" AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bejeweled 2 Deluxe-->"C:\Program Files\Toshiba Games\Bejeweled 2 Deluxe\Uninstall.exe" Blasterball 2 Revolution-->"C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe" Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B} Catan Online World-->C:\Program Files\Catan GmbH\Catan Online World 2\uninst.exe CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9 Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver FATE-->"C:\Program Files\Toshiba Games\FATE\Uninstall.exe" FranklinCovey TabletPlanner-->MsiExec.exe /I{20348F6A-38D0-45F6-A103-C6FB2CD5695B} Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly GNU Aspell 0.50-3-->"C:\Program Files\Aspell\unins000.exe" Google AFE-->regsvr32 /u /s "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE1.TMP\GoogleAFE.dll" Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Ink Art-->MsiExec.exe /I{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443} Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 Intel® PRO Network Connections Drivers-->Prounstl.exe Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes Lyrics Importer-->C:\Program Files\iLyrics\Uninstall.exe iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Livescribe™ Desktop-->"C:\Program Files\InstallShield Installation Information\{ABB977BD-2CBF-4C4D-BB4C-AB415AA42DAA}\setup.exe" -runfromtemp -l0x0009 -removeonly mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11 Microsoft Education Pack for Windows XP Tablet PC Edition-->MsiExec.exe /I{40FFC202-F842-44C7-ACBE-8B0EA690B1A3} Microsoft Energy Blue Theme Pack-->MsiExec.exe /I{FA7314E7-9428-4866-80A8-762A538444DB} Microsoft Experience Pack for Tablet PC-->MsiExec.exe /I{C12EB29D-9D64-4ACA-84C2-33D8729AABD3} Microsoft Ink Crossword-->MsiExec.exe /I{1759CACC-6CF9-4C3C-92C5-39668679AB17} Microsoft Ink Desktop-->MsiExec.exe /I{0759CACC-6CF9-4C3C-92C5-39668679AB16} Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe" Microsoft Media Transfer-->MsiExec.exe /X{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6} Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Snipping Tool 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8853C080-7F5C-4020-B663-C57FE29BB858}\setup.exe" -l0x9 -removeonly Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} MyConnect Special Offer-->MsiExec.exe /I{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726} OpenOffice.org 3.0-->MsiExec.exe /I{53AD2725-3987-4FE6-B4E0-D4F4E43DE7A0} PFPortChecker 1.0.28-->C:\Program Files\PFPortChecker\uninst.exe Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe Plants vs. Zombies-->C:\Program Files\PopCap Games\Plants vs. Zombies\PopUninstall.exe "C:\Program Files\PopCap Games\Plants vs. Zombies\Install.log" PokerTracker 3 (remove only)-->"C:\Program Files\PokerTracker 3\uninstall.exe" Polar Golfer-->"C:\Program Files\Toshiba Games\Polar Golfer\Uninstall.exe" PostgreSQL 8.3-->MsiExec.exe /I{B823632F-3B72-4514-8861-B961CE263224} QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68} RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Samsung CLP-300 Series-->C:\Program Files\Samsung\Samsung CLP-300 Series\Install\Setup.exe /R SCRABBLE-->"C:\Program Files\Toshiba Games\SCRABBLE\Uninstall.exe" SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85} Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Smartpen Flash-->MsiExec.exe /I{2458AD0E-7C80-431B-9EEB-499FB020AE08} Tablet PC Tutorials for Microsoft Windows XP SP2-->MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8} Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033 TOSHIBA Accelerometer Utilities-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Acceleration Utilities\Uninst.isu" -c"C:\Program Files\TOSHIBA\Acceleration Utilities\SETUPSUB.dll" TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9 TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL TOSHIBA Direct Disc Writer-->MsiExec.exe /X{400830CA-F056-4BBE-80A3-9DF9CA4FB889} TOSHIBA Disc Creator-->MsiExec.exe /X{529DDE6B-4F31-438B-B218-F36266ABD8C0} TOSHIBA Display Devices Change Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5 TOSHIBA Game Console-->"C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\Uninstall.exe" TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40} TOSHIBA Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5 TOSHIBA Mobile Extension3 for Windows XP V3.82.00.XP-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll" TOSHIBA Password Utility-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74} /l1033 TOSHIBA PC Diagnostic Tool-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2C38F661-26B7-445D-B87D-B53FE2D3BD42} /l1033 TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll" Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74} TOSHIBA Rotation Utility-->MsiExec.exe /X{B7F4B477-8EA3-4028-B458-2AE5E4A9D853} TOSHIBA SD Memory Boot Utility-->MsiExec.exe /X{BBF5493A-05FB-4449-90DE-84A61EB78154} TOSHIBA SD Memory Card Format-->MsiExec.exe /X{00A87405-997C-4B75-9129-0338B08DE177} TOSHIBA Software Modem-->Tosmreg -U TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9 TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9 TOSHIBA Tablet Access Code Logon Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC971CEE-1480-479D-81AF-1CB4D10467B0}\setup.exe" -l0x9 -removeonly TOSHIBA TouchPad On/Off Utility V2.05.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24300A63-DD78-4AA5-A914-4D582C41D33A}\Setup.exe" -uninst TOSHIBA Utilities-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{56190F69-01D3-46CA-9861-43377C5E9B87} /l1033 TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe" Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B} Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Windows Driver Package - Livescribe (PulseUsb) Image (03/19/2009 2.0.12.1)-->C:\PROGRA~1\DIFX\5BE688ACC8BC158E\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\pulseusb_FF99CE5B366D5343AA753FCF2D593D899457AB24\pulseusb.inf Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\setup.exe" -l0x9 =====HijackThis Backups===== O23 - Service: sopidkc Service (sopidkc) - NewYork Lt - C:\WINDOWS\system32\sopidkc.exe [2009-06-30] O20 - AppInit_DLLs: c:\progra~1\Manson\liser.dll [2009-06-30] O23 - Service: sopidkc Service (sopidkc) - NewYork Lt - C:\WINDOWS\system32\sopidkc.exe [2009-06-30] O23 - Service: sopidkc Service (sopidkc) - NewYork Lt - C:\WINDOWS\system32\sopidkc.exe [2009-06-30] O23 - Service: sopidkc Service (sopidkc) - NewYork Lt - C:\WINDOWS\system32\sopidkc.exe [2009-06-30] O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing) [2009-06-30] O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing) [2009-06-30] ======Security center information====== AV: AVG Anti-Virus Free ======System event log====== Computer Name: Alex Event Code: 1000 Message: Your computer has lost the lease to its IP address 192.168.1.101 on the Network Card with network address 001302910F6E. Record Number: 60 Source Name: Dhcp Time Written: 20090506154819.000000-420 Event Type: error User: Computer Name: Alex Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001302910F6E. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 59 Source Name: Dhcp Time Written: 20090506154819.000000-420 Event Type: warning User: Computer Name: Alex Event Code: 36 Message: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Record Number: 10 Source Name: W32Time Time Written: 20090506155321.000000-420 Event Type: warning User: Computer Name: Alex Event Code: 34 Message: The time service has detected that the system time needs to be changed by +294520408 seconds. The time service will not change the system time by more than +54000 seconds. Verify that your time and time zone are correct, and that the time source time.nist.gov (ntp.m|0x1|192.168.1.101:123->192.43.244.18:123) is working properly. Record Number: 9 Source Name: W32Time Time Written: 20000105155304.000000-480 Event Type: error User: Computer Name: Alex Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 8 Source Name: Tcpip Time Written: 20000105155234.000000-480 Event Type: warning User: =====Application event log===== Computer Name: ALEX Event Code: 2001 Message: Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0. Record Number: 2273 Source Name: PerfDisk Time Written: 20090526002049.000000-420 Event Type: warning User: Computer Name: ALEX Event Code: 2001 Message: Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0. Record Number: 2272 Source Name: PerfDisk Time Written: 20090526002048.000000-420 Event Type: warning User: Computer Name: ALEX Event Code: 2001 Message: Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0. Record Number: 2271 Source Name: PerfDisk Time Written: 20090526002047.000000-420 Event Type: warning User: Computer Name: ALEX Event Code: 2001 Message: Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0. Record Number: 2270 Source Name: PerfDisk Time Written: 20090526002046.000000-420 Event Type: warning User: Computer Name: ALEX Event Code: 2001 Message: Unable to read the disk performance information from the system. Disk performance counters must be enabled for at least one physical disk or logical volume in order for these counters to appear. Disk performance counters can be enabled by using the Hardware Device Manager property pages. Status code returned is data DWORD 0. Record Number: 2269 Source Name: PerfDisk Time Written: 20090526002045.000000-420 Event Type: warning User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0e08 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "AFPHOME"=C:\Program Files\Livescribe\Livescribe Desktop\AfpHome "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF----------------- Thanks again for your help! |
|
|
|
|
Jul 4 2009, 12:51 AM
Post
#5
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
ComboFix should not be run unless requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Post the log that was created C:\combofix.txt. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player. -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
Jul 4 2009, 02:26 AM
Post
#6
|
|
|
New Member Group: Members Posts: 10 Joined: 29-June 09 Member No.: 346,654 |
I wish I read that more closely now. Sorry about the whole thing, I suppose I was a bit antsy/panicked.
