Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32 Cryptor


  • This topic is locked This topic is locked
13 replies to this topic

#1 Jivatma

Jivatma

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 26 July 2009 - 11:21 PM

First Time poster, First trouble i couldn't google.com and lurk forum boards to fix. Basically I've got one of the many google search -redirect problems. So i virus scanned and Ad-aware scanned, the typical "find and fix" stuff my computer has. Well i came across Win32 Cryptor, googled how to fix it, and haven't been able to since. The biggest gripe i have is AVG can see it, but can't fix it because i need higher moderator privelages on my computer when i am already admin. Also Mal-Ware's CAN'T see it, so i'm stuck now. I hope you can help me!!

First I apologize for not having a dds.text file - the program won't run for some strange reason..

"'FINDSTR.EXE' is not recognized as an internal or external command, operable program or batch file."

Here is a HiJack This! logfile however...

----------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:37 PM, on 7/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\World of Warcraft\BackgroundDownloader.exe
C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\AresUltra.exe" -h
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Munky\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/utdallas/suppor...s/ebraryRdr.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.inquiero.com/inquiero/mod/setup/...tivex118_24.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOCUME~1\Munky\LOCALS~1\Temp\WZSE2.TMP\INSTAL~1.EXE (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17363 bytes

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 28 July 2009 - 04:21 PM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe by Rorschach112 to your desktop
  • Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished
STOP! if you can't complete this step.. Tell me more about it..




NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
Please rename the random filename or GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for 慡how All?
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GAMERS result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Jivatma

Jivatma
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 29 July 2009 - 05:20 PM

My computer may be dumb or just broked more then a virus. attached is a copy of the window when i ran The Comedian.exe. Minus the command errors it seemed to run okay, installed the registry restore point just fine. On the last step of the program i get a "Windows Script Host" Error.

Script: C:\Documents and Settings\Munky\RP.vbs
Line: 3
Char: 1
Error: Provider load failure
Code: 80041013
Source: SWbemObjectEx




edited: download the larger file, that also hast he ping errors from final step after error.

Attached Files


Edited by Jivatma, 29 July 2009 - 05:24 PM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 29 July 2009 - 05:33 PM

proceed with the next steps :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Jivatma

Jivatma
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 01 August 2009 - 11:45 PM

First and Foremost: My apologies for the long wait!

Weekends and end of weeks ar emy busy days =( I've been trying to run the programs in order. I'm having some issues though. I get to scan with Mal-Ware's just fine, it finds 2 .dll's of the virus, it removes them, reboots, etc etc. i move onto the next steps. RSIT runs fine, no problems. GAMERS is a bit tougher though. It automaticallys tarts scanning and as soon as it finds an "infected" entry (red line) it asks if i want to do a full scan, well i click yes obviously and it starts. The scan takes FOREVER! but this is where my problems start. The first scan ended, and as i was copy/pasting, i blue screened and died. Every scan since then locks my windows xp up. I can't interact with any windows in any way but i can move my mouse around. ctrl-alt-delete, power button, alt-f4. none of it works. the only thing i can do is a hard reboot (holding power button down for 5secs). I'm off to try another set of scans now.

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 03 August 2009 - 09:37 PM

Skip GMER and do below..

Go HERE and download SysProt AntiRootkit. Unzip it to your Desktop
  • Run SysProt >> Click on the Log tab
  • Tick ALL the boxes at the "Write to log" section (Do NOT tick the "Hidden Objects Only" options)
  • Hit the Create Log button
  • When it asked for scanning option, choose Scanning all drives >> Hit Start button (Do NOT hit "Ok" button)
  • Let it scan until finish
  • Find the log.txt inside the SysProt folder and attach the log here.


NEXT


Download this tool to desktop:

http://www2.gmer.net/mbr/mbr.exe

Double click it & post the log it creates on desktop. (mbr.log)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Jivatma

Jivatma
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 04 August 2009 - 01:13 PM

okay here's all the posts minus the GAMERS.exe scan...




