Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with some type of malware


  • Please log in to reply
7 replies to this topic

#1 No Virus!

No Virus!

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 23 December 2008 - 03:29 PM

My computer is very strange.
I was infected with some viruses. I deleted all i found. I use MalwareBytes. And Avira Antivir.
My Avira starts up disabled.
My computer is very slow. And the Cooling fan is constantly Running.
Awhile Back my IE7 was hijacked, But i reset it.
My Automatic Windows Update...Doesn't update.
And My Brother did somthing to the computer so now it looks like a server!

RSIT Files


Logfile of random's system information tool 1.05 (written by random/random)
Run by Mat Account is Gone at 2008-12-23 15:18:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 86 GB (75%) free of 114 GB
Total RAM: 2038 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:46 PM, on 12/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Atheros Utility.temp\setup.exe
c:\Atheros Utility.temp\setup.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Mat Account is Gone\Local Settings\Temporary Internet Files\Content.IE5\FOI3RTQ2\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Mat Account is Gone.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [DelRunOnceReg] C:\WINDOWS\system32\DelRunOnceReg.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\nodetuva.dll,C:\WINDOWS\system32\fonugile.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10881 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Norton Security Scan for Matt.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-10-06 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TDispVol"=C:\WINDOWS\system32\TDispVol.exe [2005-03-11 73728]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2005-12-22 30208]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-12-16 82009]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-08-14 1343488]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"NDSTray.exe"=NDSTray.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-06-01 282624]
"dla"=C:\WINDOWS\system32\dla\DLACTRLW.exe [2005-10-06 122940]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]
"ACU"=C:\Program Files\Atheros\ACU.exe [2005-12-08 323584]
"DelRunOnceReg"=C:\WINDOWS\system32\DelRunOnceReg.exe [2005-03-08 28672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THotkey]
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-01-05 352256]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\nodetuva.dll,C:\WINDOWS\system32\fonugile.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2005-12-22 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd
C:\WINDOWS\system32\fonugile.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Yahoo!\UPnP\yupnpsrv.exe"="C:\Program Files\Yahoo!\UPnP\yupnpsrv.exe:*:Enabled:Yahoo! UPnP AV Media Server"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager"
"C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory"
"C:\WINDOWS\ehome\ehtray.exe"="C:\WINDOWS\ehome\ehtray.exe:*:Enabled:ehtray"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-23 15:18:20 ----D---- C:\rsit
2008-12-23 15:17:56 ----A---- C:\WINDOWS\system32\ControlWZCS.exe
2008-12-23 15:17:55 ----A---- C:\WINDOWS\system32\DelRunOnceReg.exe
2008-12-23 15:17:55 ----A---- C:\WINDOWS\system32\CloseACU.exe
2008-12-23 15:17:46 ----A---- C:\WINDOWS\system32\acs.exe
2008-12-23 15:17:45 ----A---- C:\WINDOWS\system32\athcfg11res.dll
2008-12-23 15:17:44 ----A---- C:\WINDOWS\system32\wgapi.dll
2008-12-23 15:17:43 ----A---- C:\WINDOWS\system32\wcapi.dll
2008-12-23 15:17:43 ----A---- C:\WINDOWS\system32\athcfg11.dll
2008-12-23 15:17:12 ----A---- C:\WINDOWS\system32\AegisI5.exe
2008-12-23 15:17:11 ----A---- C:\WINDOWS\system32\AegisE5.dll
2008-12-23 15:15:09 ----D---- C:\Program Files\Atheros
2008-12-23 15:10:18 ----D---- C:\Atheros Utility.temp
2008-12-23 14:46:42 ----D---- C:\WINDOWS\LastGood
2008-12-23 14:18:48 ----D---- C:\Program Files\Trend Micro
2008-12-23 14:05:53 ----D---- C:\Program Files\Common Files\Scanner
2008-12-23 14:05:43 ----D---- C:\Program Files\CA Yahoo! Anti-Spy
2008-12-23 13:56:41 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\Malwarebytes
2008-12-23 13:53:06 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\GlarySoft
2008-12-22 22:30:05 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 22:30:05 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 22:30:05 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 22:29:07 ----D---- C:\Program Files\Java
2008-12-22 22:26:16 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\Sun
2008-12-22 22:22:40 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\WinRAR
2008-12-22 21:48:07 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\Yahoo!
2008-12-22 21:46:06 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-22 21:45:29 ----ASH---- C:\Documents and Settings\Mat Account is Gone\Application Data\desktop.ini
2008-12-22 21:45:27 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\Intel
2008-12-22 21:45:27 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\Identities
2008-12-22 21:45:27 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\AOL
2008-12-22 21:45:27 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\Adobe
2008-12-22 21:45:26 ----SD---- C:\Documents and Settings\Mat Account is Gone\Application Data\Microsoft
2008-12-22 21:45:26 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\You've Got Pictures Screensaver
2008-12-22 21:45:26 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\toshiba
2008-12-22 21:45:26 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\Protector Suite
2008-12-22 21:45:26 ----D---- C:\Documents and Settings\Mat Account is Gone\Application Data\Macromedia
2008-12-22 21:42:19 ----A---- C:\WINDOWS\resetlog.txt
2008-12-22 20:43:54 ----D---- C:\UBCD4Win
2008-12-22 19:58:37 ----HD---- C:\WINDOWS\PIF
2008-12-22 19:58:37 ----D---- C:\Program Files\VirusRemover2008
2008-12-22 19:58:26 ----D---- C:\Program Files\CoreAAC
2008-12-22 19:58:25 ----D---- C:\VundoFix Backups
2008-12-20 21:57:48 ----A---- C:\WINDOWS\system32\msexcr.ini
2008-12-20 20:50:42 ----D---- C:\Program Files\GRETECH
2008-12-20 14:28:28 ----A---- C:\VundoFix.txt
2008-12-20 14:01:34 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-20 14:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 14:00:24 ----D---- C:\Program Files\Safer Networking
2008-12-20 13:57:20 ----D---- C:\Program Files\Mozilla Firefox
2008-12-20 13:28:06 ----D---- C:\Avenger
