Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

assistance would be appreciated


  • This topic is locked This topic is locked
17 replies to this topic

#1 mountaindrew

mountaindrew

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 29 May 2009 - 06:15 AM

after being unable to find information on my own I decided to get personal help.
I have the google redirect issues and possibly some other malware but i think i managed to clear the rest.
HJT log incoming

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:55:45 PM, on 29/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tas.qld.edu.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\User\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [InetChk] C:\WINDOWS\TEMP\ms1242481085.exe work (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SYSDLL] SYSDLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\qp1bf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\WINDOWS\TEMP\qp1bf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\config\SYSTEM~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InetChk] C:\WINDOWS\TEMP\ms1242481085.exe work (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197337711671
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\wegusuya.dll c:\windows\
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 11114 bytes

BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 May 2009 - 09:24 AM

Hi,

I will help you with your log. As I am in training, all my fixes have to be checked.
I'll get back to you as soon as is possible. :thumbup2:

#3 mountaindrew

mountaindrew
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 01 June 2009 - 04:00 AM

thanks, that's awesome

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 01 June 2009 - 12:06 PM

Hi,
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


#5 mountaindrew

mountaindrew
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 02 June 2009 - 06:31 AM

LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-06-02 21:30:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (2%) free of 76 GB
Total RAM: 2039 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:47 PM, on 2/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tas.qld.edu.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [InetChk] C:\WINDOWS\TEMP\ms1242481085.exe work (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SYSDLL] SYSDLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\qp1bf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\WINDOWS\TEMP\qp1bf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InetChk] C:\WINDOWS\TEMP\ms1242481085.exe work (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197337711671
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: c:\windows\system32\wegusuya.dll c:\windows\
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10726 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll []
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2007-04-24 315392]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-18 49152]
"TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-14 57344]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2005-12-15 126976]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2007-07-14 90112]
"ThpSrv"=C:\WINDOWS\system32\thpsrv /logon []
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2006-04-10 622592]
"TFncKy"=TFncKy.exe []
"TAudEffect"=C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe [2006-08-10 344144]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2007-04-10 159744]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-03-12 16125440]
"Realtime Monitor"=C:\PROGRA~1\CA\ETRUST~1\realmon.exe [2004-04-06 504080]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-22 138008]
"NWTRAY"=C:\WINDOWS\system32\NWTRAY.EXE [2002-03-12 28672]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-22 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-22 162584]
"DpUtil"=C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe [2005-06-29 155648]
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2007-04-14 311296]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-23 196608]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2006-07-06 258048]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-21 342848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\wegusuya.dll c:\windows\ "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwv1_0
"notification packages"=scecli
psqlpwd

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"CompatibleRUPSecurity"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Novell\GroupWise\grpwise.exe"="C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\Novell\GroupWise\notify.exe"="C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify"
"C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server"
"C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner"
"C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor"
"C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe"="C:\Program Files\CA\eTrust Antivirus\InoNmSrv.exe:*:Enabled:eTrust Antivirus - Admin Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Microsoft Games\haloce.exe"="C:\Program Files\Microsoft Games\haloce.exe:*:Enabled:Halo"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe"="C:\Program Files\Activision\Empires Dawn of the Modern World\Empires_DMW.exe:*:Enabled:Empires_DMW"
"C:\Program Files\Babo Violent 2\bv2.exe"="C:\Program Files\Babo Violent 2\bv2.exe:*:Enabled:bv2"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"E:\Games1\CounterStrike1.6\cstrike.exe"="E:\Games1\CounterStrike1.6\cstrike.exe:*:Enabled:Counter-Strike1.6"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Documents and Settings\User\My Documents\New\Games\CounterStrike1.6\cstrike.exe"="C:\Documents and Settings\User\My Documents\New\Games\CounterStrike1.6\cstrike.exe:*:Enabled:Counter-Strike1.6"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\ntdll64.exe"="C:\WINDOWS\system32\ntdll64.exe:*:Enabled:ntdll64"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079394-b752-11dd-ba8f-0013e82f332b}]
shell\Auto\command - E:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebb548fa-8f56-11dd-ba06-0013e82f332b}]
shell\Auto\command - E:\Start.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe


======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-06-02 21:30:42 ----D---- C:\rsit
2009-05-31 09:29:09 ----A---- C:\WINDOWS\system32\install.48025.exe
2009-05-30 11:22:21 ----A---- C:\tj.vbs
2009-05-29 20:55:07 ----D---- C:\Program Files\Trend Micro
2009-05-27 09:14:17 ----D---- C:\WINDOWS\system32\sysloc
2009-05-22 18:06:47 ----A---- C:\WINDOWS\system32\lklf32.dll
2009-05-22 17:49:42 ----A---- C:\WINDOWS\system32\jhxm32.dll
2009-05-17 11:13:18 ----SH---- C:\WINDOWS\system32\ohafubuz.ini
2009-05-16 23:38:00 ----A---- C:\WINDOWS\system32\ab3.exe
2009-05-16 10:59:49 ----SHD---- C:\Config.Msi
2009-05-16 10:27:10 ----D---- C:\Documents and Settings\User\Application Data\XnView
2009-05-15 23:40:35 ----D---- C:\Program Files\Audacity

======List of files/folders modified in the last 1 months======

2009-06-02 21:30:43 ----D---- C:\Documents and Settings\User\Application Data\FrostWire
2009-06-02 21:24:17 ----D---- C:\Documents and Settings\User\Application Data\DNA
2009-06-02 18:54:22 ----D---- C:\Program Files\Mozilla Firefox
2009-06-02 17:47:58 ----D---- C:\Lyrics
2009-06-02 17:34:27 ----D---- C:\WINDOWS\Prefetch
2009-06-02 17:33:58 ----D---- C:\WINDOWS\inf
2009-06-02 17:33:54 ----D---- C:\Program Files\DNA
2009-06-01 22:00:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-01 21:52:54 ----D---- C:\Documents and Settings\User\Application Data\EndNote
2009-06-01 19:25:23 ----D---- C:\WINDOWS\Temp
2009-06-01 19:23:39 ----RD---- C:\Program Files
2009-06-01 19:23:39 ----D---- C:\WINDOWS\system32\drivers
2009-06-01 19:23:39 ----D---- C:\WINDOWS\system32
2009-06-01 19:00:57 ----D---- C:\Program Files\Minilyrics
2009-06-01 18:53:11 ----SD---- C:\WINDOWS\Tasks
2009-06-01 18:53:11 ----D---- C:\WINDOWS
2009-05-24 12:23:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-24 12:06:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-24 11:13:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-23 22:49:46 ----ASH---- C:\boot.ini
2009-05-23 22:49:46 ----A---- C:\WINDOWS\win.ini
2009-05-23 22:49:46 ----A---- C:\WINDOWS\system.ini
2009-05-22 18:12:49 ----D---- C:\Documents and Settings\User\Application Data\BitTorrent
2009-05-21 18:24:06 ----A---- C:\rapport.txt
2009-05-21 18:23:11 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-21 18:22:01 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-16 11:19:34 ----SHD---- C:\WINDOWS\Installer
2009-05-16 11:06:55 ----D---- C:\Program Files\Adobe
2009-05-16 11:06:30 ----D---- C:\Program Files\Common Files\Adobe
2009-05-16 11:06:29 ----D---- C:\Program Files\Common Files
2009-05-16 10:55:08 ----D---- C:\WINDOWS\WinSxS
2009-05-16 10:54:15 ----D---- C:\Documents and Settings\User\Application Data\Adobe
2009-05-16 10:47:53 ----D---- C:\Program Files\XnView
2009-05-16 10:26:33 ----D---- C:\Program Files\EPSON
2009-05-16 10:26:14 ----A---- C:\WINDOWS\NetWare.INI
2009-05-06 19:26:02 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-05 22:50:15 ----D---- C:\WINDOWS\system32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-17 5888]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-25 64000]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 NetwareWorkstation;Novell Client for Windows; C:\WINDOWS\system32\NetWare\nwfs.sys [2007-06-21 513664]
R2 RESMGR;Novell NetWare Resource Manager; C:\WINDOWS\system32\NetWare\resmgr.sys [2004-06-01 27249]
R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
R2 SRVLOC;Novell Service Location; C:\WINDOWS\system32\NetWare\srvloc.sys [2006-09-25 160209]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2007-03-27 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver; C:\WINDOWS\system32\DRIVERS\trudf.sys [2007-02-20 134016]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-02-01 250776]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-08 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-16 5707744]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-06-10 35968]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-12 4486144]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 NWDHCP;Novell DHCP Inform Client; C:\WINDOWS\system32\NetWare\nwdhcp.sys [2005-11-22 18353]