ComboFix 09-06-29.07 - Alex Cheng 06/30/2009 16:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.2847 [GMT -7:00] Running from: c:\documents and settings\Alex Cheng\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Install.txt c:\windows\system32\comsa32.sys c:\windows\system32\drivers\UACpcbcxftiqrxuecb.sys c:\windows\system32\FInstall.sys c:\windows\system32\Install.txt c:\windows\system32\kr_done1 c:\windows\system32\msncache.dll c:\windows\system32\tpszxyd.sys c:\windows\system32\UACdwqeejrpseignst.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACkklyfwvtgikmlqjbo.log c:\windows\system32\UACkmoobuqtbuheuna.dll c:\windows\system32\UACmdnasoppfcrwprd.db c:\windows\system32\UACmevrtyqjnqtxypp.dll c:\windows\system32\UACqkgxvwpiktbhdas.dll c:\windows\system32\UACqsnoxjxdlxwkkpw.dat c:\windows\system32\UACqylhmqpcgwncjio.dll c:\windows\system32\uactmp.db c:\windows\system32\wiawow32.sys c:\windows\TEMP\mta81458.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys -------\Legacy_MSNCACHE -------\Legacy_SOPIDKC -------\Service_msncache -------\Service_sopidkc ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 ))))))))))))))))))))))))))))))) . 2009-06-30 16:26 . 2009-05-07 08:25 546688 ----a-w- C:\autorunsc.exe 2009-06-30 16:26 . 2009-05-07 08:25 654208 ----a-w- C:\autoruns.exe 2009-06-30 16:02 . 2009-06-30 16:02 -------- d-----w- c:\program files\Trend Micro 2009-06-29 20:22 . 2009-06-29 20:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-29 08:54 . 2009-06-29 08:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-06-29 08:52 . 2009-06-29 08:52 -------- d-sh--w- c:\documents and settings\Alex Cheng\PrivacIE 2009-06-29 08:52 . 2009-06-29 20:51 -------- d-sh--r- c:\program files\Manson 2009-06-24 20:21 . 2009-06-24 20:21 127872 ----a-w- c:\documents and settings\Alex Cheng\Application Data\Move Networks\uninstall.exe 2009-06-24 20:21 . 2009-06-24 20:21 1686272 ----a-w- c:\documents and settings\Alex Cheng\Application Data\Move Networks\MoveMediaPlayerWin_071503000010.exe 2009-06-24 06:19 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-06-19 10:35 . 2009-06-19 10:35 -------- d-----w- c:\program files\Windows Media Connect 2 2009-06-19 10:33 . 2009-06-19 10:34 -------- d-----w- c:\windows\system32\drivers\UMDF 2009-06-19 10:33 . 2009-06-19 10:33 -------- d-----w- c:\windows\system32\LogFiles 2009-06-16 06:35 . 2009-06-16 06:35 97144 ----a-w- c:\documents and settings\Alex Cheng\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe 2009-06-16 06:35 . 2009-06-24 20:21 4183416 ----a-w- c:\documents and settings\Alex Cheng\Application Data\Move Networks\plugins\npqmp071503000010.dll 2009-06-10 23:16 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-06-10 23:16 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-06-10 23:16 . 2009-04-30 21:22 1985024 -c----w- c:\windows\system32\dllcache\iertutil.dll 2009-06-10 23:16 . 2009-04-30 21:22 11064832 -c----w- c:\windows\system32\dllcache\ieframe.dll 2009-06-09 22:43 . 2009-06-10 16:19 -------- d-----w- c:\program files\Altitude 2009-06-09 19:54 . 2009-06-09 19:54 152576 ----a-w- c:\documents and settings\Alex Cheng\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-06-07 00:44 . 2009-06-07 00:44 -------- d-sh--w- c:\documents and settings\Alex Cheng\IETldCache 2009-06-06 17:34 . 2009-06-06 17:34 -------- d-----w- c:\windows\ie8updates 2009-06-06 17:33 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-06-06 17:31 . 2009-06-06 17:33 -------- dc-h--w- c:\windows\ie8 2009-06-02 15:35 . 2009-06-02 15:35 -------- d-----w- c:\program files\iPod 2009-06-02 15:35 . 2009-06-02 15:35 -------- d-----w- c:\program files\iTunes 2009-06-02 15:25 . 2009-06-02 15:25 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe 2009-06-01 18:30 . 2009-06-01 18:30 -------- d-----w- c:\program files\PostgreSQL 2009-06-01 18:25 . 2009-06-12 00:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-06-01 18:24 . 2009-06-01 18:43 -------- d-----w- c:\program files\PokerTracker 3 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-30 07:00 . 2009-05-26 08:48 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\.purple 2009-06-29 22:02 . 2009-05-14 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-06-29 09:05 . 2009-05-09 08:27 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\uTorrent 2009-06-27 05:59 . 2009-05-16 05:25 -------- d-----w- c:\program files\Full Tilt Poker 2009-06-26 01:44 . 2009-05-09 03:45 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\Move Networks 2009-06-24 04:33 . 2009-05-14 09:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-24 04:33 . 2009-05-14 09:38 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-24 04:33 . 2009-05-14 09:38 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-19 02:11 . 2009-05-26 08:51 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\gtk-2.0 2009-06-09 19:56 . 2006-05-12 20:17 -------- d-----w- c:\program files\Java 2009-06-09 16:15 . 2009-05-09 08:13 -------- d-----w- c:\program files\Common Files\DivX Shared 2009-06-08 05:08 . 2009-05-09 08:13 -------- d-----w- c:\program files\DivX 2009-06-04 10:44 . 2009-05-26 09:06 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\Mp3tag 2009-06-04 03:10 . 2009-05-17 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-06-03 13:12 . 2009-05-12 00:44 1 ----a-w- c:\documents and settings\Alex Cheng\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2009-06-02 15:35 . 2009-05-17 10:37 -------- d-----w- c:\program files\Common Files\Apple 2009-06-02 15:33 . 2009-05-17 10:38 -------- d-----w- c:\program files\QuickTime 2009-06-02 07:26 . 2009-05-21 12:56 25 ----a-w- c:\windows\popcinfot.dat 2009-06-01 16:37 . 2009-05-17 10:39 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\Apple Computer 2009-05-29 20:36 . 2009-05-17 10:37 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-05-29 20:36 . 2009-05-17 10:37 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-05-27 19:05 . 2009-05-27 19:05 2558 ----a-r- c:\documents and settings\Alex Cheng\Application Data\Microsoft\Installer\{2458AD0E-7C80-431B-9EEB-499FB020AE08}\_60329CC4B65549C5F2CF57.exe 2009-05-27 19:05 . 2009-05-12 12:10 -------- d-----w- c:\program files\Livescribe 2009-05-27 17:31 . 2009-05-27 17:31 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\AdobeUM 2009-05-26 09:12 . 2009-05-26 09:12 -------- d-----w- c:\program files\iLyrics 2009-05-26 09:06 . 2009-05-26 09:06 -------- d-----w- c:\program files\Mp3tag 2009-05-26 09:00 . 2009-05-26 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP 2009-05-26 08:59 . 2009-05-26 08:59 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\acccore 2009-05-26 08:59 . 2009-05-26 08:57 -------- d-----w- c:\program files\AIM6 2009-05-26 08:58 . 2006-05-12 23:21 -------- d-----w- c:\program files\Viewpoint 2009-05-26 08:58 . 2006-05-12 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-05-26 08:58 . 2009-05-26 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore 2009-05-26 08:58 . 2006-05-12 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL 2009-05-26 08:57 . 2006-05-12 23:21 -------- d-----w- c:\program files\Common Files\AOL 2009-05-26 08:48 . 2009-05-26 08:47 -------- d-----w- c:\program files\Aspell 2009-05-26 08:44 . 2009-05-26 08:44 -------- d-----w- c:\program files\Pidgin 2009-05-26 08:44 . 2009-05-26 08:44 -------- d-----w- c:\program files\Common Files\GTK 2009-05-21 18:33 . 2009-05-07 08:25 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-21 04:56 . 2009-05-21 04:55 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\U3 2009-05-17 11:35 . 2009-05-17 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-05-17 10:39 . 2009-05-17 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-17 10:39 . 2009-05-17 10:39 -------- d-----w- c:\program files\Bonjour 2009-05-17 10:38 . 2009-05-17 10:38 -------- d-----w- c:\program files\Apple Software Update 2009-05-17 08:55 . 2009-05-17 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-05-17 08:55 . 2009-05-17 08:53 -------- d-----w- c:\program files\PopCap Games 2009-05-16 05:25 . 2006-05-12 20:34 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-14 09:39 . 2009-05-14 09:39 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-14 09:38 . 2009-05-14 09:38 -------- d-----w- c:\program files\AVG 2009-05-14 09:35 . 2006-05-12 21:28 47936 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-14 07:43 . 2006-05-12 23:21 -------- d-----w- c:\program files\Pure Networks 2009-05-13 05:15 . 2006-05-12 18:22 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 12:16 . 2009-05-12 12:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_PulseUsb_01007.Wdf 2009-05-12 12:16 . 2009-05-12 12:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-05-12 12:16 . 2009-05-12 12:16 -------- d-----w- c:\program files\DIFX 2009-05-12 12:16 . 2009-05-12 12:16 -------- d-----w- c:\program files\Common Files\Livescribe 2009-05-12 11:49 . 2009-05-12 11:49 -------- d-----w- c:\program files\AC3Filter 2009-05-12 09:40 . 2009-05-12 09:40 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\InterVideo 2009-05-12 08:52 . 2009-06-01 18:37 -------- d-----w- c:\documents and settings\postgres\Application Data\AOL 2009-05-12 08:52 . 2006-05-12 23:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL 2009-05-12 08:52 . 2000-01-05 23:47 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\AOL 2009-05-12 08:42 . 2009-05-12 08:42 -------- d-----w- c:\program files\PFPortChecker 2009-05-12 00:44 . 2009-05-12 00:44 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\OpenOffice.org 2009-05-11 10:08 . 2009-05-11 10:08 -------- d-----w- c:\program files\OpenOffice.org 3 2009-05-11 08:29 . 