2008-12-20 13:28:05 ----A---- C:\avenger.txt
2008-12-20 12:07:57 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-20 03:38:05 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-20 03:38:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-20 00:00:50 ----D---- C:\Program Files\Skype
2008-12-20 00:00:49 ----D---- C:\Program Files\Common Files\Skype
2008-12-19 23:57:23 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-12-19 19:16:16 ----D---- C:\Program Files\Defraggler
2008-12-19 19:02:30 ----D---- C:\Program Files\CCleaner
2008-12-19 16:52:14 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-19 16:52:13 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-18 20:18:29 ----D---- C:\Program Files\DiskCheckup
2008-12-15 20:12:00 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-12-15 18:58:04 ----D---- C:\Downloads
2008-12-15 16:17:45 ----D---- C:\Program Files\Free Download Manager
2008-12-14 16:40:30 ----D---- C:\Documents and Settings\All Users\Application Data\Comcast
2008-12-14 03:11:52 ----D---- C:\Program Files\CachemanXP
2008-12-14 03:10:23 ----D---- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-12-14 03:09:52 ----D---- C:\Program Files\Common Files\supportsoft
2008-12-14 03:09:51 ----D---- C:\Program Files\Comcast
2008-12-14 02:56:54 ----A---- C:\WINDOWS\swupdate.INI
2008-12-14 02:55:27 ----A---- C:\WINDOWS\system32\XceedZip.dll
2008-12-14 02:51:30 ----A---- C:\WINDOWS\wwwbatch.ini
2008-12-14 02:12:59 ----D---- C:\WINDOWS\CSC
2008-12-11 20:56:47 ----SHD---- C:\Config.Msi
2008-12-11 18:22:17 ----D---- C:\Nexon
2008-12-10 03:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 03:08:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 03:01:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 03:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 15:41:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-08 18:30:28 ----D---- C:\Program Files\DAEMON Tools Lite
2008-12-08 17:53:18 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2008-12-08 17:53:18 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2008-12-08 17:53:17 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2008-12-08 17:53:16 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2008-12-08 17:53:16 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2008-12-08 17:53:16 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2008-12-08 17:53:15 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2008-12-08 17:53:13 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-08 17:53:13 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-08 17:53:12 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-08 17:53:11 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-08 17:53:11 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-08 17:53:10 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-08 17:53:09 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-12-08 17:53:09 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-12-08 17:53:08 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-12-08 17:53:07 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-12-08 17:53:06 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-12-08 17:53:06 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-12-08 17:53:06 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-12-08 17:53:04 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-12-08 17:53:03 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-12-08 17:53:02 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-12-08 17:53:01 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-12-08 17:53:01 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-12-08 17:53:00 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-12-08 17:52:59 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-12-08 17:52:57 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-12-08 17:52:57 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-12-08 17:52:56 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-12-08 17:52:54 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-12-08 17:52:53 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-12-08 17:52:53 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-12-08 17:52:52 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-12-08 17:52:50 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-12-08 17:52:50 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-12-08 17:52:49 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-12-08 17:52:49 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-12-08 17:52:48 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-12-08 17:52:48 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-12-08 17:52:46 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-12-08 17:52:40 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-12-08 17:52:40 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-12-08 17:52:36 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-12-08 17:52:35 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-12-08 17:52:32 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-12-08 17:52:32 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-12-08 17:52:31 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-12-08 17:52:31 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-12-08 17:52:30 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-12-08 17:52:29 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-12-08 17:52:29 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-12-08 17:52:27 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-12-08 17:52:27 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-12-08 17:52:25 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-12-08 17:52:17 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-12-08 17:52:15 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-12-08 17:52:15 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-12-08 17:52:14 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-12-08 17:52:13 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-12-08 17:52:12 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-12-08 17:52:11 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-12-08 17:52:10 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-12-08 17:52:10 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-12-08 17:52:08 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-12-08 17:50:22 ----HD---- C:\WINDOWS\msdownld.tmp
2008-12-08 17:46:03 ----D---- C:\WINDOWS\Logs