-------------------------------

Malwarebytes' Anti-Malware 1.39
Database version: 2539
Windows 5.1.2600 Service Pack 3

8/3/2009 7:32:36 PM
mbam-log-2009-08-03 (19-32-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 350709
Time elapsed: 1 hour(s), 7 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\hjgruignvbenwo.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\hjgruignvbenwo.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\16635004\16635004.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.

#8 Jivatma

Jivatma
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 04 August 2009 - 01:16 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by Munky at 2009-08-03 19:44:31
Microsoft Windows XP Professional Service Pack 3
System drive C: has 15 GB (15%) free of 95 GB
Total RAM: 1015 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:38 PM, on 8/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Munky\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Munky.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\AresUltra.exe" -h
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Munky\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://site.ebrary.com/lib/utdallas/suppor...s/ebraryRdr.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} (View22RTEv4 Class) - http://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.inquiero.com/inquiero/mod/setup/...tivex118_24.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. Installer service (CiscoVpnInstallService) - Unknown owner - C:\DOCUME~1\Munky\LOCALS~1\Temp\WZSE2.TMP\INSTAL~1.EXE (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 17047 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1177863125.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1360244760-1217302374-3103346670-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1360244760-1217302374-3103346670-1005UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-09-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll [2007-03-16 118784]
{5093EB4C-3E93-40AB-9266-B607BA87BDC8} - StumbleUpon Toolbar - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll [2009-04-12 1234248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2004-08-18 184320]
"AGRSMMSG"=AGRSMMSG.exe []
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208]
"ThpSrv"=thpsrv /logon []
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2006-07-05 258048]
"000StTHK"=000StTHK.exe []
"TPSMain"=TPSMain.exe []
"TPSODDCtl"=TPSODDCtl.exe []
"TFNF5"=TFNF5.exe []
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"TOSDCR"=TOSDCR.EXE []
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]
"NDSTray.exe"=NDSTray.exe []
"TFncKy"=TFncKy.exe []
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976]
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-30 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-30 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-30 118784]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-08-18 98304]
"CFSServ.exe"=CFSServ.exe -NoClient []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]
""= []
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-22 144792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-07-25 563984]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2007-07-25 2027792]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-26 1948440]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-03 36352]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Aim6"= []
"igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2007-03-05 1103480]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-02-13 486856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]
"ares"=C:\Program Files\Ares\Ares.exe [2008-08-21 888832]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Google Update"=C:\Documents and Settings\Munky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"ares ultra"=C:\Program Files\Ares Ultra\AresUltra.exe [2008-07-04 3266560]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2007-02-28 2321600]
"cdloader"=C:\Documents and Settings\Munky\Application Data\mjusbsp\cdloader2.exe [2008-12-17 50520]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
VPN Client.lnk - C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico

C:\Documents and Settings\Munky\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
psqlpwd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1155956573\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1155956573\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Munky\My Documents\magiconline.exe"="C:\Documents and Settings\Munky\My Documents\magiconline.exe:*:Enabled:Magic: The Gathering Online"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Yahoo! Messenger\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo! Messenger\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo! Messenger\Messenger\YServer.exe"="C:\Program Files\Yahoo! Messenger\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe"="C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Autodesk\Maya8.5\bin\maya.exe"="C:\Program Files\Autodesk\Maya8.5\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\Ares Ultra\AresUltra.exe"="C:\Program Files\Ares Ultra\AresUltra.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Autodesk\Maya2008\bin\maya.exe"="C:\Program Files\Autodesk\Maya2008\bin\maya.exe:*:Enabled:Maya"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Documents and Settings\Munky\Local Settings\Temp\Blizzard Launcher Temporary - 7b1f2a88\Launcher.exe"="C:\Documents and Settings\Munky\Local Settings\Temp\Blizzard Launcher Temporary - 7b1f2a88\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Documents and Settings\Munky\My Documents\Downloads\eclipse-cpp-ganymede-SR2-win32\eclipse\eclipse.exe"="C:\Documents and Settings\Munky\My Documents\Downloads\eclipse-cpp-ganymede-SR2-win32\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Java\jdk1.5.0_08\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_08\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\Munky\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\Munky\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\autoplay.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25d316e4-4aa5-11de-9a28-0018de283f7e}]
shell\AutoRun\command - E:\autorun.exe
shell\phone\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{373d8650-92e4-11dc-9860-0018de283f7e}]
shell\AutoRun\command - E:\PortableVault.exe


