View Full Version : Can't get rid of Virtumonde
Hi,
I ran Spybot and found a few instance of Virtumonde. I tried to clean it, but when I ran Spybot again during Windows startup it showed up again. Once again I tried cleaning it and restarted my computer, but it continues to show up.
I'd really appreciate it if someone could help me get rid of this.
I've posted my HJT log below:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:55 PM, on 12/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on SIYAMU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on SIYAMU" /O17 "\\SIYAMU\EPSONSty" /M "Stylus CX3800"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Auto EPSON Stylus CX3800 Series on SIYAMU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on SIYAMU" /M "Stylus CX3800" /EF "HKCU"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O20 - AppInit_DLLs: urambf.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
--
End of file - 8554 bytes
Dakeyras
2008-12-04, 01:33
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hi Aggie49 and welcome to Safer Networking :)
I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal proccess.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Extra note: Please be aware as I am still in training all of my fixes/posts require prior checking by a Expert. So some delays may be inevitable, please be patient and I will reply again asap.
Thanks Dakeyras! I really appreciate this and eagerly await your reply
Dakeyras
2008-12-05, 15:07
Hi :)
Thanks Dakeyras! I really appreciate this and eagerly await your reply
You're welcome!
Very Important!:
At present I see no indication of a Anti-Virus application either active and or installed. This is not a safe practice and a sure way of actually leaving your machine vulnerable to more malware and re-infection etc.
Download just one only of the two free anti-virus programs listed below please and Install>> Update >> Carry Out a Complete Scan.
Have it fix anything it finds.
AntiVir Free. (http://www.free-av.com/)
Avast Home Edition. (http://www.avast.com/eng/down_home.html)
Next:
We need to disable the registry guard feature of Spybot S&D as follows as it may interfere with the malware removal process.
Disable Spybot's TeaTimer:.
This is a two step process.
First step:
Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the older version 1.4, Click on Exit Spybot S&D Resident
If you have the new version 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless. Second step, For Either Version:
Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident (shows a red/white shield).
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.
Next:
Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please post that log in your next reply. The log can also be found here:
Launch Malwarebytes' Anti-Malware
Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
Next:
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.Please make sure that RSIT.exe is on the your Desktop before running the application.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
When completed the above, please post back the following:
Malwarebytes' Anti-Malware Log.
Both RSIT logs.
Thanks again Dakeyras!
Did what you asked
Heres my Malware Byte's Anti Malware Log:
Malwarebytes' Anti-Malware 1.31
Database version: 1463
Windows 5.1.2600 Service Pack 2
12/5/2008 12:30:17 PM
mbam-log-2008-12-05 (12-30-17).txt
Scan type: Full Scan (C:\|)
Objects scanned: 93546
Time elapsed: 50 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvuofys (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9fea4040-6de9-49d3-a2e2-876fafad1eab} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{a63e645f-13bd-45ed-b15f-6e8c1bd57279} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\tuvUOFYS.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\PWJNXIVS\kb435[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C74F877F-F337-4115-9A47-B71C0D9BB1C7}\RP107\A0022658.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C74F877F-F337-4115-9A47-B71C0D9BB1C7}\RP109\A0022713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C74F877F-F337-4115-9A47-B71C0D9BB1C7}\RP109\A0022714.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C74F877F-F337-4115-9A47-B71C0D9BB1C7}\RP109\A0022715.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C74F877F-F337-4115-9A47-B71C0D9BB1C7}\RP109\A0022716.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C74F877F-F337-4115-9A47-B71C0D9BB1C7}\RP109\A0022717.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lnghkurg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bydhnd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
RSIT info.txt log:
info.txt logfile of random's system information tool 1.04 2008-12-05 12:31:39
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AbiWord 2.6.3-->C:\Program Files\AbiSuite2\UninstallAbiWord2.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Alias SketchBook Pro 1.01-->MsiExec.exe /X{0698BDA1-ACF3-4A5F-8A9B-F655C9E49AFC}
Alps Pointing-device Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Amaya-->"C:\Program Files\Amaya\Uninstall.exe"