2008-12-08 15:59:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-06 23:38:31 ----D---- C:\Program Files\jSVIcoder
2008-12-06 22:44:59 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-06 19:43:19 ----D---- C:\WINDOWS\system32\Adobe
2008-12-04 22:02:32 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-04 22:01:43 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-12-03 20:09:38 ----D---- C:\Program Files\WinRAR
2008-12-03 15:25:46 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-03 15:25:46 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-03 15:25:46 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-02 17:44:50 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-02 17:44:38 ----D---- C:\Program Files\Windows Live
2008-12-02 17:44:03 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-01 17:09:57 ----D---- C:\Program Files\WinAVI Video Converter
2008-12-01 17:06:01 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-01 16:01:03 ----D---- C:\Program Files\uTorrent
2008-11-27 06:02:25 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-11-27 06:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-11-27 06:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-27 06:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-11-26 16:40:48 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo
2008-11-26 16:00:49 ----D---- C:\WINDOWS\Sun
2008-11-25 19:24:04 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2008-11-25 19:22:56 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-11-25 19:22:37 ----D---- C:\Program Files\Windows Media Connect 2
2008-11-25 19:22:13 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-11-25 19:20:56 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-11-25 19:20:19 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-25 19:20:11 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-11-25 19:19:05 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$
2008-11-25 19:10:46 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-11-25 18:03:29 ----A---- C:\WINDOWS\system32\msir3jp.dll
2008-11-25 18:03:29 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2008-11-25 18:03:29 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2008-11-25 18:03:29 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2008-11-25 18:03:13 ----A---- C:\WINDOWS\system32\kbd101a.dll
2008-11-25 18:02:59 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2008-11-25 18:02:59 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2008-11-25 18:02:59 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2008-11-25 18:02:38 ----A---- C:\WINDOWS\system32\c_is2022.dll
2008-11-25 18:02:14 ----A---- C:\WINDOWS\system32\kbdkor.dll
2008-11-25 18:02:14 ----A---- C:\WINDOWS\system32\kbdjpn.dll
2008-11-25 18:02:14 ----A---- C:\WINDOWS\system32\kbd103.dll
2008-11-25 18:02:14 ----A---- C:\WINDOWS\system32\kbd101c.dll
2008-11-25 18:02:10 ----A---- C:\WINDOWS\system32\kbd106.dll
2008-11-25 18:02:10 ----A---- C:\WINDOWS\system32\kbd101b.dll
2008-11-25 17:09:44 ----D---- C:\Program Files\Glary Utilities
2008-11-25 14:32:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-25 14:31:18 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-25 02:38:05 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-25 02:37:03 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-11-24 22:10:27 ----D---- C:\WINDOWS\Prefetch
2008-11-24 22:03:13 ----SHD---- C:\found.000
2008-11-24 20:58:40 ----D---- C:\Program Files\Avira
2008-11-24 20:58:40 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-11-24 19:32:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-24 19:31:52 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-24 19:31:37 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-24 19:31:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-24 19:31:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-24 19:30:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-24 19:30:38 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-24 19:30:24 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-24 19:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-24 19:29:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-24 19:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-24 19:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-24 19:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-24 19:28:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-24 19:28:46 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-24 19:28:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-24 19:18:05 ----D---- C:\WINDOWS\system32\scripting
2008-11-24 19:18:04 ----D---- C:\WINDOWS\l2schemas
2008-11-24 19:18:03 ----D---- C:\WINDOWS\system32\en
2008-11-24 19:18:02 ----D---- C:\WINDOWS\system32\bits
2008-11-24 19:10:53 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-24 18:59:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-24 18:34:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2008-11-24 18:34:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-11-24 18:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-11-24 18:33:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-11-24 18:33:22 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-11-24 18:33:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-11-24 18:32:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-11-24 18:32:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-11-24 18:32:21 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2008-11-24 18:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-11-24 18:31:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-11-24 18:30:54 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2008-11-24 18:28:49 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-24 18:28:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2008-11-24 18:28:03 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-11-24 18:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-24 18:27:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-11-24 18:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-11-24 18:26:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-11-24 18:26:16 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-11-24 18:25:45 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-11-24 18:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-24 18:25:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-24 18:25:00 ----D---- C:\Program Files\MSXML 4.0
2008-11-24 18:24:39 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-11-24 18:10:13 ----D---- C:\WINDOWS\ie7updates