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2009-08-03 15:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\16635004
2009-07-30 12:34:17 ----D---- C:\rsit
2009-07-29 17:03:45 ----D---- C:\WINDOWS\ERDNT
2009-07-29 17:03:19 ----D---- C:\Program Files\ERUNT
2009-07-26 22:50:29 ----D---- C:\Program Files\Trend Micro
2009-07-26 04:50:19 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-26 03:07:39 ----D---- C:\Documents and Settings\Munky\Application Data\Malwarebytes
2009-07-26 03:07:29 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-26 03:07:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-15 03:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-06-11 03:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:08:52 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-27 15:51:03 ----D---- C:\Documents and Settings\Munky\Application Data\mjusbsp
2009-05-13 16:34:36 ----D---- C:\Program Files\Microsoft Silverlight

======List of files/folders modified in the last 3 months======

2009-08-03 19:35:33 ----D---- C:\WINDOWS
2009-08-03 19:35:25 ----D---- C:\WINDOWS\Registration
2009-08-03 19:35:22 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-08-03 19:34:25 ----D---- C:\WINDOWS\Temp
2009-08-03 19:34:21 ----D---- C:\WINDOWS\system32\drivers
2009-08-03 19:34:21 ----D---- C:\Program Files
2009-08-03 19:32:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-03 16:38:42 ----D---- C:\WINDOWS\Prefetch
2009-08-03 15:55:45 ----D---- C:\WINDOWS\system32
2009-08-02 23:39:02 ----D---- C:\WINDOWS\Minidump
2009-08-01 03:00:56 ----SHD---- C:\WINDOWS\Installer
2009-08-01 03:00:56 ----SHD---- C:\Config.Msi
2009-07-29 03:06:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-29 03:05:58 ----HD---- C:\WINDOWS\inf
2009-07-29 03:04:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-29 03:04:36 ----D---- C:\WINDOWS\system32\en-US
2009-07-29 03:04:36 ----D---- C:\Program Files\Internet Explorer
2009-07-29 03:03:37 ----D---- C:\WINDOWS\ie7updates
2009-07-29 03:01:43 ----D---- C:\WINDOWS\WinSxS
2009-07-28 19:36:55 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-07-28 13:55:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-28 05:04:14 ----HD---- C:\$AVG8.VAULT$
2009-07-26 22:55:19 ----D---- C:\Program Files\Common Files
2009-07-26 22:23:18 ----SHD---- C:\System Volume Information
2009-07-23 04:46:19 ----D---- C:\Program Files\Warcraft III
2009-07-19 08:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 08:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-16 18:43:57 ----D---- C:\Program Files\World of Warcraft
2009-07-15 05:08:42 ----D---- C:\Documents and Settings\Munky\Application Data\mIRC
2009-07-15 05:06:59 ----D---- C:\Program Files\mIRC
2009-07-15 03:05:20 ----A---- C:\WINDOWS\imsins.BAK
2009-07-07 10:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-30 18:49:25 ----SD---- C:\WINDOWS\Tasks
2009-06-29 11:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 11:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\occache.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\msrating.dll
2009-06-29 11:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 11:12:16 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\corpol.dll
2009-06-29 11:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 06:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 06:07:11 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 03:33:39 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-06-28 23:11:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-26 16:52:35 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-16 17:59:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-16 17:59:25 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-16 17:58:30 ----D---- C:\Program Files\Google
2009-06-16 17:58:30 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-15 17:03:51 ----SD---- C:\Documents and Settings\Munky\Application Data\Microsoft
2009-06-11 03:12:37 ----A---- C:\WINDOWS\win.ini
2009-06-11 03:09:59 ----D---- C:\Program Files\Microsoft Works
2009-06-03 14:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-26 08:47:03 ----A---- C:\WINDOWS\system32\ieframe.dll.mui
2009-05-24 12:05:31 ----D---- C:\Documents and Settings\Munky\Application Data\Protector Suite
2009-05-20 04:21:15 ----D---- C:\Documents and Settings\Munky\Application Data\Azureus
2009-05-20 03:51:24 ----D---- C:\Program Files\Vuze
2009-05-18 13:09:18 ----D---- C:\Documents and Settings\Munky\Application Data\StumbleUpon
2009-05-07 10:32:35 ----A---- C:\WINDOWS\system32\localspl.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-17 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-06-26 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-09 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-04-18 21275]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2001-06-21 73728]
R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-30 1169980]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-07-18 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 DS1410D;DS1410D; \??\C:\WINDOWS\system32\drivers\ds1410d.sys []
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 aawx1rxx;aawx1rxx; C:\WINDOWS\system32\drivers\aawx1rxx.sys []
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 E100B;Intel® PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2005-10-10 163328]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-03-21 179200]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-07-20 2109592]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-07-20 2142488]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-07-18 41752]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2007-07-18 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2007-07-18 1278104]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Sntnlusb;Rainbow USB SuperPro; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2001-06-21 20032]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-06-26 298776]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2008-04-17 1528608]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-22 147456]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-07-20 137752]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-09-07 654848]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service; C:\DOCUME~1\Munky\LOCALS~1\Temp\WZSE2.TMP\INSTAL~1.EXE []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-07-20 141848]
S2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-03-19 263168]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 StumbleUponUpdateService;StumbleUponUpdateService; C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe [2009-04-12 120168]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-07-30 12:34:30