R3 NWDNS;Novell DNS Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwdns.sys [2006-10-27 43568]
R3 NWHOST;Novell Host File Name Space Service Provider; C:\WINDOWS\system32\NetWare\NWHOST.sys [2005-10-12 9297]
R3 NWSLP;Novell SLP Name Space Service Provider; C:\WINDOWS\system32\NetWare\nwslp.sys [2005-01-03 20332]
R3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCTINDIS5.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2005-12-21 76544]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2007-02-23 16128]
R3 TEchoCan;Toshiba Audio Effect; C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2007-02-22 435072]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-11 41600]
R3 tosrfec;Bluetooth ACPI; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2006-10-24 9216]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface; C:\WINDOWS\system32\NetWare\nwsipx32.sys [2005-10-27 39731]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CE3;Xircom Ethernet Adapter 10/100 Service; C:\WINDOWS\system32\DRIVERS\ce3n5.sys [2001-08-17 27164]
S3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-04-06 44800]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NWSAP;Novell SAP Name Space Provider; C:\WINDOWS\system32\NetWare\NWSAP.sys [2003-02-26 23232]
S3 NWSNS;Novell Simple Naming Services (NWSNS); C:\WINDOWS\system32\NetWare\NWSNS.sys [2005-10-12 6128]
S3 ovt519;EyeToy; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 ovt519;EyeToy; C:\WINDOWS\System32\Drivers\ov519vid.sys [2003-10-15 174530]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2005-12-21 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2005-12-21 10368]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-25 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-21 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-02 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2007-01-23 53376]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-12 41856]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 USBTINSP;TI-Nspire™ Handheld Device Driver; C:\WINDOWS\system32\DRIVERS\tinspusb.sys [2007-09-28 123392]
S3 w550bus;Sony Ericsson W550 driver (WDM); C:\WINDOWS\system32\DRIVERS\w550bus.sys [2005-07-15 60928]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys []
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys []
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 EPSONStatusAgent2;EPSON Printer Status Agent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [2000-11-17 114688]
R2 InoRPC;eTrust Antivirus RPC Server; C:\Program Files\CA\eTrust Antivirus\InoRpc.exe [2004-04-06 139536]
R2 InoRT;eTrust Antivirus Realtime Server; C:\Program Files\CA\eTrust Antivirus\InoRT.exe [2005-01-14 424457]
R2 InoTask;eTrust Antivirus Job Server; C:\Program Files\CA\eTrust Antivirus\InoTask.exe [2004-10-08 419369]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2007-04-24 529976]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2005-12-15 126976]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-26 114688]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-26 125048]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 avast!Antivirus;avast!Antivirus; C:\WINDOWS\System32\avast!Antivirus.exe -k netsvcs []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-24 29896]
S3 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-24 66240]
S3 cusrvc;Client Update Service for Novell; C:\WINDOWS\system32\cusrvc.exe [2006-08-11 28672]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-11 138680]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2005-02-24 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#6 mountaindrew