2008-11-24 18:09:01 ----D---- C:\WINDOWS\WBEM
2008-11-24 18:08:59 ----D---- C:\WINDOWS\system32\en-US
2008-11-24 18:06:47 ----HDC---- C:\WINDOWS\ie7
2008-11-24 18:06:13 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-24 18:05:25 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-24 18:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-24 18:04:25 ----A---- C:\WINDOWS\system32\xmllite.dll
2008-11-24 18:02:05 ----D---- C:\WINDOWS\network diagnostic
2008-11-24 18:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-11-24 18:01:45 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-11-24 15:49:12 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-24 15:49:10 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-24 15:49:07 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-24 15:49:07 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-24 15:49:05 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-11-24 15:49:01 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-24 15:49:01 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-11-24 15:48:54 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-11-24 15:48:53 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-11-24 15:48:50 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-24 15:48:50 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-24 15:48:50 ----N---- C:\WINDOWS\slrundll.exe
2008-11-24 15:48:49 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-24 15:48:49 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-24 15:48:49 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-24 15:48:45 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-24 15:48:43 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-24 15:48:43 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-11-24 15:48:42 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-24 15:48:41 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-24 15:48:40 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-24 15:48:39 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-24 15:48:39 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-24 15:48:38 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-24 15:48:36 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-24 15:48:33 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-24 15:48:26 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-24 15:48:26 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-24 15:48:26 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-24 15:48:25 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-24 15:48:25 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-11-24 15:48:24 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-11-24 15:48:21 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-24 15:48:21 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-24 15:48:02 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-24 15:48:02 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-24 15:48:02 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-24 15:48:02 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-24 15:47:59 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-11-24 15:47:55 ----A---- C:\WINDOWS\system32\uniime.dll
2008-11-24 15:47:46 ----A---- C:\WINDOWS\system32\imjp81k.dll
2008-11-24 15:47:42 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-24 15:47:42 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-24 15:47:42 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-24 15:47:42 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-24 15:47:42 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-24 15:47:42 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-24 15:47:42 ----A---- C:\WINDOWS\system32\kbdlk41j.dll
2008-11-24 15:47:42 ----A---- C:\WINDOWS\system32\kbdlk41a.dll
2008-11-24 15:47:42 ----A---- C:\WINDOWS\system32\kbdibm02.dll
2008-11-24 15:47:42 ----A---- C:\WINDOWS\system32\kbdax2.dll
2008-11-24 15:47:42 ----A---- C:\WINDOWS\system32\kbd106n.dll
2008-11-24 15:47:42 ----A---- C:\WINDOWS\system32\kbd101.dll
2008-11-24 15:47:23 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-24 15:47:19 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-24 15:47:13 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-11-24 15:47:13 ----A---- C:\WINDOWS\system32\f3ahvoas.dll
2008-11-24 15:47:11 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-24 15:47:11 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-24 15:47:11 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-24 15:47:11 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-24 15:47:11 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-24 15:47:11 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-24 15:47:11 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-24 15:47:11 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-24 15:47:07 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-24 15:47:07 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-24 15:47:07 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-24 15:47:07 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-24 15:47:07 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-24 15:47:07 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-24 15:47:07 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-24 15:47:06 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-24 15:47:06 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-24 15:47:05 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-24 15:47:02 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-24 15:47:02 ----A---- C:\WINDOWS\system32\c_g18030.dll
2008-11-24 15:46:54 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-24 15:46:53 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-24 15:46:53 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-24 15:46:53 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-24 15:46:52 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-24 15:46:52 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-24 15:46:52 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-24 15:46:52 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-24 15:46:52 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-24 15:46:49 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-11-24 15:29:27 ----N---- C:\WINDOWS\kb913800.exe
2008-11-24 15:25:42 ----D---- C:\WINDOWS\system32\PreInstall
2008-11-24 15:25:39 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$

