Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.BHO.H and Trojan.Agent


  • This topic is locked This topic is locked
6 replies to this topic

#1 rdj357

rdj357

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 21 April 2009 - 10:11 PM

Hello,

I removed (to the best of my ability) an infection of Trojan.Vundo.H but now mbam reports infections of Trojan.BHO.H and Trojan.Agent that it claims to successfully remove but they reinstall upon reboot. Please help, Thanks so much.

Robert


DDS (Ver_09-03-16.01) - NTFSx86
Run by Meredith Leigh at 21:59:54.48 on Tue 04/21/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.205 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Meredith Leigh\Desktop\Bleeping Computer\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {2944dab4-5391-4b51-a539-133fb076e7f8} - c:\windows\system32\athcfg1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\documents and settings\meredith leigh\start menu\programs\startup\IMVU.lnk.disabled
StartupFolder: c:\documents and settings\meredith leigh\start menu\programs\startup\Registration .LNK.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\$mcreb~1.lnk - c:\windows\system32\cmd.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Metamail Trust Manager.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\RAMASST.lnk.disabled
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\meredith leigh\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: moove.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
AppInit_DLLs: c:\windows\system32\sejopobo.dll c:\windows\system32\bifuyote.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\sejopobo.dll

============= SERVICES / DRIVERS ===============

R0 uirvdijn;uirvdijn;c:\windows\system32\drivers\uirvdijn.sys [2005-11-14 23424]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2006-4-13 70016]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R4 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys --> c:\windows\system32\drivers\mfehidk.sys [?]
S2 0016011240367880mcinstcleanup;McAfee Application Installer Cleanup (0016011240367880);c:\docume~1\meredi~1\locals~1\temp\001601~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\meredi~1\locals~1\temp\001601~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 DCamUSBDigitalCamera;Vivicam Digital Camera;c:\windows\system32\drivers\MPIXVID.SYS [2006-8-4 104593]
S3 DCamUSBTP10;Cam IV;c:\windows\system32\drivers\TP6810.SYS [2007-10-28 240584]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-04-21 21:51 61,440 a------- c:\windows\system32\drivers\zrordw.sys
2009-04-21 21:38 <DIR> --d----- c:\docume~1\meredi~1\applic~1\SiteAdvisor
2009-04-21 20:49 578,560 ac------ c:\windows\system32\dllcache\user32.dll
2009-04-21 20:45 <DIR> --d----- c:\windows\ERUNT
2009-04-21 20:41 <DIR> -cd----- C:\SDFix
2009-04-20 17:24 <DIR> --d----- c:\documents and settings\meredith leigh\DoctorWeb
2009-04-20 17:21 1,074 a------- c:\windows\system32\Config.MPF
2009-04-20 14:42 <DIR> --d----- c:\program files\SiteAdvisor
2009-04-20 14:33 <DIR> --d----- c:\program files\McAfee.com
2009-04-20 14:32 <DIR> --d----- c:\program files\common files\McAfee
2009-04-20 14:32 <DIR> --d----- c:\program files\McAfee
2009-04-18 17:55 653,429 ac------ C:\ituneslib.itl
2009-04-18 15:00 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-18 11:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-18 11:33 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-18 11:33 <DIR> --d----- c:\docume~1\meredi~1\applic~1\SUPERAntiSpyware.com
2009-04-18 11:31 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-18 10:59 161,792 a------- c:\windows\SWREG.exe
2009-04-18 10:59 98,816 a------- c:\windows\sed.exe
2009-04-18 09:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kitehevu
2009-04-18 09:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\tepidike
2009-04-18 09:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\kisojaze
2009-04-17 22:46 <DIR> --d----- c:\docume~1\meredi~1\applic~1\Malwarebytes
2009-04-17 22:45 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-17 22:45 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 22:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-17 22:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-15 14:44 <DIR> --d----- c:\documents and settings\meredith leigh\uspy
2009-04-15 08:42 <DIR> --d----- C:\unknown
2009-04-15 08:39 <DIR> --d----- c:\windows\Unknown crap
2009-04-15 08:35 <DIR> --d----- c:\documents and settings\meredith leigh\MISC
2009-04-14 21:17 97,280 a------- c:\windows\system32\athcfg1.dll
2009-04-14 15:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-13 11:13 <DIR> --d----- c:\docume~1\meredi~1\applic~1\Skunk Studios
2009-04-07 20:36 <DIR> --d----- c:\program files\iPod
2009-04-07 20:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-05 11:14 <DIR> --d----- c:\docume~1\meredi~1\applic~1\SerpentOfIsis
2009-03-30 09:01 <DIR> --d----- c:\docume~1\meredi~1\applic~1\Ubisoft
2009-03-27 08:53 <DIR> --d----- c:\docume~1\meredi~1\applic~1\Boolat Games
2009-03-26 09:15 <DIR> --d----- c:\docume~1\meredi~1\applic~1\Lost in the City