Atheros Wireless LAN MiniPCI card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}\Setup.exe" -l0x9
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CardBus driver-->"C:\Program Files\CardBus\driver\Setup.exe" /REMOVECARDBUS
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Exact Audio Copy 0.99pb3-->C:\Program Files\Exact Audio Copy\uninst.exe
FranklinCovey TabletPlanner-->MsiExec.exe /I{20348F6A-38D0-45F6-A103-C6FB2CD5695B}
GIMP 2.4.5-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0510E9B6-C4C9-4C1D-8FE9-89EDDAA54958}\SETUP.EXE" -L0x9
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C# 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{A4418082-E601-3954-805B-D56A2B50EC8B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvts.inf
Pinnacle MediaCenter-->"C:\Program Files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe"UNINSTALL /l0x0009
Real Alternative 1.8.0-->"C:\Program Files\Real Alternative\unins000.exe"
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symbol Commander-->C:\WINDOWS\svae_unst.exe
Tablet PC Tutorials for Microsoft Windows XP SP2-->MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}
TOSHIBA Accelerometer Utilities-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Acceleration Utilities\Uninst.isu" -c"C:\Program Files\TOSHIBA\Acceleration Utilities\SETUPSUB.dll"
TOSHIBA Audio Effect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC99D835-CA4A-4E58-82F6-31D0ACF0CACA}\Setup.exe" /T24C502C5
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0x9
TOSHIBA Display Devices Change Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA Fax Extension-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC200C3-A4C8-401C-A5A8-202BE888B165}\setup.exe"
TOSHIBA Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA M200 Demo Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{596EB055-A16F-4125-80A5-6AD728F2907B}\Setup.exe"
TOSHIBA Mobile Extension3 for Windows XP V3.65.00.XP-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TME3\Uninst.isu" -c"C:\Program Files\TOSHIBA\TME3\uninstx.dll"
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA Rotation Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53554FA3-F658-40F4-A7C6-4CD6F776A8F0}\Setup.exe"
TOSHIBA SD Memory Boot Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F816A1EB-392D-459C-A5A2-8C8B9CD75446}\Setup.exe"
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}\setup.exe"
TOSHIBA Tablet Access Code Logon Utility V1.02.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TSigReco\Uninst.isu" -c"C:\Program Files\TOSHIBA\TSigReco\TSigInst.dll"
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA TouchPad On/Off Utility V2.05.00-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities-->tutildel.exe
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
TVUPlayer 2.4.0.1-->C:\Program Files\TVUPlayer\uninst.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891220-->C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\Setup.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Avira AntiVir PersonalEdition
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
RSIT log.txt log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by user at 2008-12-05 12:31:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 32 GB (55%) free of 57 GB
Total RAM: 1535 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:38 PM, on 12/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8BEB2F12-0AAF-4D2B-A8BE-46AB8AC68956} - (no file)
O2 - BHO: (no name) - {E4339534-E71C-42D0-B6BD-F16F1CBFA6CC} - C:\WINDOWS\system32\mlJCSkhI.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on SIYAMU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on SIYAMU" /O17 "\\SIYAMU\EPSONSty" /M "Stylus CX3800"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Auto EPSON Stylus CX3800 Series on SIYAMU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on SIYAMU" /M "Stylus CX3800" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
--
End of file - 9591 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BEB2F12-0AAF-4D2B-A8BE-46AB8AC68956}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4339534-E71C-42D0-B6BD-F16F1CBFA6CC}]
C:\WINDOWS\system32\mlJCSkhI.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-04-15 4866048]
"nwiz"=nwiz.exe /installquiet []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-07-17 159744]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-09-26 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2004-08-10 258048]
"CrossMenu"=C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe [2004-02-27 798720]
"TapButt"=C:\Program Files\Toshiba\TapButton\TapButt.exe [2003-10-31 176128]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"TAcelMgr"=C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe [2003-11-04 90112]
"TSkrMain"=C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe [2004-06-30 49152]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-06-01 278528]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-10-15 73728]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-09-09 49152]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2004-03-25 126976]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2004-05-26 77824]