======List of files/folders modified in the last 1 months======

2008-12-23 15:17:57 ----AD---- C:\WINDOWS\system32
2008-12-23 15:17:42 ----A---- C:\WINDOWS\system32\results.txt
2008-12-23 15:17:39 ----HD---- C:\WINDOWS\inf
2008-12-23 15:15:09 ----D---- C:\Program Files
2008-12-23 15:15:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-23 15:09:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-23 14:46:42 ----D---- C:\WINDOWS
2008-12-23 14:45:26 ----D---- C:\WINDOWS\Temp
2008-12-23 14:05:53 ----D---- C:\Program Files\Common Files
2008-12-23 14:05:29 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-23 13:55:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 13:33:29 ----D---- C:\WINDOWS\Registration
2008-12-23 13:33:28 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-12-23 13:33:16 ----D---- C:\WINDOWS\system32\DLA
2008-12-23 00:08:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-23 00:08:36 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-23 00:08:35 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-23 00:08:32 ----RSD---- C:\WINDOWS\Fonts
2008-12-23 00:05:17 ----RSD---- C:\WINDOWS\assembly
2008-12-23 00:04:46 ----D---- C:\WINDOWS\pchealth
2008-12-23 00:04:45 ----SHD---- C:\WINDOWS\Installer
2008-12-22 23:26:20 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-22 22:45:32 ----SHD---- C:\RECYCLER
2008-12-22 21:45:25 ----D---- C:\Documents and Settings
2008-12-20 20:58:20 ----A---- C:\WINDOWS\system.ini
2008-12-20 14:06:13 ----AD---- C:\WINDOWS\system32\drivers
2008-12-19 23:40:21 ----D---- C:\Program Files\McAfee.com
2008-12-19 20:57:39 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-19 19:11:25 ----D---- C:\Program Files\WildTangent
2008-12-19 19:09:34 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-12-19 19:03:54 ----D---- C:\WINDOWS\Debug
2008-12-19 18:56:18 ----SD---- C:\WINDOWS\Tasks
2008-12-15 19:09:27 ----D---- C:\WINDOWS\WinSxS
2008-12-14 02:51:17 ----D---- C:\WINDOWS\Driver Cache
2008-12-14 02:41:05 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-14 00:07:03 ----D---- C:\WINDOWS\system32\config
2008-12-14 00:06:29 ----D---- C:\WINDOWS\system32\wbem
2008-12-14 00:00:22 ----D---- C:\Program Files\Google
2008-12-13 23:58:51 ----D---- C:\WINDOWS\system32\Restore
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 03:09:17 ----D---- C:\Program Files\Internet Explorer
2008-12-09 15:43:02 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-08 17:53:23 ----D---- C:\WINDOWS\system32\DirectX
2008-12-07 19:31:06 ----D---- C:\Program Files\GemMaster
2008-12-07 19:27:41 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-07 19:26:36 ----D---- C:\Program Files\Yahoo!
2008-12-07 14:00:48 ----D---- C:\WINDOWS\system32\Macromed
2008-12-05 19:55:28 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-04 22:04:46 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-04 03:01:18 ----D---- C:\Program Files\Microsoft Works
2008-12-03 17:12:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 03:28:17 ----A---- C:\WINDOWS\win.ini
2008-11-25 20:57:02 ----D---- C:\WINDOWS\Microsoft.NET
2008-11-25 19:26:32 ----D---- C:\WINDOWS\ehome
2008-11-25 19:25:37 ----D---- C:\WINDOWS\security
2008-11-25 19:23:27 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-25 19:22:36 ----D---- C:\Program Files\Windows Media Player
2008-11-25 19:22:24 ----D---- C:\WINDOWS\Help
2008-11-25 19:07:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-24 22:09:36 ----D---- C:\WINDOWS\system32\Setup
2008-11-24 22:09:36 ----D---- C:\Program Files\Messenger
2008-11-24 22:09:35 ----D---- C:\WINDOWS\AppPatch
2008-11-24 19:18:40 ----D---- C:\WINDOWS\ime
2008-11-24 19:18:06 ----D---- C:\WINDOWS\system32\usmt
2008-11-24 19:18:02 ----D---- C:\WINDOWS\PeerNet
2008-11-24 19:18:01 ----D---- C:\Program Files\Movie Maker
2008-11-24 19:10:24 ----D---- C:\WINDOWS\system32\npp
2008-11-24 19:10:23 ----D---- C:\WINDOWS\mui
2008-11-24 19:10:20 ----D---- C:\WINDOWS\msagent
2008-11-24 19:10:17 ----D---- C:\WINDOWS\srchasst
2008-11-24 19:10:16 ----D---- C:\Program Files\NetMeeting
2008-11-24 19:10:13 ----D---- C:\WINDOWS\system32\Com
2008-11-24 19:10:07 ----D---- C:\Program Files\Windows NT
2008-11-24 19:10:06 ----D---- C:\Program Files\Outlook Express
2008-11-24 19:09:58 ----D---- C:\Program Files\Common Files\System
2008-11-24 19:09:29 ----AD---- C:\WINDOWS\system32\oobe
2008-11-24 19:09:24 ----D---- C:\WINDOWS\system
2008-11-24 18:08:42 ----D---- C:\WINDOWS\Media