==================== Find3M ====================

2009-04-21 21:51 786 a------- c:\program files\tjnvhh.txt
2009-03-31 11:56 32,724 ac--h--- c:\windows\system32\mlfcache.dat
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-18 14:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 23:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-05 23:59 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-02-09 06:13 1,846,784 a------- c:\windows\system32\win32k.sys
2008-03-02 11:33 0 ac------ c:\program files\temp01
2007-04-02 01:42 1,564 ac------ c:\docume~1\meredi~1\applic~1\wklnhst.dat
2008-09-13 15:07 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091320080914\index.dat

============= FINISH: 22:00:40.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 rdj357

rdj357
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 01 May 2009 - 11:43 PM

I still can't get rid of these, anyone able to help?

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:22 AM

Posted 04 May 2009 - 08:00 AM

Hi rdj357,

Sorry for the delay the forums here at BC are always very busy and we do are best to keep up. Since
it has been a while since you posted your log I would like to see a new log please.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:22 AM

Posted 07 May 2009 - 01:02 PM

Can you let me no if you still require my help?

unite.jpg


#5 rdj357

rdj357
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:22 PM

Posted 08 May 2009 - 09:06 AM

Sorry for the delay! Here are the logs you requested. Thank you!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Meredith Leigh at 2009-05-08 09:03:18
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 10 GB (26%) free of 38 GB
Total RAM: 503 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:03:33, on 5/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\dhcp\svchost.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\services.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\TEMP\4088268338.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\services.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dll32.exe
C:\Documents and Settings\Meredith Leigh\reader_s.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\MEREDI~1\LOCALS~1\Temp\691894792.exe
C:\Documents and Settings\Meredith Leigh\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Meredith Leigh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fptb-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: (no name) - {2e19435c-b278-4e0a-b814-235304eb5fe2} - C:\WINDOWS\system32\tuvadajo.dll
O2 - BHO: C:\WINDOWS\system32\jksahfo93wjfkd.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jksahfo93wjfkd.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld08.exe
O4 - HKLM\..\Run: [pp] c:\windows\pp06.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [CPM6b5cbd17] Rundll32.exe "c:\windows\system32\pihiduru.dll",a
O4 - HKLM\..\Run: [686f8e8b] rundll32.exe "C:\WINDOWS\system32\darikoda.dll",b
O4 - HKLM\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\rimukonu.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\MEREDI~1\LOCALS~1\Temp\691894792.exe
O4 - HKCU\..\Run: [dll32] dll32
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Meredith Leigh\reader_s.exe
O4 - HKUS\S-1-5-19\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\hipujage.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [yapuhayuyu] Rundll32.exe "C:\WINDOWS\system32\hipujage.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\l0x9n0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\l0x9n0.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\4088268338.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\l0x9n0.exe (User 'Default user')
O4 - Startup: IMVU.lnk.disabled
O4 - Startup: Registration .LNK.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Metamail Trust Manager.lnk.disabled
O4 - Global Startup: RAMASST.lnk.disabled
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Meredith Leigh\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.moove.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testAc...OnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\sejopobo.dll c:\windows\system32\bifuyote.dll c:\progra~1\ThunMail\testabd.dll c:\windows\system32\yusulako.dll c:\windows\system32\pihiduru.dll,C:\WINDOWS\system32\lojotujo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pihiduru.dll
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jksahfo93wjfkd.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pihiduru.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