mountaindrew
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 02 June 2009 - 06:36 AM

Info

info.txt logfile of random's system information tool 1.06 2009-06-02 21:30:49

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{7032E73F-68A0-48F9-8100-E70E79169BAE}
-->MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
activBook Reader-->MsiExec.exe /I{B6537896-A156-4015-BD5C-7A80C85C78AB}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AGEIA PhysX v6.12.02-->MsiExec.exe /X{7032E73F-68A0-48F9-8100-E70E79169BAE}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CA eTrust Antivirus-->MsiExec.exe /X{99747F0D-D4F8-4877-9CA0-4AE96D963633}
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Counter-Strike 1.6-->C:\Program Files\Counter-Strike 1.6\Uninstal.exe
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Vision M Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link VGA Webcam-->C:\WINDOWS\CleanDev.exe C:\WINDOWS\ov519.TXT
Empires Dawn of the Modern World-->C:\PROGRA~1\ACTIVI~1\EMPIRE~1\Uninstall\Unwise.exe /u C:\PROGRA~1\ACTIVI~1\EMPIRE~1\Uninstall\Install.log
EndNote X1-->MsiExec.exe /I{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}
Epson Easy Photo Print 2-->C:\Program Files\InstallShield Installation Information\{DEDB47A3-C988-4A43-A645-E2CEA571E680}\SETUP.EXE -runfromtemp -l0x0009 UNINST -removeonly
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus SX100_TX100 Manual-->C:\Program Files\EPSON\TPMANUAL\ESSX100_TX100\ENG\USE_G\DOCUNINS.EXE
EPSON TX100 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINSEDP.EXE /R /APD /P:"EPSON TX100 Series"
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ES C60 Problem Solver-->C:\WINDOWS\uninst.exe -f"C:\Program Files\EPSON\PSOLVER\ES C60\E\DeIsL2.isu"
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
GEAR DVD "Standard Edition" 7.03-->MsiExec.exe /X{A778A62B-3D40-46A6-894D-C43EF4783765}
getPlus®_ocx-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GroupWise Internet Browser Mail Integration-->C:\Novell\GroupWise\gwmailto.exe /uninstall
GroupWise-->MsiExec.exe /I{90474A24-BE2C-4469-B3B6-BAA3E2919DF0}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel® PRO Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MicroWorlds EX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E8E152F-E82D-4786-95A9-C7F48C67F020}\setup.exe" -l0x9 -removeonly
Minilyrics(remove only)-->"C:\Program Files\Minilyrics\uninst-ml.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{5A710547-B58E-488B-828D-CA9A25A0533C}
NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
Novell Client for Windows-->%SystemRoot%\system32\rundll32 nwsetup.dll NWUninstallClient
Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SchoolKiT Geoboard v1.1-->MsiExec.exe /I{A54D1B27-3274-44F6-91E2-AE0729952B45}
SchoolKiT Pentominoes v1.0-->MsiExec.exe /I{E10AE88C-57DE-440F-A6BE-597A0EB9C1F3}
SchoolKiT Visual Fraction Strips-->MsiExec.exe /I{39ABFE54-3DC2-433B-9E87-E37CBA460241}
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sketchpad-->C:\PROGRA~1\SKETCH~1\UNWISE.EXE C:\PROGRA~1\SKETCH~1\INSTALL.LOG
Sony Ericsson Communication Center-->MsiExec.exe /X{3980C794-D40D-4E43-A59D-2D24F1380A25}
Sony Ericsson PC Suite 1.10.36-->MsiExec.exe /I{EE28E1DC-A319-4DFE-B8ED-BEE329D377A4}
The Print Shop® 6.0 Deluxe-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\THEPRI~1\THEPRI~1.0DE\DeIsL1.isu" -c"C:\PROGRA~1\THEPRI~1\THEPRI~1.0DE\psfinst.dll"
TI-Nspire™ Computer Link Software-->MsiExec.exe /I{703E7247-E6AA-4E54-BA14-236A32966EFF}
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Direct Disc Writer-->MsiExec.exe /X{400830CA-F056-4BBE-80A3-9DF9CA4FB889}
TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Display Devices Change Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA Dual Pointing Device Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4323A3CF-D66F-46BC-AD16-B94D7BF05CF1}\Setup.exe"
TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA Mic Effect-->C:\Program Files\InstallShield Installation Information\{0577A2AA-DEA0-4D40-8372-4211102D43E4}\Setup.exe -runfromtemp -l0x0009 -removeonly
TOSHIBA Mobile Extension3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}\setup.exe" -l0x9 -removeonly
TOSHIBA Password Utility-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74} /l1033
TOSHIBA PC Diagnostic Tool-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2C38F661-26B7-445D-B87D-B53FE2D3BD42} /l1033
TOSHIBA Power Saver-->C:\Program Files\InstallShield Installation Information\{9ACBDDE2-DD2D-4103-8ECE-D1A9F7F03D1A}\setup.exe -runfromtemp -l0x0409
TOSHIBA SD Memory Boot Utility-->MsiExec.exe /X{BBF5493A-05FB-4449-90DE-84A61EB78154}
TOSHIBA SD Memory Utilities-->MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Utilities-->C:\Program Files\InstallShield Installation Information\{56190F69-01D3-46CA-9861-43377C5E9B87}\setup.exe -runfromtemp -l0x0409
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\setup.exe" -l0x9 -removeonly
UltraKey 4.0 for Windows-->C:\WINDOWS\unvise32.exe C:\Program Files\UKey4\uninstal.log
Uninstall for TOSHIBA Mobile Extension3-->"C:\Program Files\InstallShield Installation Information\{3B8D9FA4-745C-47C9-962D-4ABE6ACE136B}\Setup.exe" -s -uninst
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows NT Messaging-->RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
Windows XP Hotfix - KB884018-->C:\WINDOWS\$NtUninstallKB884018$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\setup.exe" -l0x9
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove

======System event log======

Computer Name: TECRA1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013E82F332B. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14454
Source Name: Dhcp
Time Written: 20090409161516.000000+600
Event Type: warning
User:

Computer Name: TECRA1
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013E82F332B. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 14453
Source Name: Dhcp
Time Written: 20090409161515.000000+600
Event Type: warning
User:

Computer Name: TECRA1
Event Code: 7023
Message: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
The class is configured to run as a security id different from the caller


Record Number: 14443
Source Name: Service Control Manager
Time Written: 20090409123017.000000+600
Event Type: error
User:

Computer Name: TECRA1
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 14405
Source Name: Tcpip
Time Written: 20090408154930.000000+600
Event Type: warning
User:

Computer Name: TECRA1
Event Code: 7023
Message: The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
The class is configured to run as a security id different from the caller


Record Number: 14403
Source Name: Service Control Manager
Time Written: 20090408153312.000000+600
Event Type: error
User:

=====Application event log=====

Computer Name: TECRA1
Event Code: 1517
Message: Windows saved user TECRA1\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 34
Source Name: Userenv
Time Written: 20090112171454.000000+660
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TECRA1
Event Code: 1517
Message: Windows saved user TECRA1\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 28
Source Name: Userenv
Time Written: 20090112005949.000000+660
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TECRA1
Event Code: 12001
Message:
Record Number: 20
Source Name: usnjsvc
Time Written: 20090111233314.000000+660
Event Type:
User:

Computer Name: TECRA1
Event Code: 1517
Message: Windows saved user TECRA1\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14
Source Name: Userenv
Time Written: 20090110234241.000000+660
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TECRA1
Event Code: 1517
Message: Windows saved user TECRA1\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 6
Source Name: Userenv
Time Written: 20090110002005.000000+660
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\system32\nls;%SystemRoot%\system32\nls\ENGLISH;C:\PROGRA~1\CA\SHARED~1\SCANEN~1;C:\PROGRA~1\CA\ETRUST~1;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"AVENGINE"=C:\PROGRA~1\CA\SHARED~1\SCANEN~1
"INOCULAN"=C:\PROGRA~1\CA\ETRUST~1
"DEFAULT_CA_NR"=CA6
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------

#7 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 03 June 2009 - 09:54 AM

Hi,

1. Run HijackThis.
Click on Do a system scan only.
Place a checkmark next to these lines (if still present).O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKUS\S-1-5-18\..\Run: [InetChk] C:\WINDOWS\TEMP\ms1242481085.exe work (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [SYSDLL] SYSDLL (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\qp1bf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [nzdflkioezncfiunfindiuchiuenfcdc] C:\WINDOWS\TEMP\qp1bf.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Cognac] C:\WINDOWS\TEMP\b.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [InetChk] C:\WINDOWS\TEMP\ms1242481085.exe work (User 'Default user')
O20 - AppInit_DLLs: c:\windows\system32\wegusuya.dll c:\windows\

Then close all windows except HijackThis and click Fix Checked.
Now, close HijackThis and restart your computer.

2. We need to backup the registry before we continue.
Registry edits can be potentially dangerous; we can revert to the backup if needed.
Go to Start » Run » type: regedit » OK.
  • On the leftside, click to highlight My Computer at the top.
  • Go up to File » Export
    • Make sure in that window there is a tick next to "All" under Export Branch.
      Leave the "Save As Type" as "Registration Files".
      Under "Filename" put RegBackup.
  • Choose to save it to C:\
  • Click save and then go to File » Exit.
3. Download OTMoveIt3 (by OldTimer) to your Desktop.* Doubleclick on OTMoveIt3.exe to start the tool.
* Copy (select and press Ctrl-C) all of this bold code:

:Processes
explorer.exe

:Services

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079394-b752-11dd-ba8f-0013e82f332b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebb548fa-8f56-11dd-ba06-0013e82f332b}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"=-
"%windir%\system32\drivers\svchost.exe"=-
"C:\WINDOWS\explorer.exe"=-
"C:\WINDOWS\system32\ntdll64.exe"=-
"C:\WINDOWS\system32\winlogon.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"=-
"%windir%\system32\drivers\svchost.exe"=-