"TosRotation"=C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe [2004-01-29 266240]
"TAudEffect"=C:\Program Files\Toshiba\TAudEffect\TAudEff.exe [2004-03-08 270400]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2003-12-03 131072]
"NDSTray.exe"=NDSTray.exe []
"Sensiva"=C:\Symbol Commander\Sensiva.exe [2002-10-01 2052096]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-21 126976]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2003-10-20 159744]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2004-08-04 16384]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2004-08-04 271872]
"EPSON Stylus CX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
"Auto EPSON Stylus CX3800 Series on SIYAMU"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
"CFSServ.exe"=CFSServ.exe -NoClient []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Auto EPSON Stylus CX3800 Series on SIYAMU"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\user\Start Menu\Programs\Startup
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
Sticky Notes.lnk - C:\WINDOWS\system32\stikynot.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-04 47104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2004-08-04 30208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\mlJCSkhI
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\IVP\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"="C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Pinnacle\MediaCenter\Settings.exe"="C:\Program Files\Pinnacle\MediaCenter\Settings.exe:LocalSubNet:Enabled:Settings.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Documents and Settings\user\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\user\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======List of files/folders created in the last 1 months======
2008-12-05 12:31:31 ----D---- C:\rsit
2008-12-05 11:24:31 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-05 11:24:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 11:24:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 10:24:38 ----D---- C:\Program Files\Avira
2008-12-05 10:24:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-05 10:10:35 ----ASH---- C:\WINDOWS\system32\sxvgrkvu.ini
2008-12-04 10:09:03 ----ASH---- C:\WINDOWS\system32\xfepmxpt.ini
2008-12-03 14:41:24 ----D---- C:\Program Files\Trend Micro
2008-12-03 13:44:25 ----ASH---- C:\WINDOWS\system32\IhkSCJlm.ini2
2008-12-03 13:28:36 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 11:43:36 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-03 11:43:01 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-03 11:41:08 ----D---- C:\WINDOWS\system32\RsFx
2008-12-03 11:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-12-03 11:24:21 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-03 11:24:05 ----D---- C:\Program Files\Microsoft Synchronization Services
2008-12-03 11:24:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-03 11:15:49 ----D---- C:\Program Files\Microsoft.NET
2008-12-03 11:15:49 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-12-03 11:15:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-03 11:15:04 ----D---- C:\Program Files\Microsoft SDKs
2008-12-03 11:11:32 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-03 11:11:27 ----D---- C:\Program Files\MSBuild
2008-12-03 11:11:24 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 11:11:16 ----D---- C:\Program Files\Reference Assemblies
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\prntvpt.dll
2008-12-03 11:09:54 ----D---- C:\fae0c0d1e993796764a45e
2008-12-03 11:04:19 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-12-03 11:04:06 ----D---- C:\Program Files\MSXML 6.0
2008-12-03 10:28:13 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-03 09:42:53 ----D---- C:\Downloads
2008-12-02 23:12:23 ----A---- C:\WINDOWS\system32\8ffdd056-.txt
2008-12-02 23:11:51 ----ASH---- C:\WINDOWS\system32\IhkSCJlm.ini
2008-11-12 02:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 02:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
======List of files/folders modified in the last 1 months======
2008-12-05 12:31:26 ----D---- C:\WINDOWS\Prefetch
2008-12-05 12:30:17 ----D---- C:\WINDOWS\system32
2008-12-05 12:12:43 ----D---- C:\WINDOWS\Temp
2008-12-05 11:24:29 ----D---- C:\WINDOWS\system32\drivers
2008-12-05 11:24:24 ----RD---- C:\Program Files
2008-12-05 11:22:45 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-12-05 11:22:19 ----D---- C:\WINDOWS
2008-12-05 11:21:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-05 11:20:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-05 10:20:27 ----D---- C:\Program Files\Mozilla Firefox
2008-12-03 14:59:05 ----D---- C:\WINDOWS\Microsoft.Net
2008-12-03 14:59:04 ----RSD---- C:\WINDOWS\assembly
2008-12-03 13:56:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 12:42:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-03 11:43:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 11:42:01 ----SHD---- C:\WINDOWS\Installer