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\RunDll32.Exe C:\WINDOWS\system32\SetupAPI.Dll,InstallHinfSection DefaultUninstall.NTx86 4 C:\WINDOWS\INF\tdudf.Inf
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Web Premium-->C:\Program Files\Common Files\Adobe\Installers\247961ef275e20c5cb073c36394ac32\Setup.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Contribute CS3-->MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}
Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{C347D234-93D8-4595-BDAA-C04638B23B48}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{6A5D1A94-624A-4D20-B178-3A283B500370}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"
Autodesk DirectConnect 2.0-->MsiExec.exe /I{C033BF6E-9D82-4E0B-A46E-ABC746D6F431}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bejeweled 2 Deluxe-->"C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
Bejeweled 2 Deluxe-->C:\WINDOWS\iun6002ev.exe "C:\Program Files\Bejeweled 2 Deluxe\irunin.ini"
BioWare Premium Module: Neverwinter Nights™ Kingmaker-->C:\NeverwinterNights\NWN\premium\uninst Neverwinter Nights™ Kingmaker.exe
Blackhawk Striker 2-->"C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\Toshiba Games\Blasterball 2 Revolution\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Chuzzle Deluxe-->"C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
Cisco Systems VPN Client 5.0.03.0530-->MsiExec.exe /X{4C271126-C295-4828-A901-5910AE0C258B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.6-->C:\Program Files\Download Manager\uninst.exe
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FATE-->"C:\Program Files\Toshiba Games\FATE\Uninstall.exe"
Free Fire Screensaver-->C:\Program Files\Free Fire Screensaver\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Development Kit 5.0 Update 8-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150080}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Logitech QuickCam-->MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic Set Editor 2 - 0.3.1 beta-->"C:\Program Files\Magic Set Editor 2\unins000.exe"
Magic Workstation 0.94f-->"C:\Program Files\Magic Workstation\unins000.exe"
Mah Jong Quest-->"C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maya 2008 Documentation (en_US)-->MsiExec.exe /I{6C70ACE2-6EF2-4F8D-8C4A-78198AA979DD}
Maya 2008-->MsiExec.exe /I{DA864DC0-0BF2-454B-A6A9-08A45EB97D3B}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MTG GamePack for Magic Workstation-->"C:\Program Files\Magic Workstation\unins001.exe"
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Neverwinter Nights Gold Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4C10EEF-D26C-410D-82E7-73370C6FD812}\Setup.exe" -l0x9
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Penguins!-->"C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"
Polar Bowler-->"C:\Program Files\TOSHIBA Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\Toshiba Games\Polar Golfer\Uninstall.exe"
PopCap Browser Plugin-->C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SCRABBLE-->"C:\Program Files\TOSHIBA Games\SCRABBLE\Uninstall.exe"
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sentinel System Driver-->C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
StumbleUpon IE Toolbar-->C:\Program Files\StumbleUpon\uninstall.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64}
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Direct Disc Writer-->MsiExec.exe /X{400830CA-F056-4BBE-80A3-9DF9CA4FB889}
TOSHIBA Disc Creator-->MsiExec.exe /X{529DDE6B-4F31-438B-B218-F36266ABD8C0}
TOSHIBA Display Devices Change Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA Game Console-->"C:\Program Files\WildTangent\Apps\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
Toshiba Media Center Game Console-->MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}
TOSHIBA Password Utility-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74} /l1033
TOSHIBA PC Diagnostic Tool-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2C38F661-26B7-445D-B87D-B53FE2D3BD42} /l1033
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Boot Utility-->MsiExec.exe /X{BBF5493A-05FB-4449-90DE-84A61EB78154}
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad On/Off Utility V2.05.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24300A63-DD78-4AA5-A914-4D582C41D33A}\Setup.exe" -uninst
TOSHIBA Utilities-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{56190F69-01D3-46CA-9861-43377C5E9B87} /l1033
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
Update for Windows Internet Explorer 7 (KB928089)-->"C:\WINDOWS\ie7updates\KB928089\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vuze-->C:\Program Files\Vuze\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\setup.exe" -l0x9
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: TOBAY
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0018DE283F7E. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 3689
Source Name: Dhcp
Time Written: 20090610172839.000000-300
Event Type: warning
User:

Computer Name: TOBAY
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3688
Source Name: Tcpip
Time Written: 20090610052336.000000-300
Event Type: warning
User:

Computer Name: TOBAY
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3686
Source Name: Tcpip
Time Written: 20090610042859.000000-300
Event Type: warning
User:

Computer Name: TOBAY
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3685
Source Name: Tcpip
Time Written: 20090610040139.000000-300
Event Type: warning
User:

Computer Name: TOBAY
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 3684
Source Name: Tcpip
Time Written: 20090610034126.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: TOBAY
Event Code: 20
Message:
Record Number: 7962
Source Name: Google Update
Time Written: 20090523181939.000000-300
Event Type: error
User: TOBAY\Munky

Computer Name: TOBAY
Event Code: 20
Message:
Record Number: 7961
Source Name: Google Update
Time Written: 20090523171939.000000-300
Event Type: error
User: TOBAY\Munky

Computer Name: TOBAY
Event Code: 20
Message:
Record Number: 7960
Source Name: Google Update
Time Written: 20090523162027.000000-300
Event Type: error
User: TOBAY\Munky

Computer Name: TOBAY
Event Code: 20
Message:
Record Number: 7957
Source Name: Google Update
Time Written: 20090522122147.000000-300
Event Type: error
User: TOBAY\Munky

Computer Name: TOBAY
Event Code: 1802
Message: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Record Number: 7951
Source Name: SecurityCenter
Time Written: 20090521120357.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=c:\cygwin\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f06
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 05 August 2009 - 12:16 AM

Ok, skip GMER, I can see a trace of rootkit inside the computer.. Lets do this..