--
End of file - 10062 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{B04AC861-DEBD-4C6F-B8A7-C473A504B472}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e19435c-b278-4e0a-b814-235304eb5fe2}]
C:\WINDOWS\system32\tuvadajo.dll [2009-02-08 51200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2BA40A2-74F0-42BD-F434-12345A2C8953}]
C:\WINDOWS\system32\jksahfo93wjfkd.dll - C:\WINDOWS\system32\jksahfo93wjfkd.dll [2009-04-24 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2007-09-05 816400]
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-04-12 88358]
"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2005-08-09 131072]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2005-05-31 143421]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"sysldtray"=C:\windows\ld08.exe []
"pp"=c:\windows\pp06.exe []
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-05-07 36352]
"services"=C:\WINDOWS\services.exe [2009-05-07 69120]
"CPM6b5cbd17"=c:\windows\system32\pihiduru.dll [2009-05-08 89600]
"686f8e8b"=C:\WINDOWS\system32\darikoda.dll [2009-05-08 82432]
"yapuhayuyu"=C:\WINDOWS\system32\rimukonu.dll [2009-02-08 51200]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 86016]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 35840]
"Diagnostic Manager"=C:\DOCUME~1\MEREDI~1\LOCALS~1\Temp\691894792.exe [2009-05-08 179201]
"dll32"=dll32 []
"reader_s"=C:\Documents and Settings\Meredith Leigh\reader_s.exe [2009-04-28 36352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk.disabled - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Metamail Trust Manager.lnk.disabled - C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
RAMASST.lnk.disabled - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Meredith Leigh\Start Menu\Programs\Startup
IMVU.lnk.disabled - E:\IMVU\IMVUClient.exe
Registration .LNK.disabled - C:\Program Files\Ubisoft\Telltale Games\CSI-3 Dimensions of Murder\Registration\RegistrationReminder.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\sejopobo.dll c:\windows\system32\bifuyote.dll c:\progra~1\ThunMail\testabd.dll c:\windows\system32\yusulako.dll c:\windows\system32\pihiduru.dll,C:\WINDOWS\system32\lojotujo.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pihiduru.dll [2009-05-08 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\jksahfo93wjfkd.dll [2009-04-24 15000]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\pihiduru.dll [2009-05-08 89600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\sejopobo.dll
C:\WINDOWS\system32\lojotujo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:msiexec"
"C:\Program Files\Safari\Safari.exe"="C:\Program Files\Safari\Safari.exe:*:Enabled:Safari"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Topro\TP6810\tppoll10.exe"="C:\Program Files\Topro\TP6810\tppoll10.exe:*:Enabled:tppoll10"
"C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe"="C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe:*:Enabled:ymsgr_tray"
"C:\WINDOWS\system32\acs.exe"="C:\WINDOWS\system32\acs.exe:*:Enabled:acs"
"C:\WINDOWS\system32\verclsid.exe"="C:\WINDOWS\system32\verclsid.exe:*:Enabled:verclsid"
"C:\WINDOWS\agrsmmsg.exe"="C:\WINDOWS\agrsmmsg.exe:*:Enabled:AGRSMMSG"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\dwwin.exe"="C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{19708d4c-6c43-11dc-881b-0011f5e9f063}]
shell\autorun\command - F:\MSMSGS.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{966570aa-c731-11da-854e-0011f5e9f063}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe


======List of files/folders created in the last 1 months======

2009-05-08 09:03:19 ----D---- C:\Program Files\trend micro
2009-05-08 09:03:18 ----DC---- C:\rsit
2009-05-08 08:58:24 ----SH---- C:\WINDOWS\system32\adokirad.ini
2009-05-07 12:08:41 ----A---- C:\WINDOWS\system32\9.tmp
2009-05-07 12:07:45 ----A---- C:\WINDOWS\services.exe
2009-05-07 12:06:42 ----A---- C:\WINDOWS\system32\4.tmp
2009-05-07 10:09:12 ----A---- C:\WINDOWS\system32\6.tmp
2009-05-07 10:09:11 ----A---- C:\WINDOWS\system32\5.tmp
2009-05-07 10:08:50 ----A---- C:\WINDOWS\system32\3.tmp
2009-05-07 08:59:00 ----SH---- C:\WINDOWS\system32\ilakaguw.ini
2009-05-05 12:21:15 ----SH---- C:\WINDOWS\system32\udolekop.ini
2009-05-03 16:37:19 ----SH---- C:\WINDOWS\system32\otihahaj.ini
2009-04-29 11:27:12 ----AC---- C:\2F.tmp
2009-04-29 11:27:05 ----AC---- C:\2B.tmp
2009-04-29 11:27:04 ----AC---- C:\2A.tmp
2009-04-29 11:27:03 ----AC---- C:\29.tmp
2009-04-29 11:27:03 ----AC---- C:\28.tmp
2009-04-29 11:27:03 ----AC---- C:\27.tmp
2009-04-29 11:27:03 ----AC---- C:\26.tmp
2009-04-29 11:27:02 ----AC---- C:\25.tmp
2009-04-29 11:27:01 ----AC---- C:\24.tmp
2009-04-29 11:27:01 ----AC---- C:\23.tmp
2009-04-29 11:27:00 ----AC---- C:\22.tmp
2009-04-29 11:26:58 ----AC---- C:\21.tmp
2009-04-29 11:26:55 ----AC---- C:\20.tmp
2009-04-29 11:26:52 ----AC---- C:\1F.tmp
2009-04-29 08:04:50 ----AC---- C:\1E.tmp
2009-04-29 08:04:46 ----AC---- C:\1D.tmp
2009-04-29 08:04:39 ----AC---- C:\1C.tmp
2009-04-29 08:04:37 ----AC---- C:\1B.tmp
2009-04-29 08:04:37 ----AC---- C:\1A.tmp
2009-04-29 08:04:37 ----AC---- C:\19.tmp
2009-04-29 08:04:37 ----A---- C:\WINDOWS\system32\kjsdiowq8oikf.dll
2009-04-29 08:04:36 ----AC---- C:\18.tmp
2009-04-29 08:04:35 ----AC---- C:\17.tmp
2009-04-29 08:04:35 ----AC---- C:\16.tmp
2009-04-29 08:04:15 ----AC---- C:\15.tmp
2009-04-29 08:04:12 ----AC---- C:\14.tmp
2009-04-29 08:04:09 ----AC---- C:\13.tmp
2009-04-29 08:04:06 ----AC---- C:\12.tmp
2009-04-29 08:04:03 ----AC---- C:\11.tmp
2009-04-29 07:54:58 ----SH---- C:\WINDOWS\system32\ehuguduj.ini
2009-04-28 12:22:19 ----SH---- C:\WINDOWS\system32\umokagiw.ini
2009-04-28 12:22:09 ----A---- C:\WINDOWS\system32\2D.tmp
2009-04-28 12:21:57 ----A---- C:\WINDOWS\system32\2B.tmp
2009-04-28 12:21:45 ----A---- C:\WINDOWS\system32\2A.tmp
2009-04-25 10:29:57 ----SH---- C:\WINDOWS\system32\isuyomir.ini
2009-04-24 17:18:14 ----AC---- C:\F.tmp
2009-04-24 17:18:12 ----AC---- C:\E.tmp
2009-04-24 17:18:12 ----AC---- C:\D.tmp
2009-04-24 17:18:11 ----AC---- C:\C.tmp
2009-04-24 17:18:11 ----AC---- C:\B.tmp
2009-04-24 17:18:09 ----AC---- C:\A.tmp
2009-04-24 17:18:09 ----AC---- C:\9.tmp
2009-04-24 17:18:08 ----AC---- C:\8.tmp
2009-04-24 17:18:08 ----AC---- C:\7.tmp
2009-04-24 17:18:05 ----AC---- C:\6.tmp
2009-04-24 17:18:02 ----AC---- C:\5.tmp
2009-04-24 17:17:59 ----AC---- C:\4.tmp
2009-04-24 17:16:27 ----AC---- C:\WINDOWS\system32\11.tmp
2009-04-24 17:16:21 ----AC---- C:\WINDOWS\system32\D.tmp
2009-04-24 17:16:19 ----AC---- C:\WINDOWS\system32\A.tmp
2009-04-24 17:08:44 ----A---- C:\WINDOWS\system32\w.exe
2009-04-24 17:08:44 ----A---- C:\WINDOWS\system32\sopidkc.exe
2009-04-24 17:08:39 ----AC---- C:\WINDOWS\system32\F.tmp
2009-04-24 17:08:37 ----D---- C:\WINDOWS\dhcp
2009-04-24 17:08:37 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-04-24 17:08:36 ----AC---- C:\WINDOWS\system32\E.tmp
2009-04-24 17:08:26 ----AC---- C:\WINDOWS\system32\C.tmp
2009-04-24 17:08:25 ----AC---- C:\WINDOWS\system32\B.tmp