2009-05-11 08:28 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\Download Manager 2009-05-11 04:33 . 2009-05-11 04:33 -------- d-----w- c:\program files\Samsung 2009-05-09 09:59 . 2009-05-09 09:59 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\DivX 2009-05-09 08:27 . 2009-05-09 08:27 -------- d-----w- c:\program files\uTorrent 2009-05-09 03:32 . 2006-05-12 18:56 95411 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-05-09 03:30 . 2006-05-12 18:53 -------- d-----w- c:\program files\Windows Journal 2009-05-08 09:19 . 2009-05-08 09:19 -------- d-----w- c:\program files\Catan GmbH 2009-05-07 15:32 . 2006-05-12 18:20 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-07 13:27 . 2009-05-07 13:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall 2009-05-07 10:23 . 2009-05-07 10:23 -------- d-----w- c:\program files\Agilix 2009-05-07 10:02 . 2009-05-07 10:02 -------- d-----w- c:\program files\MSXML 4.0 2009-05-07 08:24 . 2009-05-07 08:24 152576 ----a-w- c:\documents and settings\Alex Cheng\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-07 01:12 . 2009-05-07 01:12 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\Meebo 2009-05-07 01:06 . 2006-05-12 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall 2009-05-06 19:09 . 2000-01-05 23:48 -------- d-----w- c:\documents and settings\Alex Cheng\Application Data\McAfee.com Personal Firewall 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll 2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll 2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll 2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll 2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll 2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll 2009-04-17 12:26 . 2006-05-12 18:22 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 20:25 . 2009-05-09 08:14 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2009-04-15 20:25 . 2009-05-09 08:14 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2009-04-15 20:25 . 2009-05-09 08:14 129784 ------w- c:\windows\system32\pxafs.dll 2009-04-15 20:25 . 2006-05-12 23:41 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys 2009-04-15 20:25 . 2006-05-12 23:41 120056 ------w- c:\windows\system32\pxcpyi64.exe 2009-04-15 20:25 . 2006-05-12 23:41 118520 ------w- c:\windows\system32\pxinsi64.exe 2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll 2009-04-15 14:51 . 2006-05-12 18:21 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "Google Update"="c:\documents and settings\Alex Cheng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-06 133104] "LDTray"="c:\program files\Livescribe\Livescribe Desktop\LDTray.exe" [2009-05-11 419136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ThpSrv"="c:\windows\system32\thpsrv" [X] "00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-26 258048] "CrossMenu"="c:\program files\Toshiba\CrossMenu\CrossMenu.exe" [2006-04-12 798720] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-23 122880] "TRot.exe"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2005-11-29 266240] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-02-23 86016] "TAcelMgr"="c:\program files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-16 90112] "TSkrMain"="c:\program files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-06-30 49152] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-12 299008] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384] "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-05-31 520192] "LDTray"="c:\program files\Livescribe\Livescribe Desktop\LDTray.exe" [2009-05-11 419136] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-24 1948440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-24 24576] "TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-04-11 622592] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [BU] "TFncKy"="TFncKy.exe" [BU] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-09 16207360] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-24 1448960] "TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-04-25 315392] "TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2006-04-25 110592] "TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344] c:\documents and settings\Alex Cheng\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080] c:\documents and settings\All Users\Start Menu\Programs\Startup\ RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-5-12 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey] 2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-24 04:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL] 2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify] 2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TSigNP] 2006-03-02 21:51 53248 ----a-w- c:\windows\system32\TSigNP.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Alex Cheng\\Desktop\\utorrent.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Pidgin\\pidgin.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Altitude\\altitude.exe"= R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 11:31 PM 16384] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [5/12/2006 2:16 PM 6144] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/14/2009 2:38 AM 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/14/2009 2:39 AM 108552] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [5/12/2006 2:05 PM 5888] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/14/2009 2:38 AM 298776] R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568] R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024] R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [5/12/2009 5:16 AM 151552] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [9/19/2008 3:03 AM 65536] R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/24/2006 8:24 PM 98560] R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [5/12/2006 2:05 PM 126976] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/26/2009 1:58 AM 24652] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [5/12/2006 1:56 PM 8832] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/12/2006 4:50 AM 14208] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [5/12/2009 5:16 AM 19584] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-06-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] 2009-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-102128359-1042325796-3802484420-1005.job - c:\documents and settings\Alex Cheng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-06 23:09] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Aim6 - (no file) HKLM-Run-net - c:\windows\system32\net.net . ------- Supplementary Scan ------- . uStart Page = hxxp://www.toshibadirect.com/dpdstart uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Alex Cheng\Application Data\Mozilla\Firefox\Profiles\5ro7qjhq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Alex Cheng\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Alex Cheng\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\Alex Cheng\Local Settings\Application Data\HuluDesktop\instances\0.9.6.1\npHDPlg.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-30 16:15 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll c:\windows\system32\biologon.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\bio.dll c:\program files\Protector Suite QL\remote.dll c:\windows\system32\TSigNP.dll c:\program files\Protector Suite QL\mysafe.dll c:\program files\Protector Suite QL\crypto.dll - - - - - - - > 'lsass.exe'(940) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll - - - - - - - > 'explorer.exe'(5752) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\program files\windows journal\nbmaptip.dll c:\windows\IME\SPGRMR.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Protector Suite QL\mysafe.dll c:\program files\Protector Suite QL\infra.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\Microsoft Shared\Ink\keyboardsurrogate.exe c:\windows\system32\wisptis.exe c:\windows\system32\tabbtnu.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Toshiba\ConfigFree\CFSvcs.exe c:\program files\Common Files\Microsoft Shared\Ink\tcserver.exe c:\windows\system32\DVDRAMSV.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\igfxext.exe c:\program files\Toshiba\ConfigFree\NDSTray.exe c:\windows\system32\ThpSrv.exe c:\windows\system32\igfxsrvc.exe c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Protector Suite QL\psqltray.exe c:\windows\system32\mshta.exe c:\windows\system32\TPSBattM.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\windows\system32\ThpSrv.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\windows\system32\TODDSrv.exe c:\program files\Toshiba\TME3\TMETEMnu.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************** . Completion time: 2009-06-30 16:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-30 23:18 Pre-Run: 63,044,972,544 bytes free Post-Run: 66,426,032,128 bytes free 403 --- E O F --- 2009-06-24 10:02 |
|
|
|
|
Jul 4 2009, 04:30 PM
Post
#7
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
QUOTE I wish I read that more closely now. Sorry about the whole thing, I suppose I was a bit antsy/panicked. Im sure you would have been even more panicked if your machine didn't boot after running it, especially since you didn't even install the recover console  anyway lets make sure their no leftovers.Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs.
Next We need to create an OTL Report
Then please post back here with the following:
Thanks -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
icon on your desktop.
button.|
Jul 6 2009, 03:37 AM
Post
#8
|
|
|
New Member Group: Members Posts: 10 Joined: 29-June 09 Member No.: 346,654 |
So far, so good....