:Files
E:\Start.exe
C:\WINDOWS\system32\lklf32.dll
C:\WINDOWS\system32\jhxm32.dll
C:\WINDOWS\system32\ohafubuz.ini
C:\WINDOWS\system32\ab3.exe
C:\WINDOWS\system32\install.48025.exe
C:\tj.vbs

:Commands
[emptytemp]
[start explorer]
[Reboot]

* Paste the copied text (press Ctrl-V) into the "Paste List of Files/Folders to be moved" window.
* Click on the red MoveIt! button
* Copy and paste the contents of the right result-screen in your next reply,
(or the log you can find back as C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).
* Close OTMoveIt3
When a file or folder can't be moved directly,
you could be asked to restart the computer to complete the removal process.
If so, click Yes.

4. Go to Virustotal.com
Upload the following file by copy/paste the following (so do not use "Browse"!)): C:\WINDOWS\System32\Drivers\ov519vid.sys
Wait untill the results appear, and post them in your next reply. :thumbup2:

Please post a new HijackThis log, together with the logfile from OTMoveIt and logfile from Virustotal.com, and a description of any remaining problems.

#8 mountaindrew

mountaindrew
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 04 June 2009 - 02:59 AM

I haven't had any problems since I started up my laptop today, but that could just be temporary.

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:45 PM, on 4/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\OTMoveIt3.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tas.qld.edu.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\RunOnce: [OTMoveIt] C:\Documents and Settings\User\Desktop\OTMoveIt3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1197337711671
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast!Antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10030 bytes



OTMoveIt:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1079394-b752-11dd-ba8f-0013e82f332b}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ebb548fa-8f56-11dd-ba06-0013e82f332b}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\%windir%\system32\sessmgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\%windir%\system32\drivers\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\ntdll64.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winlogon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\%windir%\system32\sessmgr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\%windir%\system32\drivers\svchost.exe deleted successfully.
========== FILES ==========
File/Folder E:\Start.exe not found.
C:\WINDOWS\system32\lklf32.dll unregistered successfully.
C:\WINDOWS\system32\lklf32.dll moved successfully.
C:\WINDOWS\system32\jhxm32.dll unregistered successfully.
C:\WINDOWS\system32\jhxm32.dll moved successfully.
C:\WINDOWS\system32\ohafubuz.ini moved successfully.
C:\WINDOWS\system32\ab3.exe moved successfully.
C:\WINDOWS\system32\install.48025.exe moved successfully.
C:\tj.vbs moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_I9zArQtij5fnNV8UG6bE scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 06042009_155915

Files moved on Reboot...
File C:\DOCUME~1\User\LOCALS~1\Temp\etilqs_I9zArQtij5fnNV8UG6bE not found!
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\User\Local Settings\Application Data\Mozilla\Firefox\Profiles\27f37484.default\urlclassifier3.sqlite moved successfully.


VirusTotal:

this is all that comes up after it loads


File has already been analysed:
MD5: 4cdadec3dc1300ee1d313ea5494e6472
First received: 2008.05.21 00:09:33 UTC
Date: 2008.05.21 00:09:33 UTC [>379D]
Results: 1/32
Permalink: analisis/548adfcdc27a8925bb82be426fcbf5e4a1a98ca2f31ef342edca01c472b817dc-1211328573

#9 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 04 June 2009 - 12:46 PM

Hi,

Please re-analyze the file requested at Virustotal.com. :thumbup2:

#10 mountaindrew

mountaindrew
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 07 June 2009 - 11:26 PM

is this what you needed?