2009-04-24 17:08:14 ----RSHD---- C:\Program Files\ThunMail
2009-04-24 17:08:13 ----A---- C:\WINDOWS\system32\jksahfo93wjfkd.dll
2009-04-24 17:07:58 ----A---- C:\WINDOWS\system32\dll32.exe
2009-04-24 17:06:15 ----D---- C:\WINDOWS\system32\179223
2009-04-24 17:06:10 ----AC---- C:\pdtivk.exe
2009-04-24 17:06:06 ----A---- C:\WINDOWS\st_1240610804.exe
2009-04-24 17:06:04 ----SHD---- C:\WINDOWS\system32\twain32
2009-04-24 17:06:03 ----AC---- C:\ffws.exe
2009-04-24 17:05:51 ----A---- C:\WINDOWS\system32\nvrsk.dll
2009-04-24 17:05:38 ----AC---- C:\celkadaa.exe
2009-04-24 17:05:32 ----A---- C:\WINDOWS\system32\sjg9s8guigjs.dll
2009-04-24 17:05:31 ----AC---- C:\kggi.exe
2009-04-24 17:05:20 ----AC---- C:\bomp.exe
2009-04-24 17:04:47 ----A---- C:\WINDOWS\instsp2.exe
2009-04-22 03:06:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-22 03:06:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-22 03:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-22 03:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-22 03:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-22 03:00:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-21 21:38:17 ----D---- C:\Documents and Settings\Meredith Leigh\Application Data\SiteAdvisor
2009-04-21 20:45:00 ----D---- C:\WINDOWS\ERUNT
2009-04-21 20:41:24 ----DC---- C:\SDFix
2009-04-18 17:52:19 ----SHDC---- C:\RECYCLER
2009-04-18 15:43:55 ----D---- C:\WINDOWS\temp
2009-04-18 15:43:53 ----AC---- C:\ComboFix.txt
2009-04-18 15:00:40 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-18 11:36:07 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-18 11:33:34 ----D---- C:\Program Files\SUPERAntiSpyware
2009-04-18 11:33:33 ----D---- C:\Documents and Settings\Meredith Leigh\Application Data\SUPERAntiSpyware.com
2009-04-18 11:31:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-04-18 11:12:22 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-18 10:59:04 ----A---- C:\WINDOWS\zip.exe
2009-04-18 10:59:04 ----A---- C:\WINDOWS\vFind.exe
2009-04-18 10:59:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-04-18 10:59:04 ----A---- C:\WINDOWS\SWSC.exe
2009-04-18 10:59:04 ----A---- C:\WINDOWS\SWREG.exe
2009-04-18 10:59:04 ----A---- C:\WINDOWS\sed.exe
2009-04-18 10:59:04 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-18 10:59:04 ----A---- C:\WINDOWS\grep.exe
2009-04-18 10:58:54 ----D---- C:\WINDOWS\ERDNT
2009-04-18 10:58:46 ----DC---- C:\Qoobox
2009-04-18 10:55:53 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-04-18 09:22:55 ----D---- C:\Documents and Settings\All Users\Application Data\kitehevu
2009-04-18 09:22:54 ----D---- C:\Documents and Settings\All Users\Application Data\tepidike
2009-04-18 09:22:54 ----D---- C:\Documents and Settings\All Users\Application Data\kisojaze
2009-04-17 22:46:00 ----D---- C:\Documents and Settings\Meredith Leigh\Application Data\Malwarebytes
2009-04-17 22:45:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-17 22:45:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-15 10:41:22 ----D---- C:\Program Files\QuickTime
2009-04-15 09:36:52 ----D---- C:\Documents and Settings\Meredith Leigh\Application Data\HPAppData
2009-04-15 08:42:18 ----D---- C:\unknown
2009-04-15 08:39:28 ----D---- C:\WINDOWS\Unknown crap
2009-04-14 21:17:33 ----A---- C:\WINDOWS\system32\athcfg1.dll
2009-04-14 15:33:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-13 11:13:49 ----D---- C:\Documents and Settings\Meredith Leigh\Application Data\Skunk Studios