KASPERSKY ONLINE SCANNER 7.0 REPORT Monday, July 6, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Sunday, July 05, 2009 21:12:41 Records in database: 2430157 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ F:\ Scan statistics Files scanned 136627 Threat name 0 Infected objects 0 Suspicious objects 0 Duration of the scan 04:01:52 No malware has been detected. The scan area is clean. The selected area was scanned. OTL logfile created on: 7/6/2009 1:26:56 AM - Run 1 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Alex Cheng\My Documents\Downloads Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 99.22% Memory free 4.00 Gb Paging File | 3.62 Gb Available in Paging File | 90.41% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 60.41 Gb Free Space | 64.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1.87 Gb Total Space | 0.01 Gb Free Space | 0.45% Space Free | Partition Type: FAT Drive F: | 298.02 Gb Total Space | 0.94 Gb Free Space | 0.32% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALEX Current User Name: Alex Cheng Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2005/11/28 12:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe PRC - [2005/11/28 12:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe PRC - [2008/04/13 17:12:23 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe PRC - [2008/04/13 17:12:40 | 00,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WISPTIS.EXE PRC - [2002/08/29 03:41:28 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tabbtnu.exe PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2009/06/23 21:32:55 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2005/01/17 16:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2008/04/13 17:12:37 | 00,043,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe PRC - [2004/08/28 00:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe PRC - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2006/04/26 14:39:42 | 00,258,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\00THotkey.exe PRC - [2006/04/12 16:25:22 | 00,798,720 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe PRC - [2006/04/10 18:14:52 | 00,622,592 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\System32\TFNF5.exe PRC - [2005/05/23 16:21:36 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe PRC - [2005/11/29 16:37:22 | 00,266,240 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe PRC - [2004/03/23 22:40:42 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe PRC - [2005/06/28 20:43:00 | 00,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TouchED\TouchED.Exe PRC - [2005/10/15 06:29:08 | 00,088,203 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe PRC - [2005/11/28 13:55:50 | 00,094,208 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe PRC - [2005/05/17 11:42:02 | 00,049,152 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe PRC - [2005/11/02 16:41:04 | 00,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2009/03/30 07:41:56 | 00,151,552 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe PRC - [2006/02/22 17:41:00 | 00,086,016 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE PRC - [2004/12/16 11:56:52 | 00,090,112 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe PRC - [2004/06/30 16:29:34 | 00,049,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe PRC - [2006/05/11 17:23:22 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\thpsrv.exe PRC - [2005/11/28 13:51:52 | 00,159,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe PRC - [2006/04/12 16:09:00 | 00,299,008 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe PRC - [2006/05/09 13:53:46 | 16,207,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE PRC - [2008/09/19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2006/04/24 15:20:56 | 01,448,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.EXE PRC - [2006/04/24 19:54:12 | 00,315,392 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSMain.exe PRC - [2006/04/24 19:54:14 | 00,110,592 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSODDCtl.exe PRC - [2003/02/26 11:08:42 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apntex.exe PRC - [2006/02/02 12:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe PRC - [2005/11/28 13:52:00 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe PRC - [2006/05/05 17:39:54 | 00,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe PRC - [2005/11/28 13:55:58 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe PRC - [2005/12/05 13:37:40 | 00,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe PRC - [2005/11/28 12:41:50 | 00,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe PRC - [2008/04/13 17:12:37 | 00,271,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe PRC - [2007/05/30 17:21:24 | 00,520,192 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2009/05/11 14:16:52 | 00,419,136 | ---- | M] () -- C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe PRC - [2006/04/24 19:54:04 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TPSBattM.exe PRC - [2009/05/30 12:30:26 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/06/23 21:33:06 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe PRC - [2005/11/28 12:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe PRC - [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2004/12/30 00:32:20 | 00,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe PRC - [2005/07/12 17:14:42 | 00,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe PRC - [2006/05/11 17:23:22 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\ThpSrv.exe PRC - [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2005/12/14 12:00:32 | 00,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe PRC - [2004/08/28 00:37:00 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\RAMASST.exe PRC - [2005/12/20 12:17:48 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TODDSrv.exe PRC - [2004/02/24 15:57:32 | 00,077,824 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE PRC - [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2008/09/19 07:30:34 | 03,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2005/11/28 12:37:52 | 00,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009/05/19 14:51:06 | 00,045,603 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe PRC - [2004/11/03 15:06:34 | 00,462,848 | ---- | M] (TOSHIBA Corporation) -- C:\toshiba\ivp\netint\netint.exe PRC - [2003/10/20 09:37:58 | 00,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\toshiba\ivp\ism\ivpsvmgr.exe PRC - [2009/05/14 02:38:43 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe PRC - [2009/06/30 16:27:16 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/05/21 11:34:01 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe PRC - [2009/05/09 01:27:24 | 00,274,224 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe PRC - [2009/07/05 13:17:23 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Alex Cheng\Local Settings\temp\jkos-Alex Cheng\binaries\ScanningProcess.exe PRC - [2009/07/05 13:17:23 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Alex Cheng\Local Settings\temp\jkos-Alex Cheng\binaries\ScanningProcess.exe PRC - [2006/10/18 21:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe PRC - [2009/07/06 01:26:06 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex Cheng\My Documents\Downloads\OTL.exe ========== Win32 Services (SafeList) ========== SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) SRV - [2009/06/23 21:32:55 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) SRV - [2005/01/17 16:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running]) SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) SRV - [2004/08/28 00:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto | Running]) SRV - [2005/11/28 12:29:00 | 00,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running]) SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running]) SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) SRV - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) SRV - [2009/05/21 11:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) SRV - [2009/03/30 07:41:56 | 00,151,552 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService [Auto | Running]) SRV - [2008/09/19 03:03:58 | 00,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3 [Auto | Running]) SRV - [2005/11/28 12:28:14 | 00,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running]) SRV - [2005/11/28 12:31:32 | 00,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running]) SRV - [2005/07/12 17:14:42 | 00,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running]) SRV - [2006/05/11 17:23:22 | 00,176,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\ThpSrv.exe -- (Thpsrv [Auto | Running]) SRV - [2005/12/14 12:00:32 | 00,126,976 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv [Auto | Running]) SRV - [2005/12/20 12:17:48 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\TODDSrv.exe -- (TODDSrv [Auto | Running]) SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services (SafeList) ========== DRV - [2000/01/05 16:47:10 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running]) DRV - [2005/11/15 09:00:22 | 01,122,656 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) DRV - [2004/05/08 20:38:06 | 00,101,833 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running]) DRV - [2006/05/12 16:22:16 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running]) DRV - [2009/06/23 21:33:06 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running]) DRV - [2009/06/23 21:33:05 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running]) DRV - [2009/05/14 02:39:00 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running]) DRV - File not found -- -- (catchme [On_Demand | Running]) DRV - [2006/06/12 19:06:28 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped]) DRV - [2005/10/10 15:31:42 | 00,163,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running]) DRV - [2005/09/14 18:24:08 | 00,179,200 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e1e5132.sys -- (e1express [On_Demand | Stopped]) DRV - [2006/05/05 18:00:02 | 00,013,568 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir [Auto | Running]) DRV - [2006/05/05 17:59:52 | 00,033,024 | ---- | M] (UPEK Inc.) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2 [Auto | Running]) DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) DRV - [2008/04/13 09:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running]) DRV - [2005/11/28 14:20:20 | 01,353,820 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running]) DRV - [2006/05/09 17:27:24 | 04,273,152 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) DRV - [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running]) DRV - [2005/06/02 03:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) -- C:\WINDOWS\System32\Drivers\meiudf.sys -- (meiudf [System | Running]) DRV - [2003/01/29 14:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\netdevio.sys -- (Netdevio [Auto | Running]) DRV - [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (Pfc [On_Demand | Running]) DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running]) DRV - [2009/02/26 08:25:56 | 00,019,584 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\DRIVERS\PulseUsb.sys -- (PulseUsb [On_Demand | Stopped]) DRV - [2009/04/15 13:25:42 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) DRV - [2005/11/28 13:09:26 | 00,013,568 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running]) DRV - [2008/04/13 09:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped]) DRV - [2006/05/05 17:33:04 | 00,003,456 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp [Auto | Running]) DRV - [2005/08/24 15:20:28 | 00,009,472 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\tbiosdrv.sys -- (tbiosdrv [On_Demand | Running]) DRV - [2002/09/12 22:48:50 | 00,008,832 | ---- | M] (TOSHIBA) -- C:\WINDOWS\System32\DRIVERS\TBtnKey.sys -- (TBtnKey [On_Demand | Running]) DRV - [2006/05/05 17:43:38 | 00,028,800 | ---- | M] (UPEK Inc.) -- C:\WINDOWS\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Running]) DRV - [2006/03/02 18:49:50 | 00,015,360 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys -- (tdcmdpst [On_Demand | Running]) DRV - [2006/03/24 20:24:00 | 00,098,560 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tdudf.sys -- (tdudf [Auto | Running]) DRV - [2004/12/27 23:31:50 | 00,016,384 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\thpdrv.sys -- (Thpdrv [Boot | Running]) DRV - [2004/11/13 12:24:52 | 00,006,144 | R--- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\Thpevm.SYS -- (Thpevm [Boot | Running]) DRV - [2005/11/30 10:12:36 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running]) DRV - [2004/06/16 11:08:48 | 00,005,888 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\System32\Drivers\TMEI3E.SYS -- (TMEI3E [System | Running]) DRV - [2005/09/09 14:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\tosrfec.sys -- (tosrfec [On_Demand | Stopped]) DRV - [2005/12/26 14:33:26 | 00,016,768 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\TVALZ.SYS -- (TVALZ [Boot | Running]) DRV - [2006/04/25 09:01:48 | 00,043,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\DRIVERS\Tvs.sys -- (Tvs [On_Demand | Running]) DRV - [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped]) DRV - [2005/12/05 01:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\DRIVERS\w39n51.sys -- (w39n51 [On_Demand | Running]) DRV - [2003/01/10 13:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped]) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\S-1-5-21-102128359-1042325796-3802484420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\S-1-5-21-102128359-1042325796-3802484420-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart IE - HKU\S-1-5-21-102128359-1042325796-3802484420-1006\S-1-5-21-102128359-1042325796-3802484420-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/" FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5 FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/23 21:35:00 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/07 01:25:13 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/30 16:27:34 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/04 00:22:28 | 00,000,000 | ---D | M] [2009/05/06 12:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex Cheng\Application Data\mozilla\Extensions [2009/05/06 12:09:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex Cheng\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2009/06/25 18:44:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex Cheng\Application Data\mozilla\Firefox\Profiles\5ro7qjhq.default\extensions [2009/07/05 13:21:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2009/06/30 16:27:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/05/07 01:25:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2009/06/09 12:56:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009/06/30 16:27:13 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll [2009/06/30 16:27:13 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll [2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll [2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll [2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll [2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009/06/30 16:27:22 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll [2009/06/02 08:33:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2009/06/02 08:33:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2009/06/02 08:33:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2009/06/02 08:33:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2009/06/02 08:33:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2009/06/02 08:33:02 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll [2009/06/02 08:33:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll [2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll [2009/06/30 16:27:25 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml [2009/06/30 16:27:25 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml [2009/06/30 16:27:25 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml [2009/06/30 16:27:25 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml [2009/06/30 16:27:25 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml [2009/06/30 16:27:25 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml [2009/06/30 16:27:25 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WZSE1.TMP\GoogleAFE.dll File not found O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-102128359-1042325796-3802484420-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.) O4 - HKLM..