File ov519vid.sys received on 2009.06.08 04:07:48 (UTC)
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.06.04 -
AhnLab-V3 5.0.0.2 2009.06.07 -
AntiVir 7.9.0.180 2009.06.07 -
Antiy-AVL 2.0.3.1 2009.06.05 -
Authentium 5.1.2.4 2009.06.08 -
Avast 4.8.1335.0 2009.06.07 -
AVG 8.5.0.339 2009.06.07 -
BitDefender 7.2 2009.06.08 -
CAT-QuickHeal 10.00 2009.06.08 -
ClamAV 0.94.1 2009.06.08 -
Comodo 1282 2009.06.08 -
DrWeb 5.0.0.12182 2009.06.08 -
eSafe 7.0.17.0 2009.06.07 -
eTrust-Vet 31.6.6542 2009.06.05 -
F-Prot 4.4.4.56 2009.06.08 -
F-Secure 8.0.14470.0 2009.06.08 -
Fortinet 3.117.0.0 2009.06.07 -
GData 19 2009.06.08 -
Ikarus T3.1.1.59.0 2009.06.08 -
K7AntiVirus 7.10.754 2009.06.04 -
Kaspersky 7.0.0.125 2009.06.08 -
McAfee 5639 2009.06.07 -
McAfee+Artemis 5639 2009.06.07 -
McAfee-GW-Edition 6.7.6 2009.06.07 -
Microsoft 1.4701 2009.06.07 -
NOD32 4136 2009.06.07 -
Norman 6.01.09 2009.06.05 -
nProtect 2009.1.8.0 2009.06.08 -
Panda 10.0.0.14 2009.06.07 -
PCTools 4.4.2.0 2009.06.06 -
Prevx 3.0 2009.06.08 -
Rising 21.33.00.00 2009.06.08 -
Sophos 4.42.0 2009.06.08 -
Sunbelt 3.2.1858.2 2009.06.07 -
Symantec 1.4.4.12 2009.06.08 -
TrendMicro 8.950.0.1092 2009.06.08 -
VBA32 3.12.10.6 2009.06.08 -
ViRobot 2009.6.5.1771 2009.06.05 -
VirusBuster 4.6.5.0 2009.06.07 -
Additional information
File size: 174530 bytes
MD5...: 4cdadec3dc1300ee1d313ea5494e6472
SHA1..: 710b1f531787154723d9d9f77567e753140ef361
SHA256: 548adfcdc27a8925bb82be426fcbf5e4a1a98ca2f31ef342edca01c472b817dc
ssdeep: -<br>
PEiD..: -
TrID..: File type identification<br>Generic Win/DOS Executable (49.9%)<br>DOS Executable Generic (49.8%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x1d022<br>timedatestamp.....: 0x3e5bf6d0 (Tue Feb 25 23:05:52 2003)<br>machinetype.......: 0x14c (I386)<br><br>( 7 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2e0 0x1db72 0x1db80 6.55 fc71fa430a8155f9acf500ab33e71024<br>.rdata 0x1de60 0x6ad4 0x6ae0 6.05 54d247909c988efbb7745b3ea1423da0<br>.data 0x24940 0x1b64 0x1b80 2.79 ec2861c0aa2ea6f6704228e4966e3ddd<br>.edata 0x264c0 0x35 0x40 2.64 defbdf30d01786bc34f6111a8ca9ae70<br>INIT 0x26500 0x5f2 0x600 5.17 e0e8dac6ae8a1d0c3a6f5be851da7e0f<br>.rsrc 0x26b00 0x478 0x480 3.35 264edbe9d11d5f297d0b0bd983dfde26<br>.reloc 0x26f80 0x1354 0x1360 6.39 51e6e3ea5578ade026d20275addfe30f<br><br>( 4 imports ) <br>&gt; NTOSKRNL.EXE: ZwCreateFile, RtlAppendUnicodeToString, RtlInitUnicodeString, ZwReadFile, RtlCompareMemory, RtlAnsiStringToUnicodeString, RtlInitAnsiString, rand, ExAllocatePoolWithTag, KeDelayExecutionThread, ObReferenceObjectByHandle, ObfReferenceObject, KeSetTimer, KeInitializeDpc, KeInitializeTimerEx, KeReleaseSemaphore, KeWaitForSingleObject, KeSetEvent, KeCancelTimer, ObfDereferenceObject, ExQueueWorkItem, wcslen, ZwClose, ZwOpenKey, ZwCreateKey, IoOpenDeviceRegistryKey, ExFreePool, ZwDeleteKey, ZwEnumerateValueKey, ZwEnumerateKey, ZwSetValueKey, ZwQueryValueKey, KeInitializeSemaphore, IoOpenDeviceInterfaceRegistryKey, IoGetDeviceInterfaces, InterlockedIncrement, InterlockedDecrement, IofCallDriver, IoBuildSynchronousFsdRequest, RtlFreeUnicodeString, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, KeInitializeEvent, IoGetDeviceProperty<br>&gt; HAL.DLL: KeGetCurrentIrql<br>&gt; STREAM.SYS: StreamClassStreamNotification, StreamClassDeviceNotification<br>&gt; ov519cmd.sys: USBCAMD_ControlVendorCommand, USBCAMD_SelectAlternateInterface, USBCAMD_AdapterReceivePacket, USBCAMD_InitializeNewInterface, USBCAMD_DriverEntry<br><br>( 0 exports ) <br>
PDFiD.: -
RDS...: NSRL Reference Data Set<br>-
CWSandbox info: &lt;a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4cdadec3dc1300ee1d313ea5494e6472' target='_blank'&gt;http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4cdadec3dc1300ee1d313ea5494e6472&lt;/a&gt;