======List of files/folders modified in the last 1 months======

2009-05-08 09:03:19 ----RD---- C:\Program Files
2009-05-08 08:59:18 ----D---- C:\WINDOWS
2009-05-08 08:58:43 ----D---- C:\WINDOWS\system32
2009-05-08 08:58:27 ----ASH---- C:\WINDOWS\system32\vivewinu.dll
2009-05-08 08:57:57 ----ASH---- C:\WINDOWS\system32\pihiduru.dll
2009-05-08 08:57:56 ----ASH---- C:\WINDOWS\system32\darikoda.dll
2009-05-07 12:08:42 ----D---- C:\WINDOWS\system32\drivers
2009-05-07 12:06:55 ----SD---- C:\WINDOWS\Tasks
2009-05-07 11:01:18 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-07 10:09:00 ----D---- C:\WINDOWS\Prefetch
2009-05-07 10:05:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-07 08:58:59 ----ASH---- C:\WINDOWS\system32\ralekozi.exe
2009-05-07 08:58:58 ----ASH---- C:\WINDOWS\system32\wugakali.dll
2009-05-07 08:58:56 ----ASH---- C:\WINDOWS\system32\yusulako.dll
2009-05-05 12:20:59 ----ASH---- C:\WINDOWS\system32\sapesoza.exe
2009-05-05 12:20:59 ----ASH---- C:\WINDOWS\system32\nuzovewe.dll
2009-05-04 13:05:05 ----ASH---- C:\WINDOWS\system32\yahavure.dll
2009-05-04 13:05:03 ----ASH---- C:\WINDOWS\system32\yotoliye.dll
2009-05-04 13:05:03 ----ASH---- C:\WINDOWS\system32\gavedise.exe
2009-05-03 16:37:04 ----ASH---- C:\WINDOWS\system32\sipipusi.dll.vir
2009-05-03 16:37:02 ----N---- C:\WINDOWS\system32\jahahito.dll
2009-05-03 16:37:00 ----ASH---- C:\WINDOWS\system32\sayuhesi.exe
2009-04-30 11:19:22 ----ASH---- C:\WINDOWS\system32\nakuvoka.dll
2009-04-30 11:18:54 ----ASH---- C:\WINDOWS\system32\memorupi.dll
2009-04-30 11:18:53 ----ASH---- C:\WINDOWS\system32\japuzefi.dll
2009-04-30 11:18:52 ----ASH---- C:\WINDOWS\system32\yofajazu.exe
2009-04-29 11:27:09 ----SHD---- C:\WINDOWS\Installer
2009-04-29 11:27:09 ----HD---- C:\Config.Msi
2009-04-29 07:54:15 ----ASH---- C:\WINDOWS\system32\tekusose.dll
2009-04-28 12:21:54 ----ASH---- C:\WINDOWS\system32\beposegu.dll
2009-04-28 12:21:53 ----ASH---- C:\WINDOWS\system32\bivinese.exe
2009-04-25 10:30:09 ----ASH---- C:\WINDOWS\system32\rofojila.exe
2009-04-25 10:29:41 ----ASH---- C:\WINDOWS\system32\zutomobi.dll
2009-04-24 17:17:21 ----D---- C:\WINDOWS\Minidump
2009-04-24 17:09:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-24 17:09:03 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-04-24 17:05:57 ----A---- C:\WINDOWS\system32\userinit.exe
2009-04-24 17:05:52 ----A---- C:\WINDOWS\system32\user32.DLL
2009-04-24 17:05:15 ----ASH---- C:\WINDOWS\system32\hatikefe.dll
2009-04-24 17:04:53 ----ASH---- C:\WINDOWS\system32\mizuhayu.exe
2009-04-24 17:04:47 ----ASH---- C:\WINDOWS\system32\mayizobe.dll
2009-04-24 17:04:46 ----ASH---- C:\WINDOWS\system32\vilidunu.dll
2009-04-23 10:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2009-04-23 10:49:08 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-23 10:49:02 ----RSD---- C:\WINDOWS\assembly
2009-04-23 10:26:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-23 09:53:18 ----D---- C:\WINDOWS\WinSxS
2009-04-23 09:52:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-23 09:51:03 ----D---- C:\WINDOWS\system32\XPSViewer
2009-04-23 09:50:13 ----HD---- C:\WINDOWS\inf
2009-04-23 09:50:05 ----D---- C:\WINDOWS\system32\spool
2009-04-23 09:47:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-23 09:46:35 ----D---- C:\Program Files\Internet Explorer
2009-04-22 03:13:31 ----D---- C:\Program Files\Common Files
2009-04-22 03:13:31 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-04-22 03:13:15 ----D---- C:\WINDOWS\system32\wbem
2009-04-22 03:13:15 ----D---- C:\WINDOWS\AppPatch
2009-04-22 03:06:48 ----AC---- C:\WINDOWS\imsins.BAK
2009-04-22 03:06:31 ----D---- C:\WINDOWS\system32\en-US
2009-04-22 03:03:11 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-22 03:02:07 ----A---- C:\WINDOWS\win.ini
2009-04-21 20:37:22 ----D---- C:\WINDOWS\system32\Restore
2009-04-21 20:36:53 ----SHD---- C:\System Volume Information
2009-04-18 15:38:50 ----AC---- C:\WINDOWS\system.ini