\Run: [000StTHK] C:\WINDOWS\System32\000StTHK.exe () O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe (TOSHIBA) O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe () O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe () O4 - HKLM..\Run: [MSKDetectorExe] File not found O4 - HKLM..\Run: [MSPY2002] File not found O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] File not found O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [PSQLLauncher] File not found O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TabletTip] C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe (Microsoft Corporation) O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe (Microsoft Corporation) O4 - HKLM..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [TFNF5] C:\WINDOWS\System32\TFNF5.exe (TOSHIBA Corp.) O4 - HKLM..\Run: [ThpSrv] C:\WINDOWS\System32\thpsrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TMERzCtl.EXE] File not found O4 - HKLM..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE (TOSHIBA) O4 - HKLM..\Run: [TOSDCR] C:\WINDOWS\System32\TOSDCR.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPSODDCtl] C:\WINDOWS\System32\TPSODDCtl.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TRot.exe] c:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe (TOSHIBA) O4 - HKLM..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005..\Run: [Google Update] C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.) O4 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe () O4 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA) O4 - HKU\S-1-5-21-102128359-1042325796-3802484420-1006..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (TOSHIBA) O4 - Startup: C:\Documents and Settings\Alex Cheng\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\System32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-102128359-1042325796-3802484420-1005_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-102128359-1042325796-3802484420-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-102128359-1042325796-3802484420-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-102128359-1042325796-3802484420-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O8 - Extra context menu item: Translate into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\loginkey: DllName - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation) O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\System32\TabBtnWL.dll (Microsoft Corporation) O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\System32\tpgwlnot.dll (Microsoft Corporation) O20 - Winlogon\Notify\TSigNP: DllName - TSigNP.dll - C:\WINDOWS\System32\TSigNP.dll (TOSHIBA) O24 - Desktop Components:0 (My Current Home Page) - About:Home O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/05/12 11:57:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008/12/16 16:46:54 | 00,049,244 | ---- | M] () - C:\autoruns.chm -- [ NTFS ] O32 - AutoRun File - [2009/05/07 01:25:00 | 00,654,208 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ] O32 - AutoRun File - [2009/05/07 01:25:02 | 00,546,688 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ] O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: (*) - File not found ========== Files/Folders - Created Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009/07/06 01:25:39 | 00,002,642 | ---- | C] () -- C:\Documents and Settings\Alex Cheng\Desktop\Kaspersky report.html [2009/07/03 21:06:39 | 00,000,000 | ---D | C] -- C:\rsit [2009/07/03 21:04:41 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Alex Cheng\Desktop\RSIT.exe [2009/07/01 17:09:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex Cheng\Application Data\Gamelab [2009/07/01 17:08:37 | 00,000,000 | ---D | C] -- C:\Program Files\Miss Management [2009/07/01 16:59:28 | 24,773,259 | ---- | C] () -- C:\Documents and Settings\Alex Cheng\My Documents\Miss Management-PreCracked-BigFish-Reflexive-HIVBABY.rar [2009/07/01 02:55:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2009/06/30 21:26:06 | 00,000,998 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-102128359-1042325796-3802484420-1005UA.job [2009/06/30 21:26:05 | 00,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-102128359-1042325796-3802484420-1005Core.job [2009/06/30 16:18:11 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe [2009/06/30 16:18:11 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe [2009/06/30 16:18:11 | 01,614,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll [2009/06/30 16:18:11 | 01,033,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe [2009/06/30 16:18:11 | 00,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll [2009/06/30 16:18:11 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll [2009/06/30 16:18:11 | 00,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys [2009/06/30 16:18:11 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll [2009/06/30 16:18:11 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe [2009/06/30 16:18:11 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll [2009/06/30 16:18:11 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe [2009/06/30 16:18:11 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe [2009/06/30 16:18:11 | 00,036,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys [2009/06/30 16:18:11 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe [2009/06/30 16:18:11 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys [2009/06/30 16:18:11 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll [2009/06/30 16:18:11 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe [2009/06/30 16:18:11 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe [2009/06/30 16:18:10 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll [2009/06/30 16:18:10 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll [2009/06/30 16:18:10 | 00,507,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe [2009/06/30 16:18:10 | 00,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys [2009/06/30 16:18:10 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll [2009/06/30 16:18:10 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe [2009/06/30 16:18:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache [2009/06/30 16:15:00 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Alex Cheng\My Documents\My Safe [2009/06/30 15:50:57 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/06/30 15:50:57 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/06/30 15:50:57 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe [2009/06/30 15:50:57 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/06/30 15:50:57 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2009/06/30 15:50:57 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2009/06/30 15:50:57 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2009/06/30 15:50:57 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/06/30 15:48:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2009/06/30 15:42:44 | 00,000,000 | ---D | C] -- C:\Qoobox [2009/06/30 15:20:43 | 00,000,000 | ---D | C] -- C:\Avenger [2009/06/30 15:20:40 | 34,804,08064 | -HS- | C] () -- C:\hiberfil.sys [2009/06/30 15:15:00 | 00,731,136 | ---- | C] () -- C:\Documents and Settings\Alex Cheng\My Documents\NotAvenger.exe [2009/06/30 09:26:11 | 00,654,208 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\autoruns.exe [2009/06/30 09:26:11 | 00,546,688 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\autorunsc.exe [2009/06/30 09:26:11 | 00,049,244 | ---- | C] () -- C:\autoruns.chm [2009/06/30 09:02:35 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\Alex Cheng\Desktop\HijackThis.lnk [2009/06/30 09:02:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2009/06/29 15:23:04 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC [2009/06/29 01:52:27 | 00,000,000 | RHSD | C] -- C:\Program Files\Manson [2009/06/23 23:18:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage [2009/06/19 03:35:45 | 00,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2009/06/19 03:35:21 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2 [2009/06/19 03:33:05 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/06/19 03:33:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles [2009/06/19 03:33:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF [2009/06/18 18:27:27 | 05,133,572 | ---- | C] () -- C:\Documents and Settings\Alex Cheng\Desktop\Lady GaGa ft Marilyn Manson LoveGame Chew Fu Remix.mp3 [2009/06/10 16:16:26 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll [2009/06/10 16:16:26 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll [2009/06/10 16:16:25 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2009/06/10 16:16:23 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2009/06/09 15:43:52 | 00,000,000 | ---D | C] -- C:\Program Files\Altitude [2009/06/09 15:37:09 | 58,773,384 | ---- | C] (Nimbly Games) -- C:\Documents and Settings\Alex Cheng\Desktop\altitude.exe [2009/06/09 12:56:16 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/06/09 12:56:16 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/06/09 12:56:16 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/06/09 12:47:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2009/06/06 10:34:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2009/06/06 10:33:59 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll [2009/06/06 10:33:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2009/06/06 10:31:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2009/05/12 05:09:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI [2009/05/12 01:52:04 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009/05/10 17:17:14 | 00,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006/05/30 17:03:26 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006/05/30 15:20:53 | 00,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006/05/30 15:01:10 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006/05/12 15:21:50 | 00,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll [2006/05/12 14:31:28 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006/05/12 14:31:28 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006/05/12 14:31:28 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006/05/12 14:31:28 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006/05/12 14:31:28 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006/05/12 14:31:28 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006/05/12 14:21:11 | 00,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006/05/12 13:58:37 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI [2006/05/12 13:44:20 | 00,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini [2006/05/12 13:44:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll [2006/05/12 13:44:20 | 00,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006/05/12 13:44:20 | 00,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006/05/12 13:27:11 | 00,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\BrigthDL.dll [2006/05/12 12:03:48 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/05/12 11:53:02 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/05/12 11:27:24 | 00,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006/05/12 11:22:04 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini [2006/05/12 11:21:53 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini [2005/09/02 14:44:08 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005/08/24 15:20:28 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys [2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== Files - Modified Within 30 Days ========== [4 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2009/07/06 01:25:39 | 00,002,642 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Desktop\Kaspersky report.html [2009/07/06 00:31:00 | 00,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-102128359-1042325796-3802484420-1005UA.job [2009/07/05 21:31:02 | 00,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-102128359-1042325796-3802484420-1005Core.job [2009/07/05 18:19:59 | 37,798,215 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2009/07/05 08:49:34 | 00,012,796 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2009/07/04 03:20:13 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/03 21:04:44 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Desktop\RSIT.exe [2009/07/01 17:07:47 | 24,773,259 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\My Documents\Miss Management-PreCracked-BigFish-Reflexive-HIVBABY.rar [2009/07/01 08:51:03 | 00,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver [2009/06/30 16:15:44 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2009/06/30 16:14:47 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2009/06/30 16:14:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/06/30 16:14:38 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/06/30 16:14:36 | 34,804,08064 | -HS- | M] () -- C:\hiberfil.sys [2009/06/30 09:02:35 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Desktop\HijackThis.lnk [2009/06/29 12:12:22 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2009/06/24 18:38:20 | 04,365,460 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Desktop\Travis Garland - Dead And Gone.mp3 [2009/06/24 18:33:37 | 05,133,572 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Desktop\Lady GaGa ft Marilyn Manson LoveGame Chew Fu Remix.mp3 [2009/06/24 18:05:38 | 04,027,797 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Desktop\01 supernova ft. kanye west.mp3 [2009/06/24 03:01:53 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2009/06/23 23:18:08 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/06/23 21:44:16 | 00,002,334 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Desktop\Google Chrome.lnk [2009/06/23 21:33:06 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2009/06/23 21:33:06 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2009/06/23 21:33:05 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2009/06/23 21:31:34 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2009/06/23 21:31:34 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2009/06/19 03:35:30 | 00,000,603 | ---- | M] () -- C:\WINDOWS\win.ini [2009/06/19 03:34:09 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2009/06/19 03:33:05 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf [2009/06/16 07:19:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/06/11 03:10:29 | 00,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/06/09 15:40:44 | 58,773,384 | ---- | M] (Nimbly Games) -- C:\Documents and Settings\Alex Cheng\Desktop\altitude.exe [2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe [2009/06/07 22:08:11 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk [2009/06/07 22:07:57 | 00,000,842 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk [2009/06/07 22:07:32 | 00,001,495 | ---- | M] () -- C:\Documents and Settings\Alex Cheng\Desktop\DivX Movies.lnk ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CEFE51A < End of report > OTL Extras logfile created on: 7/6/2009 1:26:56 AM - Run 1 OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Alex Cheng\My Documents\Downloads Windows XP Tablet PC Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 99.22% Memory free 4.00 Gb Paging File | 3.62 Gb Available in Paging File | 90.41% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 93.16 Gb Total Space | 60.41 Gb Free Space | 64.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 1.87 Gb Total Space | 0.01 Gb Free Space | 0.45% Space Free | Partition Type: FAT Drive F: | 298.02 Gb Total Space | 0.94 Gb Free Space | 0.32% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ALEX Current User Name: Alex Cheng Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2006/11/03 00:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader [2004/11/03 15:06:34 | 00,462,848 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine [2005/03/17 17:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger [2008/04/13 11:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2009/05/09 01:27:24 | 00,274,224 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent [2009/05/09 01:26:20 | 00,274,224 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Alex Cheng\Desktop\utorrent.exe:*:Enabled:µTorrent [2009/06/23 21:30:59 | 01,085,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe [2009/05/14 02:38:43 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe [2009/06/30 16:27:16 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour [2009/05/19 14:51:06 | 00,045,603 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin [2009/05/18 22:23:16 | 00,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM [2009/05/30 12:30:22 | 14,073,640 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes [2009/05/27 16:26:00 | 00,887,688 | ---- | M] () -- C:\Program Files\Altitude\altitude.exe:*:Enabled:altitude ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0 "{00A87405-997C-4B75-9129-0338B08DE177}" = TOSHIBA SD Memory Card Format "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0759CACC-6CF9-4C3C-92C5-39668679AB16}" = Microsoft Ink Desktop "{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}" = Tablet PC Tutorials for Microsoft Windows XP SP2 "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView "{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1759CACC-6CF9-4C3C-92C5-39668679AB17}" = Microsoft Ink Crossword "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443}" = Ink Art "{20348F6A-38D0-45F6-A103-C6FB2CD5695B}" = FranklinCovey TabletPlanner "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{24300A63-DD78-4AA5-A914-4D582C41D33A}" = TOSHIBA TouchPad On/Off Utility V2.05.01 "{2458AD0E-7C80-431B-9EEB-499FB020AE08}" = Smartpen Flash "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14 "{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Google AFE "{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0 "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer "{40FFC202-F842-44C7-ACBE-8B0EA690B1A3}" = Microsoft Education Pack for Windows XP Tablet PC Edition "{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades "{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator "{53AD2725-3987-4FE6-B4E0-D4F4E43DE7A0}" = OpenOffice.org 3.0 "{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor "{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}" = Agilix GoBinder Lite "{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility "{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{737629F4-4111-4FD4-9071-29873B7C6426}" = Protector Suite 5.4 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7862BAD8-A379-4128-8AA1-EFD5A9603C53}" = Wireless Hotkey "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{8853C080-7F5C-4020-B663-C57FE29BB858}" = Microsoft Snipping Tool 2.0 "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA "{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003 "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig "{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection "{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}" = MyConnect Special Offer "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer "{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{ABB977BD-2CBF-4C4D-BB4C-AB415AA42DAA}" = Livescribe™ Desktop "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AC971CEE-1480-479D-81AF-1CB4D10467B0}" = TOSHIBA Tablet Access Code Logon Utility "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B7F4B477-8EA3-4028-B458-2AE5E4A9D853}" = TOSHIBA Rotation Utility "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3 "{BBF5493A-05FB-4449-90DE-84A61EB78154}" = TOSHIBA SD Memory Boot Utility "{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree "{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility "{C12EB29D-9D64-4ACA-84C2-33D8729AABD3}" = Microsoft Experience Pack for Tablet PC "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi "{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6}" = Microsoft Media Transfer "{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration "{FA7314E7-9428-4866-80A8-762A538444DB}" = Microsoft Energy Blue Theme Pack "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "4578-0181-0549-1546" = Altitude 1.0.0 "A3CD60F2D5E61002E900E4A19E2CA01EFDF39B9C" = Windows Driver Package - Livescribe (PulseUsb) Image (03/19/2009 2.0.12.1) "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AIM_6" = AIM 6 "Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2 "AVG8Uninstall" = AVG Free 8.5 "Catan Online Welt" = Catan Online World "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "GNU Aspell_is1" = GNU Aspell 0.50-3 "GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only) "HijackThis" = HijackThis 2.0.2 "ie8" = Windows Internet Explorer 8 "iLyrics" = iTunes Lyrics Importer "InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool "InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers. "InstallShield_{56190F69-01D3-46CA-9861-43377C5E9B87}" = TOSHIBA Utilities "InstallShield_{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74}" = TOSHIBA Password Utility "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0 "Mozilla Firefox (3.5)" = Mozilla Firefox (3.5) "Mp3tag" = Mp3tag v2.43 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "PFPortChecker" = PFPortChecker 1.0.28 "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006 "Pidgin" = Pidgin "Plants vs. Zombies" = Plants vs. Zombies "PokerTracker3" = PokerTracker 3 (remove only) "Power Saver" = TOSHIBA Power Saver "ProInst" = Intel® PROSet/Wireless Software "PROSet" = Intel® PRO Network Connections Drivers "RealPlayer 6.0" = RealPlayer Basic "Samsung CLP-300 Series" = Samsung CLP-300 Series "TDspBtn" = TOSHIBA Display Devices Change Utility "TFNF5" = TOSHIBA Hotkey Utility for Display Devices "TME3" = TOSHIBA Mobile Extension3 for Windows XP V3.82.00.XP "TOSHIBA Accelerometer Utilities" = TOSHIBA Accelerometer Utilities "TOSHIBA Game Console" = TOSHIBA Game Console "TOSHIBA Software Modem" = TOSHIBA Software Modem "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "WildTangent CDA" = WildTangent Web Driver "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WT004722" = Bejeweled 2 Deluxe "WT004723" = Blasterball 2 Revolution "WT004725" = SCRABBLE "WT004829" = Polar Golfer "WT006066" = FATE "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "HuluDesktop" = HuluDesktop "Meebo Notifier" = Meebo Notifier "Move Media Player" = Move Media Player "uTorrent" = µTorrent ========== Last 10 Event Log Errors ========== [ System Events ] Error - 6/30/2009 6:53:34 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Error - 6/30/2009 7:08:41 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000 Description = The DgiVecp service failed to start due to the following error: %%20 Error - 6/30/2009 7:08:41 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000 Description = The sopidkc Service service failed to start due to the following error: %%2 Error - 6/30/2009 7:08:41 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000 Description = The SSPORT service failed to start due to the following error: %%2 Error - 6/30/2009 7:08:41 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7023 Description = The Automatic Updates service terminated with the following error: %%126 Error - 6/30/2009 7:09:04 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Error - 6/30/2009 7:13:08 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. Error - 6/30/2009 7:15:41 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000 Description = The DgiVecp service failed to start due to the following error: %%20 Error - 6/30/2009 7:15:41 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000 Description = The SSPORT service failed to start due to the following error: %%2 Error - 6/30/2009 7:15:41 PM | Computer Name = ALEX | Source = Service Control Manager | ID = 7009 Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect. < End of report > |
|
|
|
|
Jul 6 2009, 04:48 PM
Post
#9
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Hi 49CentTacos,
Thats looking beter just some bits to clean up, how is your computer running now? Also can you tell me if you no what the following file is? C:\Documents and Settings\Alex Cheng\My Documents\NotAvenger.exe Peer-to-Peer Programs Warning Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case uTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology. It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves. Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office." It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean. Uninstall ComboFix
 Next Run OTL
Thanks This post has been edited by syler: Jul 6 2009, 04:49 PM -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
Jul 8 2009, 09:31 PM
Post
#10
|
|
|
New Member Group: Members Posts: 10 Joined: 29-June 09 Member No.: 346,654 |
My computer recently crashed with windows telling me I have "Malware alert: Problem caused by spooldr.sys, which might be malware"
Were the music files an issue worth deleting? All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSKDetectorExe deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSPY2002 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PHIME2002ASync deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PSQLLauncher deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TFncKy deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TMERzCtl.EXE deleted successfully. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found. ========== FILES ========== C:\Documents and Settings\Alex Cheng\My Documents\Miss Management-PreCracked-BigFish-Reflexive-HIVBABY.rar moved successfully. C:\Documents and Settings\Alex Cheng\Desktop\Travis Garland - Dead And Gone.mp3 moved successfully. C:\Documents and Settings\Alex Cheng\Desktop\Lady GaGa ft Marilyn Manson LoveGame Chew Fu Remix.mp3 moved successfully. C:\Documents and Settings\Alex Cheng\Desktop\01 supernova ft. kanye west.mp3 moved successfully. File\Folder Commands not found. File\Folder [emptytemp] not found. File\Folder [Reboot] not found. OTL by OldTimer - Version 3.0.6.5 log created on 07082009_191633 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
|
|
|
Jul 9 2009, 05:36 AM
Post
#11
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
QUOTE Also can you tell me if you no what the following file is? C:\Documents and Settings\Alex Cheng\My Documents\NotAvenger.exe Do you no what this is? QUOTE Then post back with a new DDS log. DDS log? QUOTE My computer recently crashed with windows telling me I have "Malware alert: Problem caused by spooldr.sys, which might be malware" That's not good, that file is linked with a rootkit. QUOTE Were the music files an issue worth deleting? I don't take any risks with downloaded music and software since their is a good chance this is how you got infected in the first place. We need to scan for Rootkits with GMER
Then post back with the Gmer log and a new DDS log. Thanks -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
and wait for the scan to finish.