#11 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 08 June 2009 - 09:48 AM

Hi,

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
If you need a tutorial, see here

#12 mountaindrew

mountaindrew
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  

Posted 08 June 2009 - 09:38 PM

Ok, i’m doing that now.
I Don’t think this is related, but when i boot up my computer it resets the ‘Mysafe’ folder, and saves the contents as a new folder.
Any idea how to fix this?

#13 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 09 June 2009 - 04:56 AM

Hi,

What do you mean exactly with the ‘Mysafe’ folder?

#14 mountaindrew

mountaindrew
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 09 June 2009 - 06:09 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 9, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 09, 2009 07:39:29
Records in database: 2329496
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
Z:\

Scan statistics:
Files scanned: 158583
Threat name: 11
Infected objects: 12
Suspicious objects: 0
Duration of the scan: 02:10:33


File name / Threat name / Threats count
C:\jfrxftnl.exe Infected: Trojan-Downloader.Win32.Agent.bldg 1
C:\Program Files\Windows\firefox Infected: Trojan.Win32.Midgare.qvv 1
C:\uvkbfim.exe Infected: Packed.Win32.Tdss.c 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0JSXW543\ms.19[1].exe Infected: Trojan.Win32.Agent.cjvg 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2R0RSVY9\6244[1].exe Infected: Trojan-Dropper.Win32.BHO.bv 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A9MPM50Z\nfr[1].exe Infected: Trojan.Win32.Agent2.jyw 1
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBYHCJKT\pp.10[1].exe Infected: Net-Worm.Win32.Koobface.kp 1
C:\WINDOWS\system32\config\systemprofile\protect.dll Infected: Trojan-Spy.Win32.Agent.avro 1
C:\WINDOWS\system32\sysloc\sysloc.dll Infected: Trojan.Win32.BHO.tli 1
C:\_OTMoveIt\MovedFiles\06042009_155915\WINDOWS\system32\install.48025.exe Infected: Trojan.Win32.FraudPack.onj 1
C:\_OTMoveIt\MovedFiles\06042009_155915\WINDOWS\system32\jhxm32.dll Infected: Trojan.Win32.Agent.cimn 1
C:\_OTMoveIt\MovedFiles\06042009_155915\WINDOWS\system32\lklf32.dll Infected: Trojan.Win32.Agent.cimn 1

The selected area was scanned.

#15 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 09 June 2009 - 10:23 AM

Hi,* Doubleclick on OTMoveIt3.exe to start the tool.
* Copy (select and press Ctrl-C) all of this bold code:
[b]:Processes
explorer.exe

:Services

:Reg

:Files
C:\jfrxftnl.exe
C:\Program Files\Windows\firefox
C:\uvkbfim.exe
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0JSXW543
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2R0RSVY9
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\A9MPM50Z
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OBYHCJKT
C:\WINDOWS\system32\config\systemprofile\protect.dll
C:\WINDOWS\system32\sysloc

:Commands
[emptytemp]
[start explorer]
[Reboot][/b]
* Paste the copied text (press Ctrl-V) into the "Paste List of Files/Folders to be moved" window.
* Click on the red MoveIt! button
* Copy and paste the contents of the right result-screen in your next reply,
(or the log you can find back as C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log).
* Close OTMoveIt3
When a file or folder can't be moved directly,
you could be asked to restart the computer to complete the removal process.
If so, click Yes.

Post the logfile from OTMoveIt in your next post, together with a new HijackThislog. Also answer my question in my previous post. :thumbup2:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users