2008-12-03 11:36:59 ----D---- C:\WINDOWS\system32\1033
2008-12-03 11:33:57 ----D---- C:\WINDOWS\WinSxS
2008-12-03 11:32:58 ----HD---- C:\WINDOWS\inf
2008-12-03 11:25:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-03 11:22:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-03 11:22:32 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2008-12-03 11:16:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 11:11:22 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 11:10:35 ----D---- C:\WINDOWS\system32\spool
2008-12-03 11:06:01 ----D---- C:\Program Files\Internet Explorer
2008-12-03 11:04:49 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 11:31:03 ----D---- C:\WINDOWS\Help
2008-11-12 02:19:52 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-04-19 62959]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2002-12-12 99577]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-04-15 1376268]
R3 pctvnet;Pinnacle PCTV Ethernet Driver; C:\WINDOWS\system32\DRIVERS\pctvnet.sys [2004-04-05 9340]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver; C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 8832]
R3 TEchoCan;Toshiba Audio Effect; C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-02-04 30720]
R3 TMicAry;Toshiba Audio Effect with MicArray; C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 138240]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2004-04-09 45598]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w70n51;Intel(R) PRO/Wireless 2100 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2003-12-05 979840]
R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 13568]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2004-06-03 92544]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-02 36531]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 8573]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-06-24 48128]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2004-05-06 18308]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-06-03 57344]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USB28xxBGA;USB 2883 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-08-09 291200]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-09 28160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-02 1646720]
S3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-06-16 36864]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2004-04-15 77824]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2004-03-25 126976]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
Dakeyras
2008-12-08, 17:59
Hi :)
Thanks again Dakeyras!
Did what you asked
You're welcome!
I apolgise for the delay with myself replying.
OK there are three folders on your system I do not recorgnise, namely:
C:\Downloads
C:\WINDOWS\system32\RsFx
C:\fae0c0d1e993796764a45e
Please download DirLook by jpshortstuff from one of the following mirrors:
Link 1 (http://jpshortstuff.247fixes.com/DirLook.exe)
Link 2 (http://images.malwareremoval.com/jpshortstuff/DirLook.exe)
Link 3 (http://downloads.securitycadets.com/DirLook.exe)
Double-click DirLook.exe to run it. Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
Copy the content of the following codebox into the main textfield:
C:\Downloads
C:\WINDOWS\system32\RsFx
C:\fae0c0d1e993796764a45e
Click the DirLook button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\DirLook.txt)Note: Scanning may take longer for large folders.
Next:
Make sure Hidden Files are visible:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Now please open this page in your browser:
http://www.bleepingcomputer.com/submit-malware.php?channel=32
Fill in the link to topic field with a link to this topic:
http://forums.spybot.info/showthread.php?p=262471#post262471
Copy/paste the following into the Browse to the file you want to submit field:
C:\Windows\system32\digeste.dllThen press Send File, this will upload the file for analysis
Please also carry out the above for the following:
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\prntvpt.dll
Next:
You currently have installed a application called SopCast 3.0.3
SopCast is a simple, free way to broadcast video and audio or watch the video and listen to radio on the Internet. Adopting P2P (Peer-to-Peer) technology, it is very efficient and easy to use. Let anyone become a broadcaster without the costs of a powerful server and vast bandwidth. You can build your own TV stations comparable with large commercial sites with minimal resources. Version 2.0.4 includes VoD feature.
Do you actually use this software, while not exactly un-safe I would be cautious about using this.
There is also evidance of a P2P (Peer-to-Peer) namely uTorrent, this I will be targeting for removal per the forum policy in place:
http://forums.spybot.info/showthread.php?t=282
Please respect my decision for doing so and it is in your own best interest to comply for the below reason:
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please go here (http://www.aumha.org/downloads/erunt-setup.exe) and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Install ERUNT by following the prompts.
Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Next:
Please download OTMoveIT3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) to your Desktop.
Double-click OTMoveIt3.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
:Files
C:\WINDOWS\system32\sxvgrkvu.ini
C:\WINDOWS\system32\xfepmxpt.ini
C:\WINDOWS\system32\IhkSCJlm.ini2
C:\WINDOWS\system32\mlJCSkhI
C:\WINDOWS\system32\8ffdd056-.txt
C:\WINDOWS\system32\IhkSCJlm.ini
C:\urambf.dll /s
C:\Program Files\uTorrent
:Reg
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BEB2F12-0AAF-4D2B-A8BE-46AB8AC68956}]
[-HKEY_CLASSES_ROOT\CLSID\{8BEB2F12-0AAF-4D2B-A8BE-46AB8AC68956}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4339534-E71C-42D0-B6BD-F16F1CBFA6CC}]
[-HKEY_CLASSES_ROOT\CLSID\{E4339534-E71C-42D0-B6BD-F16F1CBFA6CC}]
:Commands
[EmptyTemp]
[Reboot]
Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
Then click the red MoveIt! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Close OTMoveIt3.
Next:
Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
Double click once on RSIT.exe
RSIT will start running, at the disclaimer click on Continue.
When done, 1 log will be produced.
Post that in your next reply.
When completed the above, please post back the following:
File submission results.
DirLook.txt.
OTMoveIT3 Log.
A new RSIT Log.
Did what you asked & removed Sopcast at your recommendation, but I had a few issues:
First I tried uploading C:\Windows\system32\digeste.dll on the bleepingcomputer.com page, but I couldn't find digeste.dll in my C:\Windows\system32\ folder. I did however find digest.dll so I posted that just in case that was what you were looking for.
Also I didn't get any results from the file submissions, just the following reply:
"Your file was successfully submitted. Please let the user helping you know that you have submitted the file."
Also after I ran OTMoveIT3 I got a 'Blue Screen' after it asked me to reboot. And after it did reboot I received a couple of error messages from Windows. Plus my Startup Screen for Tablet PC didn't show up properly.
My logs are posted below:
DirLook.txt
DirLook.exe v2.0 by jpshortstuff
Log created at 10:36 on 08/12/2008
==================================
Contents of "C:\Downloads"
---FOLDERS---
(none found)
---FILES---
7_2_hofsetz.ppt (1518592 bytes - created on 05/12/2008 at 22:19, modified on 05/12/2008 at 22:19) --a---
abiword-setup-2.6.3.exe (5938861 bytes - created on 16/06/2008 at 09:22, modified on 16/06/2008 at 09:23) --a---
abwsx1.exe (747763 bytes - created on 05/06/2008 at 17:29, modified on 05/06/2008 at 17:29) --a---
AdbeRdr90_en_US.exe (35124856 bytes - created on 12/09/2008 at 03:23, modified on 12/09/2008 at 03:30) --a---
antivir_workstation_winu_en_h.exe (22058104 bytes - created on 05/12/2008 at 18:14, modified on 05/12/2008 at 18:19) --a---
converter.exe (5254656 bytes - created on 12/05/2008 at 00:11, modified on 12/05/2008 at 00:13) --a---
CuteWriter.exe (1612672 bytes - created on 12/05/2008 at 00:12, modified on 12/05/2008 at 00:13) --a---
DirLook.exe (199680 bytes - created on 08/12/2008 at 18:35, modified on 08/12/2008 at 18:35) --a---
eac-0.99pb3.exe (2428988 bytes - created on 17/06/2008 at 17:51, modified on 17/06/2008 at 17:52) --a---
eac-0.99pb4.exe (2567880 bytes - created on 17/06/2008 at 17:45, modified on 17/06/2008 at 17:45) --a---
epson11528.exe (6513664 bytes - created on 09/05/2008 at 06:01, modified on 09/05/2008 at 06:02) --a---