and save the logfile to your desktop.|
Jul 12 2009, 05:01 PM
Post
#12
|
|
|
New Member Group: Members Posts: 10 Joined: 29-June 09 Member No.: 346,654 |
I was going through other fourms and saw someone else with the same problem as I did, and they told them to run Avenger.exe. I had to change the name file, so that's what I stuck with. It didn't work as well as I hoped.
DDS (Ver_09-06-26.01) - NTFSx86 Run by Alex Cheng at 20:31:02.17 on Sat 07/11/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3319.1561 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc c:\Toshiba\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\TODDSrv.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe C:\WINDOWS\system32\thpsrv.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\SkyTel.EXE C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\TPSODDCtl.exe C:\Program Files\Toshiba\Tvs\TvsTray.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Pidgin\pidgin.exe C:\toshiba\ivp\ism\ivpsvmgr.exe C:\Program Files\PokerTracker 3\PokerTracker.exe C:\Program Files\PokerTracker 3\PokerTracker.exe C:\Program Files\PokerTracker 3\PokerTrackerHud.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Full Tilt Poker\FullTiltPoker.exe C:\Documents and Settings\Alex Cheng\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.toshibadirect.com/dpdstart uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart uInternet Settings,ProxyOverride = *.local BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [Google Update] "c:\documents and settings\alex cheng\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun mRun: [00THotkey] c:\windows\system32\00THotkey.exe mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe mRun: [000StTHK] 000StTHK.exe mRun: [TFNF5] TFNF5.exe mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [TRot.exe] c:\program files\toshiba\toshiba rotation utility\TRot.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe" mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe mRun: [ThpSrv] c:\windows\system32\thpsrv /logon mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [TPSMain] TPSMain.exe mRun: [TPSODDCtl] TPSODDCtl.exe mRun: [TOSDCR] TOSDCR.EXE mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run mRun: [TabletWizard] c:\windows\help\SplshWrp.exe mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun mRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k StartupFolder: c:\docume~1\alexch~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll Notify: psfus - psqlpwd.dll Notify: TabBtnWL - TabBtnWL.dll Notify: tpgwlnotify - tpgwlnot.dll Notify: TSigNP - TSigNP.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = scecli psqlpwd ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\alexch~1\applic~1\mozilla\firefox\profiles\5ro7qjhq.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\alex cheng\application data\move networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\alex cheng\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\alex cheng\local settings\application data\huludesktop\instances\0.9.6.1\npHDPlg.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2004-12-27 16384] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2006-5-12 6144] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-14 327688] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-14 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-14 108552] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2006-5-12 5888] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-14 298776] R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2006-5-5 13568] R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2006-5-5 33024] R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2009-5-12 151552] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536] R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2006-5-5 3456] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-3-24 98560] R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2006-5-12 126976] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [2006-5-12 8832] R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2006-5-12 14208] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2009-5-12 19584] =============== Created Last 30 ================ 2009-07-08 19:16 <DIR> --d----- C:\_OTL 2009-07-08 19:15 <DIR> --ds---- C:\ComboFix 2009-07-08 01:08 69,632 a------- c:\windows\RAUNINST.EXE 2009-07-08 01:07 <DIR> --d----- c:\program files\WESTWOOD 2009-07-08 01:07 <DIR> --d----- c:\documents and settings\alex cheng\WINDOWS 2009-07-08 00:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite 2009-07-08 00:25 <DIR> --d----- c:\program files\DAEMON Tools Toolbar 2009-07-08 00:25 <DIR> --d----- c:\program files\DAEMON Tools Lite 2009-07-08 00:15 721,904 a------- c:\windows\system32\drivers\sptd.sys 2009-07-08 00:15 <DIR> --d----- c:\docume~1\alexch~1\applic~1\DAEMON Tools Lite 2009-07-07 13:11 <DIR> --d----- c:\program files\VideoLAN 2009-07-01 17:09 <DIR> --d----- c:\docume~1\alexch~1\applic~1\Gamelab 2009-07-01 17:08 <DIR> --d----- c:\program files\Miss Management 2009-06-30 16:18 <DIR> -cd----- c:\windows\system32\dllcache\cache 2009-06-30 09:26 654,208 a------- C:\autoruns.exe 2009-06-30 09:26 546,688 a------- C:\autorunsc.exe 2009-06-30 09:26 49,244 a------- C:\autoruns.chm 2009-06-30 09:02 <DIR> --d----- c:\program files\Trend Micro 2009-06-29 01:52 <DIR> --dsh--- c:\documents and settings\alex cheng\PrivacIE 2009-06-29 01:52 <DIR> --dshr-- c:\program files\Manson 2009-06-19 03:35 <DIR> --d----- c:\program files\Windows Media Connect 2 2009-06-19 03:33 <DIR> --d----- c:\windows\system32\LogFiles ==================== Find3M ==================== 2009-06-23 21:33 327,688 a------- c:\windows\system32\drivers\avgldx86.sys 2009-06-23 21:33 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll 2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys 2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll 2009-05-14 02:39 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-05-12 22:15 915,456 a------- c:\windows\system32\wininet.dll 2009-05-08 20:32 95,411 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll 2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx0c.dll 2009-05-01 14:02 823,296 a------- c:\windows\system32\divx_xx07.dll 2009-05-01 14:02 815,104 a------- c:\windows\system32\divx_xx0a.dll 2009-05-01 14:02 811,008 a------- c:\windows\system32\divx_xx16.dll 2009-05-01 14:02 802,816 a------- c:\windows\system32\divx_xx11.dll 2009-05-01 14:02 685,056 a------- c:\windows\system32\DivX.dll 2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys 2009-04-15 13:25 129,784 -------- c:\windows\system32\pxafs.dll 2009-04-15 13:25 120,056 -------- c:\windows\system32\pxcpyi64.exe 2009-04-15 13:25 118,520 -------- c:\windows\system32\pxinsi64.exe 2009-04-15 13:24 90,112 a------- c:\windows\system32\dpl100.dll 2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll ============= FINISH: 20:31:24.25 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 1/5/2000 3:47:37 PM System Uptime: 7/8/2009 7:20:13 PM (73 hours ago) Motherboard: TOSHIBA | | Portable PC Processor: Genuine Intel® CPU T2050 @ 1.60GHz | uFC-PGA Socket | 1596/133mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 93 GiB total, 60.506 GiB free. D: is CDROM () E: is Removable F: is CDROM (CDFS) ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 7/8/2009 7:21:23 PM - System Checkpoint ==== Installed Programs ====================== µTorrent AAC Decoder AC3Filter (remove only) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0 Agilix GoBinder Lite AIM 6 ALPS Touch Pad Driver Altitude 1.0.0 Apple Mobile Device Support Apple Software Update Aspell English Dictionary-0.50-2 AutoUpdate AVG Free 8.5 Bejeweled 2 Deluxe Blasterball 2 Revolution Bluetooth Stack for Windows by Toshiba Bonjour Catan Online World CD/DVD Drive Acoustic Silencer Critical Update for Windows Media Player 11 (KB959772) DAEMON Tools Toolbar DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Version Checker DivX Web Player DVD-RAM Driver FATE FranklinCovey TabletPlanner Full Tilt Poker GNU Aspell 0.50-3 Google AFE Google Chrome Google Toolbar for Internet Explorer GTK+ Runtime 2.14.7 rev a (remove only) H.264 Decoder High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) HuluDesktop Ink Art Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Intel® PROSet/Wireless Software InterVideo WinDVD Creator 2 InterVideo WinDVD for TOSHIBA iTunes iTunes Lyrics Importer J2SE Runtime Environment 5.0 Update 6 Java™ 6 Update 14 Livescribe™ Desktop mCore mDrWiFi Meebo Notifier mHelp Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Starter Edition 2006 Microsoft Digital Image Starter Edition 2006 Editor Microsoft Digital Image Starter Edition 2006 Library Microsoft Education Pack for Windows XP Tablet PC Edition Microsoft Energy Blue Theme Pack Microsoft Experience Pack for Tablet PC Microsoft Ink Crossword Microsoft Ink Desktop Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Media Transfer Microsoft Office OneNote 2003 Microsoft Office Standard Edition 2003 Microsoft Snipping Tool 2.0 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Works mIWA MKV Splitter mLogView mMHouse Move Media Player Mozilla Firefox (3.5) Mp3tag v2.43 mPfMgr mPfWiz mProSafe MSXML 4.0 SP2 (KB954430) mWlsSafe mXML MyConnect Special Offer mZConfig Office 2003 Trial Assistant OpenOffice.org 3.0 PFPortChecker 1.0.28 Pidgin Plants vs. Zombies PokerTracker 3 (remove only) Polar Golfer PostgreSQL 8.3 Protector Suite 5.4 QuickTime RealPlayer Basic Realtek High Definition Audio Driver Red Alert Windows 95 Samsung CLP-300 Series SCRABBLE SD Secure