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-25 75072]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-02-16 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-08-14 231424]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2005-12-22 28800]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-04 1428096]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 asye1kn8;asye1kn8; C:\WINDOWS\system32\drivers\asye1kn8.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-23 21035]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-12-20 35328]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-09-26 36864]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.05 2008-12-23 15:18:54

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\aolunins_us.exe
AOL Coach Version 2.0(Build:20041026.5 en)-->C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Connectivity Services-->"C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Spyware Protection-->C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
AOL You've Got Pictures Screensaver-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
CoreAAC-->"C:\Program Files\CoreAAC\Uninstall.exe"
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
DiskCheckup V2.1-->"C:\Program Files\DiskCheckup\unins000.exe"
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
Glary Utilities 2.9.0.518-->"C:\Program Files\Glary Utilities\unins000.exe"
GOM Encoder-->"C:\Program Files\GRETECH\GomEncoder\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory-->MsiExec.exe /I{D667CFD2-9560-48C3-A96B-0E3BF45699A0}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Metamail (Toshiba Registration Utility)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MyConnect Special Offer-->MsiExec.exe /I{97D8751D-18A4-482B-9E9C-31DAD9BEC1EC}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Pure Networks Port Magic-->C:\Program Files\Pure Networks\Port Magic\PortAOL.exe -Uninstall -ShowUI
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RunAlyzer-->"C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA TV Tuner 4.0.12.73-->C:\Program Files\AVerMedia\TOSHIBA TV Tuner\uninst.exe
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
UBCD4Win 3.22-->"C:\UBCD4Win\unins000.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
WinAVI Video Converter-->"C:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: Avira AntiVir PersonalEdition

System event log

Computer Name: TOSHIBA-USER
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{0F4E36C3-39BC-41A5-B6E5-7F2328FE48F2} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 3315
Source Name: Tcpip
Time Written: 20081216184300.000000-300
Event Type: information
User:

Computer Name: TOSHIBA-USER
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{0F4E36C3-39BC-41A5-B6E5-7F2328FE48F2} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 3314
Source Name: Tcpip
Time Written: 20081216184255.000000-300
Event Type: information
User:

Computer Name: TOSHIBA-USER
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{0F4E36C3-39BC-41A5-B6E5-7F2328FE48F2} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 3313
Source Name: Tcpip
Time Written: 20081216184250.000000-300
Event Type: information
User:

Computer Name: TOSHIBA-USER
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{0F4E36C3-39BC-41A5-B6E5-7F2328FE48F2} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 3312
Source Name: Tcpip
Time Written: 20081216165350.000000-300
Event Type: information
User:

Computer Name: TOSHIBA-USER
Event Code: 35
Message: The time service is now synchronizing the system time with the time
source time.windows.com (ntp.m|0x1|67.172.12.119:123->207.46.197.32:123).

Record Number: 3311
Source Name: W32Time
Time Written: 20081216161021.000000-300
Event Type: information
User:

Application event log

Computer Name: TOSHIBA-USER
Event Code: 11729
Message: Product: Microsoft Office Standard Edition 2003 -- Configuration failed.

Record Number: 187
Source Name: MsiInstaller
Time Written: 20081205172220.000000-300
Event Type: information
User:

Computer Name: TOSHIBA-USER
Event Code: 1024
Message: Product: Microsoft Office Standard Edition 2003 - Update 'Office 2003 Service Pack 3 (SP3): MAINSP3' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Record Number: 186
Source Name: MsiInstaller
Time Written: 20081205172220.000000-300
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 185
Source Name: Application Hang
Time Written: 20081205172212.000000-300
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 10005
Message: Product: Microsoft Office Standard Edition 2003 -- Error 2349. An internal error has occurred. ( ) Contact Microsoft Product Support Services (PSS) for assistance. For information about how to contact PSS, see C:\Program Files\Microsoft Office\OFFICE11\1033\PSS10R.CHM.

Record Number: 184
Source Name: MsiInstaller
Time Written: 20081205172208.000000-300
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16735, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 183
Source Name: Application Hang
Time Written: 20081205153046.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:38 AM

Posted 01 January 2009 - 08:33 AM

hi No Virus!,

your log is several days old. If you still need help: update and run MBAM (Malwarebytes)
post the log from it. After it is finished, rescan and post a new hjt log also.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
*** Be sure that everything is checked, and click Remove Selected.***
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

How Can I Reduce My Risk to Malware?


#3 No Virus!

No Virus!
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 02 January 2009 - 02:21 AM

Yes. Will Do.


Enclosed

Attached Files


Edited by No Virus!, 02 January 2009 - 03:54 AM.


#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:38 AM

Posted 02 January 2009 - 12:26 PM

hi,

Thanks for the info. We will use hjt:

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O20 - AppInit_DLLs: c:\windows\system32\nodetuva.dll,C:\WINDOWS\system32\fonugile.dll


reboot computer and post a new hjt log.

When you ran MBAM last time you did this step:

* When the scan is complete, click OK, then Show Results to view the results.
*** Be sure that everything is checked, and click Remove Selected.***

How Can I Reduce My Risk to Malware?


#5 No Virus!

No Virus!
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 02 January 2009 - 08:49 PM

The maple Noob unleashed is a program for MapleStory, which is why i ignored it..


Other logs.

Attached Files


Edited by No Virus!, 02 January 2009 - 10:02 PM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:38 AM

Posted 03 January 2009 - 02:04 PM

hi,

ok thanks for the info. MBAM removed some items, hjt log looks ok

do this also, to see if it picks up the maplestory item again. which could be a false positive

1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.

How Can I Reduce My Risk to Malware?


#7 No Virus!

No Virus!
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 03 January 2009 - 02:48 PM

Thank you :thumbsup:

#8 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:03:38 AM

Posted 04 January 2009 - 05:00 PM

Can you post the log:

do this also, to see if it picks up the maplestory item again. which could be a false positive

1. Click the Start Menu.
2. Click Run.
3. Type in "mbam.exe /developer", without the quotes.
4. Run the same type of scan you did before and save the logfile and post it.


How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users