2009-04-18 15:36:07 ----D---- C:\WINDOWS\system32\config
2009-04-18 10:56:29 ----D---- C:\Documents and Settings
2009-04-15 09:45:34 ----D---- C:\Program Files\HP
2009-04-15 09:43:23 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-04-15 08:38:21 ----D---- C:\WINDOWS\Downloaded Installations
2009-04-15 08:19:17 ----D---- C:\Program Files\iPod
2009-04-14 15:54:10 ----A---- C:\WINDOWS\wininit.ini
2009-04-14 15:53:59 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-14 15:18:36 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-14 15:17:26 ----D---- C:\WINDOWS\twain_32
2009-04-14 14:49:08 ----D---- C:\Program Files\Java
2009-04-14 14:41:33 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2005-05-13 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2005-05-13 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-04-07 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-11-14 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2005-04-21 40544]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2005-05-31 25725]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2005-05-31 34845]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2005-05-31 4125]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2005-05-31 2241]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2005-05-31 86876]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2005-05-31 15069]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2005-05-31 6365]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2005-05-31 98716]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2005-05-31 100605]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-04-12 1066278]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2005-05-25 465952]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-06-22 154112]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2004-09-08 274032]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ethbvwgg;ethbvwgg; C:\WINDOWS\system32\drivers\ethbvwgg.sys []
S1 ifsdc49;ifsdc49; C:\WINDOWS\System32\drivers\ifsdc49.sys []
S1 tfd6502;tfd6502; C:\WINDOWS\System32\drivers\tfd6502.sys []
S2 LxrSII1d;Secure II Driver; \??\C:\WINDOWS\system32\Drivers\LxrSII1d.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\MEREDI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DCamUSBDigitalCamera;Vivicam Digital Camera; C:\WINDOWS\System32\Drivers\mpixvid.sys []
S3 DCamUSBTP10;Cam IV; C:\WINDOWS\System32\Drivers\TP6810.sys [2006-12-28 240584]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pcm1394;pcm1394; \??\C:\WINDOWS\system32\pcm1394.sys []
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 restore;restore; \??\C:\WINDOWS\system32\drivers\restore.sys []
S3 rootrepeal;rootrepeal; \??\C:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 win32x;win32x; \??\C:\WINDOWS\system32\drivers\win32x.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2005-07-08 57344]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 61440]
R2 dhcpsrv;Dhcp server; C:\WINDOWS\dhcp\svchost.exe [2009-04-24 256512]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 131072]
R2 Ias;Ias; C:\WINDOWS\System32\svchost.exe [2008-04-13 34816]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 61440]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 LxrSII1s;Lexar Secure II; C:\WINDOWS\system32\LxrSII1s.exe [2005-05-19 77388]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 34816]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 34816]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 57344]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 94208]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 884736]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 933888]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 34816]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 143360]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-05-08 09:03:44