hadith.exe (7775832 bytes - created on 06/09/2008 at 09:21, modified on 06/09/2008 at 09:23) --a---
HiJackThis.exe (401720 bytes - created on 03/12/2008 at 22:40, modified on 03/12/2008 at 22:40) --a---
HJTInstall.exe (812344 bytes - created on 03/12/2008 at 22:41, modified on 03/12/2008 at 22:41) --a---
Inkscape-0.46.win32.exe (35074836 bytes - created on 05/06/2008 at 19:23, modified on 05/06/2008 at 19:31) --a---
mbam-setup.exe (2539168 bytes - created on 05/12/2008 at 18:20, modified on 05/12/2008 at 18:20) --a---
msgr9us.exe (433016 bytes - created on 23/08/2008 at 05:38, modified on 23/08/2008 at 05:38) --a---
ppt2html.exe (724168 bytes - created on 08/12/2008 at 00:08, modified on 08/12/2008 at 00:08) --a---
realalt180.exe (6416469 bytes - created on 03/06/2008 at 04:31, modified on 03/06/2008 at 04:32) --a---
spybotsd152.exe (9722720 bytes - created on 05/06/2008 at 17:22, modified on 05/06/2008 at 17:24) --a---
switchsetup.exe (399000 bytes - created on 08/05/2008 at 22:19, modified on 30/05/2008 at 06:31) --a---
vcssetup.exe (2714112 bytes - created on 03/12/2008 at 17:43, modified on 03/12/2008 at 17:43) --a---
winff041setup.exe (3553291 bytes - created on 16/06/2008 at 23:22, modified on 16/06/2008 at 23:23) --a---
wmp11-windowsxp-x86-enu.exe (25755448 bytes - created on 18/06/2008 at 07:24, modified on 18/06/2008 at 07:30) --a---
==================================
Contents of "C:\WINDOWS\system32\RsFx"
---FOLDERS---
(none found)
---FILES---
(none found)
==================================
Contents of "C:\fae0c0d1e993796764a45e"
---FOLDERS---
amd64 (Created on 03/12/2008 at 19:10) d-----
i386 (Created on 03/12/2008 at 19:10) d-----
---FILES---
(none found)
==================================
=EOF=
OTMoveIT3 log
========== FILES ==========
C:\WINDOWS\system32\sxvgrkvu.ini moved successfully.
C:\WINDOWS\system32\xfepmxpt.ini moved successfully.
C:\WINDOWS\system32\IhkSCJlm.ini2 moved successfully.
File/Folder C:\WINDOWS\system32\mlJCSkhI not found.
C:\WINDOWS\system32\8ffdd056-.txt moved successfully.
C:\WINDOWS\system32\IhkSCJlm.ini moved successfully.
File/Folder C:\urambf.dll not found.
C:\Program Files\uTorrent moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8BEB2F12-0AAF-4D2B-A8BE-46AB8AC68956}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{8BEB2F12-0AAF-4D2B-A8BE-46AB8AC68956}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4339534-E71C-42D0-B6BD-F16F1CBFA6CC}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{E4339534-E71C-42D0-B6BD-F16F1CBFA6CC}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_avELyWGkrfH6wQf6PEZq scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF1066.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF1078.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF6F03.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\~DF6F15.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12082008_105621
Files moved on Reboot...
C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_avELyWGkrfH6wQf6PEZq moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\WCESLog.log moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\~DF1066.tmp moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\~DF1078.tmp moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\~DF6F03.tmp moved successfully.
C:\DOCUME~1\user\LOCALS~1\Temp\~DF6F15.tmp moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\urlclassifier3.sqlite moved successfully.