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Jivatma

Jivatma
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 06 August 2009 - 07:27 AM

ComboFix 09-08-04.04 - Munky 08/06/2009 7:03.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.624 [GMT -5:00]
Running from: c:\documents and settings\Munky\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
c:\windows\Installer\1211d015.msi
c:\windows\Installer\17dc258.msp
c:\windows\Installer\6d8484a.msi
c:\windows\kb913800.exe
c:\windows\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
c:\windows\system32\drivers\hjgruiaxruobqf.sys
c:\windows\system32\hjgruiflmkbbgf.dat
c:\windows\system32\hjgruignvbenwo.dll
c:\windows\system32\hjgruiiktdbsof.dat
c:\windows\system32\hjgruirkdlcguv.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiuqjsrpqk


((((((((((((((((((((((((( Files Created from 2009-07-06 to 2009-08-06 )))))))))))))))))))))))))))))))
.

2009-08-03 20:58 . 2009-08-04 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\16635004
2009-07-30 17:34 . 2009-07-30 17:34 -------- d-----w- C:\rsit
2009-07-29 22:03 . 2009-08-03 21:24 -------- d-----w- c:\program files\ERUNT
2009-07-29 00:36 . 2009-05-27 00:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-07-27 03:50 . 2009-07-27 03:50 -------- d-----w- c:\program files\Trend Micro
2009-07-26 09:50 . 2009-07-26 10:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-26 08:07 . 2009-07-26 08:07 -------- d-----w- c:\documents and settings\Munky\Application Data\Malwarebytes
2009-07-26 08:07 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-26 08:07 . 2009-07-26 08:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-26 08:07 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-26 08:07 . 2009-07-26 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-17 20:54 . 2009-08-01 03:55 -------- d-----w- c:\documents and settings\Munky\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-06 11:38 . 2008-09-28 00:06 -------- d-----w- c:\documents and settings\Munky\Application Data\mIRC
2009-08-04 19:33 . 2008-09-28 00:06 -------- d-----w- c:\program files\mIRC
2009-08-04 18:37 . 2007-09-08 07:21 -------- d-----w- c:\program files\World of Warcraft
2009-08-01 08:13 . 2009-05-13 21:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 00:36 . 2007-07-19 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-26 09:16 . 2007-10-19 02:20 32 ----a-w- c:\windows\popcinfo.dat
2009-07-23 09:46 . 2007-05-14 03:04 -------- d-----w- c:\program files\Warcraft III
2009-07-17 21:02 . 2009-02-23 10:08 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 16:12 . 2006-08-18 23:48 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-08-18 23:47 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-08-18 23:47 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-26 21:52 . 2009-02-23 10:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-26 21:52 . 2009-02-23 10:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 22:59 . 2006-08-19 01:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-16 22:58 . 2006-08-19 02:51 -------- d-----w- c:\program files\Google
2009-06-16 14:36 . 2006-08-18 23:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-08-18 23:47 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 08:09 . 2006-08-19 01:16 -------- d-----w- c:\program files\Microsoft Works
2009-06-03 19:09 . 2006-08-18 23:48 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-27 20:51 . 2009-05-27 20:51 7882936 ---h--w- c:\documents and settings\Munky\Application Data\mjusbsp\ar00000\upgrade.exe
2009-05-10 00:54 . 2009-02-23 10:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2007-11-28 19:12 . 2007-04-25 12:02 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-11-28 19:12 . 2007-04-25 12:02 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-11-28 19:12 . 2007-04-25 12:02 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-11-28 19:12 . 2007-04-25 12:02 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-11-28 19:12 . 2007-04-25 12:02 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2007-03-05 1103480]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-13 486856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"ares"="c:\program files\Ares\Ares.exe" [2008-08-21 888832]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Munky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"ares ultra"="c:\program files\Ares Ultra\AresUltra.exe" [2008-07-04 3266560]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"cdloader"="c:\documents and settings\Munky\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-07-05 258048]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-30 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-30 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-30 118784]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-08-19 98304]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-09-23 144792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 2027792]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-26 1948440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-12-13 88204]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-04-25 315392]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2006-04-25 110592]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-03-17 593920]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]