======Uninstall list======

-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Affair Bureau-->"E:\Games\Affair Bureau\Uninstall.exe"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros Client Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}\setup.exe" -l0x9
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
Bejeweled 2 Deluxe-->"E:\Games\Bejeweled 2\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Book of Legends-->"E:\Games\Book of Legends\Uninstall.exe"
Cam IV-->C:\Program Files\InstallShield Installation Information\{BC53AB93-981F-497B-BAB5-EE9D2FEE44C1}\Setup.exe -runfromtemp -l0x0009 -removeonly
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DQ Tycoon-->"E:\Games\DQ Tycoon\Uninstall.exe"
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
Flux Family Secrets: The Ripple Effect-->"E:\Games\Flux Family Secrets - The Ripple Effect\Uninstall.exe"
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Haunted Hotel II: Believe the Lies-->"E:\Games\Haunted Hotel II - Believe the Lies\Uninstall.exe"
Hidden in Time: Mirror Mirror-->"E:\Games\Hidden in Time - Mirror Mirror\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hospital Hustle-->"E:\Games\Hospital Hustle\Uninstall.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998)-->"C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Macromedia Flash Player 8-->MsiExec.exe /X{6815FCDD-401D-481E-BA88-31B4754C2B46}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Metamail (Toshiba Registration Utility)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE3F89C0-42D5-11D5-A40A-00105AC8331A}\setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Calculator Plus-->MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Display Devices Change Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Password Utility-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74} /l1033
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Toshiba Q4 Retail Demo ScreenSaver-->C:\WINDOWS\Toshiba Q4 Retail Demo.scr /U
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA TouchPad On/Off Utility V2.05.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24300A63-DD78-4AA5-A914-4D582C41D33A}\Setup.exe" -uninst
TOSHIBA Utilities-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{56190F69-01D3-46CA-9861-43377C5E9B87} /l1033
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
ViviCam Digital Camera Driver-->C:\PROGRA~1\VIVICA~1\UNWISE.EXE C:\PROGRA~1\VIVICA~1\INSTALL.LOG
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 jL.chura.pl
127.0.0.1 microsoft.com

======System event log======

Computer Name: MEREDITH
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 1280
Source Name: Cdrom
Time Written: 20090429092550.000000-300
Event Type: error
User:

Computer Name: MEREDITH
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 1279
Source Name: Service Control Manager
Time Written: 20090429092547.000000-300
Event Type: error
User:

Computer Name: MEREDITH
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 1278
Source Name: Cdrom
Time Written: 20090429092543.000000-300
Event Type: error
User:

Computer Name: MEREDITH
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 1277
Source Name: Cdrom
Time Written: 20090429092536.000000-300
Event Type: error
User:

Computer Name: MEREDITH
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 1276
Source Name: Cdrom
Time Written: 20090429092521.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: MEREDITH
Event Code: 1004
Message: Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Record Number: 31754
Source Name: MsiInstaller
Time Written: 20090331075713.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MEREDITH
Event Code: 11706
Message: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Record Number: 31752
Source Name: MsiInstaller
Time Written: 20090331075713.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: MEREDITH
Event Code: 1001
Message: Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe' failed during request for component '{1A4D0FBA-CD92-4C4E-8AC7-87C0309976C3}'

Record Number: 31751
Source Name: MsiInstaller
Time Written: 20090331075657.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MEREDITH
Event Code: 1004
Message: Detection of product '{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}', feature 'statusexe', component '{3B694B1F-4410-11D5-A54A-0090278A1BB8}' failed. The resource 'C:\WINDOWS\system32\gdiplus.dll' does not exist.

Record Number: 31750
Source Name: MsiInstaller
Time Written: 20090331075657.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MEREDITH
Event Code: 11706
Message: Product: Status -- Error 1706. An installation package for the product Status cannot be found. Try the installation again using a valid copy of the installation package 'status.msi'.

Record Number: 31748
Source Name: MsiInstaller
Time Written: 20090331075656.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\ArcSoft\Bin;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:22 AM

Posted 10 May 2009 - 04:28 AM

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. Virux is an even more complex file infector which also infects script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut
This kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:

unite.jpg


#7 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:22 AM

Posted 12 May 2009 - 12:50 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbup2:

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users