Module Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB963027) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Smartpen Flash Tablet PC Tutorials for Microsoft Windows XP SP2 Texas Instruments PCIxx21/x515/xx12 drivers. TIPCI TOSHIBA Accelerometer Utilities TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Controls TOSHIBA Direct Disc Writer TOSHIBA Disc Creator TOSHIBA Display Devices Change Utility TOSHIBA Game Console TOSHIBA HDD Protection TOSHIBA Hotkey Utility for Display Devices TOSHIBA Mobile Extension3 for Windows XP V3.82.00.XP TOSHIBA Password Utility TOSHIBA PC Diagnostic Tool TOSHIBA Power Saver Toshiba Registration TOSHIBA Rotation Utility TOSHIBA SD Memory Boot Utility TOSHIBA SD Memory Card Format TOSHIBA Software Modem TOSHIBA Software Upgrades TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Tablet Access Code Logon Utility TOSHIBA TouchPad On/Off Utility V2.05.01 TOSHIBA Utilities TOSHIBA Virtual Sound TOSHIBA Zooming Utility Update for Windows Internet Explorer 8 (KB971180) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) VC80CRTRedist - 8.0.50727.762 VLC media player 1.0.0 WebFldrs XP Westwood Chat 4.221 WildTangent Web Driver Windows Driver Package - Livescribe (PulseUsb) Image (03/19/2009 2.0.12.1) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver Wireless Hotkey ==== Event Viewer Messages From Past Week ======== 7/8/2009 7:16:34 PM, error: Service Control Manager [7034] - The TOSHIBA HDD Protection service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:34 PM, error: Service Control Manager [7034] - The Tmesrv3 service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:34 PM, error: Service Control Manager [7034] - The Livescribe Pulse Smartpen Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:34 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The PostgreSQL Database Server 8.3 service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 7/8/2009 7:16:33 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 7/8/2009 7:03:51 PM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 7/8/2009 6:42:55 PM, error: System Error [1003] - Error code 100000c5, parameter1 9fc86e81, parameter2 00000002, parameter3 00000000, parameter4 8055196d. 7/8/2009 12:42:16 PM, error: WacomPen [3] - The device has been removed. 7/8/2009 12:42:16 PM, error: PlugPlayManager [12] - The device 'Wacom Serial Pen Tablet' (ACPI\WACF004\4&38462492&0) disappeared from the system without first being prepared for removal. 7/8/2009 12:23:51 AM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified. 7/8/2009 12:23:51 AM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified. ==== End Of File =========================== I'll run GMER after this post. Do you want a DDS log after I run that? |
|
|
|
|
Jul 12 2009, 05:36 PM
Post
#13
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
QUOTE I was going through other fourms and saw someone else with the same problem as I did, and they told them to run Avenger.exe. I had to change the name file, so that's what I stuck with. It didn't work as well as I hoped. As you discovered just because someone has the same problems as you it doesn't mean that the fix is the same, and in some cases may cause more damage to your machine, delete that file from your machine. QUOTE I'll run GMER after this post. Do you want a DDS log after I run that? Nope, you just posted one, when you post back please post all the logs I request, at the same time. Syler -------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
Jul 12 2009, 11:41 PM
Post
#14
|
|
|
New Member Group: Members Posts: 10 Joined: 29-June 09 Member No.: 346,654 |
Again, I'd like to thank you so much for putting the time and effort into going through my files and helping me with my problems. People like you who go through these things out of the goodness of your heart makes me believe in the world after all.
GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-12 19:57:15 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT spki.sys ZwCreateKey [0xF74D60E0] SSDT spki.sys ZwEnumerateKey [0xF74F4CA4] SSDT spki.sys ZwEnumerateValueKey [0xF74F5032] SSDT spki.sys ZwOpenKey [0xF74D60C0] SSDT spki.sys ZwQueryKey [0xF74F510A] SSDT spki.sys ZwQueryValueKey [0xF74F4F8A] SSDT spki.sys ZwSetValueKey [0xF74F519C] INT 0x62 ? 8AEB8BF8 INT 0x74 ? 8ACD0BF8 INT 0x82 ? 8AEB8BF8 INT 0x84 ? 8ACD0BF8 INT 0x94 ? 8ACD0BF8 INT 0x94 ? 8ACD0BF8 INT 0x94 ? 8ACD0BF8 ---- Kernel code sections - GMER 1.0.15 ---- ? spki.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload BA09A8AC 5 Bytes JMP 8ACD01D8 .text aq6m4h0c.SYS B9F49386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aq6m4h0c.SYS B9F493AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aq6m4h0c.SYS B9F493C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text aq6m4h0c.SYS B9F493C9 1 Byte [30] .text aq6m4h0c.SYS B9F493C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8AEBB2D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7507C4C] spki.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7507CA0] spki.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D7042] spki.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D713E] spki.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D70C0] spki.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D7800] spki.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D76D6] spki.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8ACD02D8 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!swprintf] 001CB286 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IofCallDriver] 001CB986 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!sprintf] 968D5140 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoStartTimer] 00002230 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ZwCreateKey] C6000000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoStartPacket] 538B0000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoFreeMdl] E8500000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeSetTimer] F6317300 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!_allmul] 74070647 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!_except_handler3] 05578A0B IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!_aulldiv] 03087408 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!strstr] 72F93B3F IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!_strupr] 8A09EBDA IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!KeTickCount] 88084B8A IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!PoCallDriver] 002157E8 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!memmove] 18C48300 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\aq6m4h0c.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8AEB71F8 Device \FileSystem\Fastfat \FatCdrom 8AAC1500 Device \FileSystem\Udfs \UdfsCdRom 8AB281F8 Device \FileSystem\Udfs \UdfsDisk 8AB281F8 AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBPDO-0 8AC831F8 Device \Driver\usbuhci \Device\USBPDO-1 8AC831F8 Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AE4A1F8 Device \Driver\dmio \Device\DmControl\DmConfig 8AE4A1F8 Device \Driver\dmio \Device\DmControl\DmPnP 8AE4A1F8 Device \Driver\dmio \Device\DmControl\DmInfo 8AE4A1F8 Device \Driver\usbuhci \Device\USBPDO-2 8AC831F8 Device \Driver\usbuhci \Device\USBPDO-3 8AC831F8 Device \Driver\PCI_PNP4088 \Device\00000054 spki.sys Device \Driver\PCI_PNP4088 \Device\00000054 spki.sys Device \Driver\usbehci \Device\USBPDO-4 8AC521F8 AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Ftdisk \Device\HarddiskVolume1 8AEB91F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{13952FAC-C02B-4E46-B06D-CEB5B4A94622} 8A996500 Device \Driver\Cdrom \Device\CdRom0 8AC44500 Device \Driver\Cdrom \Device\CdRom1 8AC44500 Device \Driver\sptd \Device\3441574088 spki.sys Device \Driver\NetBT \Device\NetBt_Wins_Export 8A996500 Device \Driver\NetBT \Device\NetbiosSmb 8A996500 AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\usbuhci \Device\USBFDO-0 8AC831F8 Device \Driver\usbuhci \Device\USBFDO-1 8AC831F8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8AAEF500 Device \Driver\usbuhci \Device\USBFDO-2 8AC831F8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8AAEF500 Device \Driver\usbuhci \Device\USBFDO-3 8AC831F8 Device \Driver\usbehci \Device\USBFDO-4 8AC521F8 Device \Driver\Ftdisk \Device\FtControl 8AEB91F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{D92501C8-E788-4212-9B8B-D234B28DBC92} 8A996500 Device \Driver\aq6m4h0c \Device\Scsi\aq6m4h0c1Port2Path0Target0Lun0 8ABCA500 Device \Driver\aq6m4h0c \Device\Scsi\aq6m4h0c1 8ABCA500 Device \FileSystem\Fastfat \Fat 8AAC1500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 8AAEE500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x23 0x43 0x47 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0x64 0x33 0xD4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0xAE 0x12 0xB1 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x23 0x43 0x47 0x28 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0x64 0x33 0xD4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4A 0x94 0xF6 0xA7 ... ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
Jul 13 2009, 06:08 PM
Post
#15
|
|
|
Forum Addict Group: HJT Team Posts: 3,715 Joined: 7-November 07 From: Warrington, UK Member No.: 168,228 |
Please download Malwarebytes' Anti-Malware from Here
Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
-------------------- Any requests for help via PM will be ignored, please use the forums. If I have help you, and you would like to make a donation, click here |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 02:54 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.