c:\documents and settings\Munky\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
PowerReg Scheduler V3.exe [2008-4-17 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-18 155648]
VPN Client.lnk - c:\windows\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico [2008-9-8 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-26 21:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Ares Ultra\\AresUltra.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Autodesk\\Maya2008\\bin\\maya.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_08\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\Munky\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"6112:TCP"= 6112:TCP:Blizzard Downloader - 6112
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/28/2004 1:31 AM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [8/18/2006 9:17 PM 6144]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/23/2009 5:08 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/23/2009 5:08 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/23/2009 5:08 AM 298776]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2007 8:51 PM 24652]
S2 CiscoVpnInstallService;Cisco Systems, Inc. Installer service;c:\docume~1\Munky\LOCALS~1\Temp\WZSE2.TMP\INSTAL~1.EXE --> c:\docume~1\Munky\LOCALS~1\Temp\WZSE2.TMP\INSTAL~1.EXE [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [4/12/2009 1:19 PM 120168]
.
Contents of the 'Scheduled Tasks' folder

2007-07-31 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8177863125.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2009-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1360244760-1217302374-3103346670-1005Core.job
- c:\documents and settings\Munky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:53]

2009-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1360244760-1217302374-3103346670-1005UA.job
- c:\documents and settings\Munky\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:53]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://sc.scenecaster.com/release_3_10_41/View22RTEv4.cab
FF - ProfilePath - c:\documents and settings\Munky\Application Data\Mozilla\Firefox\Profiles\ftp89cc3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-06 07:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1360244760-1217302374-3103346670-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7BCE9C9A-4678-0619-4B57-824647A7A181}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaknmpffie"=hex:66,61,61,70,66,61,6c,6e,6f,63,62,6d,00,31
"dabnppce"=hex:64,62,6f,6c,6f,61,69,6d,6f,6a,68,6d,67,69,62,6c,6f,6b,6d,6c,66,
6b,68,62,64,6b,6a,61,68,6e,61,6d,6f,64,6b,70,70,6a,64,70,00,00
"iacmmpildmogmcbbpp"=hex:6a,61,68,64,6a,69,68,6f,63,6f,6a,6d,63,61,62,67,6d,64,
61,67,00,00
"hailonkfncobijac"=hex:6a,61,68,64,6a,69,68,6f,63,6f,6a,6d,63,61,62,67,6d,64,
61,67,00,00

[HKEY_USERS\S-1-5-21-1360244760-1217302374-3103346670-1005\Software\SecuROM\License information*]
"datasecu"=hex:ca,89,fd,a5,23,8a,94,13,94,ba,ff,e4,7f,9b,66,cb,f6,b6,b8,17,ec,
e8,36,9a,f1,88,50,a6,76,ec,a1,29,b1,ef,ed,76,cd,8e,9c,b7,8d,ba,dd,ac,a4,3f,\
"rkeysecu"=hex:c7,62,bf,4c,2b,ae,b4,26,b2,16,c4,5a,25,cf,a3,e1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll

- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2009-08-06 7:16
ComboFix-quarantined-files.txt 2009-08-06 12:16

Pre-Run: 14,996,402,176 bytes free
Post-Run: 15,763,255,296 bytes free

271 --- E O F --- 2009-08-01 08:01

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 06 August 2009 - 08:42 AM

Please show hidden files and folders

Find and delete this folder manually

c:\documents and settings\All Users\Application Data\16635004



Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Jivatma

Jivatma
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 06 August 2009 - 08:28 PM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=bc1a50649151c149985fc95a239da7fa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-07 01:16:38
# local_time=2009-08-06 08:16:38 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 37 83 100 17432592500000
# scanned=230647
# found=0
# cleaned=0
# scan_time=4926

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:04:29 AM

Posted 07 August 2009 - 02:24 AM

Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Jivatma

Jivatma
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:29 PM

Posted 07 August 2009 - 05:04 PM

Computer runs great! No more random linking off google searches! Thanx a lot fenzo! <3




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users