RSIT log.txt
Logfile of random's system information tool 1.04 (written by random/random)
Run by user at 2008-12-08 11:08:16
Microsoft Windows XP Professional Service Pack 2
System drive C: has 35 GB (62%) free of 57 GB
Total RAM: 1535 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:23 AM, on 12/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on SIYAMU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on SIYAMU" /O17 "\\SIYAMU\EPSONSty" /M "Stylus CX3800"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Auto EPSON Stylus CX3800 Series on SIYAMU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on SIYAMU" /M "Stylus CX3800" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
--
End of file - 9230 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-04-15 4866048]
"nwiz"=nwiz.exe /installquiet []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-07-17 159744]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-09-26 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2004-08-10 258048]
"CrossMenu"=C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe [2004-02-27 798720]
"TapButt"=C:\Program Files\Toshiba\TapButton\TapButt.exe [2003-10-31 176128]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"TAcelMgr"=C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe [2003-11-04 90112]
"TSkrMain"=C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe [2004-06-30 49152]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-06-01 278528]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-10-15 73728]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-09-09 49152]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2004-03-25 126976]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2004-05-26 77824]
"TosRotation"=C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe [2004-01-29 266240]
"TAudEffect"=C:\Program Files\Toshiba\TAudEffect\TAudEff.exe [2004-03-08 270400]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2003-12-03 131072]
"NDSTray.exe"=NDSTray.exe []
"Sensiva"=C:\Symbol Commander\Sensiva.exe [2002-10-01 2052096]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-21 126976]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2003-10-20 159744]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2004-08-04 16384]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2004-08-04 271872]
"EPSON Stylus CX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
"Auto EPSON Stylus CX3800 Series on SIYAMU"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
"CFSServ.exe"=CFSServ.exe -NoClient []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Auto EPSON Stylus CX3800 Series on SIYAMU"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\user\Start Menu\Programs\Startup
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
Sticky Notes.lnk - C:\WINDOWS\system32\stikynot.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-04 47104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2004-08-04 30208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\IVP\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"="C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Pinnacle\MediaCenter\Settings.exe"="C:\Program Files\Pinnacle\MediaCenter\Settings.exe:LocalSubNet:Enabled:Settings.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Documents and Settings\user\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\user\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======List of files/folders created in the last 1 months======
2008-12-08 10:56:21 ----D---- C:\_OTMoveIt
2008-12-08 10:52:06 ----D---- C:\ERDNT Backups
2008-12-08 10:50:38 ----D---- C:\Program Files\ERUNT
2008-12-08 10:36:53 ----A---- C:\DirLook.txt
2008-12-05 12:31:31 ----D---- C:\rsit
2008-12-05 11:24:31 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-05 11:24:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 11:24:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 10:24:38 ----D---- C:\Program Files\Avira
2008-12-05 10:24:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-03 14:41:24 ----D---- C:\Program Files\Trend Micro
2008-12-03 13:28:36 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 11:43:36 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-03 11:43:01 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-03 11:41:08 ----D---- C:\WINDOWS\system32\RsFx
2008-12-03 11:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-12-03 11:24:21 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-03 11:24:05 ----D---- C:\Program Files\Microsoft Synchronization Services
2008-12-03 11:24:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-03 11:15:49 ----D---- C:\Program Files\Microsoft.NET
2008-12-03 11:15:49 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-12-03 11:15:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-03 11:15:04 ----D---- C:\Program Files\Microsoft SDKs
2008-12-03 11:11:32 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-03 11:11:27 ----D---- C:\Program Files\MSBuild
2008-12-03 11:11:24 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 11:11:16 ----D---- C:\Program Files\Reference Assemblies
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\prntvpt.dll
2008-12-03 11:09:54 ----D---- C:\fae0c0d1e993796764a45e
2008-12-03 11:04:19 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-12-03 11:04:06 ----D---- C:\Program Files\MSXML 6.0
2008-12-03 10:28:13 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-03 09:42:53 ----D---- C:\Downloads
2008-11-12 02:19:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 02:19:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
======List of files/folders modified in the last 1 months======
2008-12-08 11:05:01 ----D---- C:\WINDOWS\Prefetch
2008-12-08 11:00:54 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 10:59:44 ----D---- C:\WINDOWS
2008-12-08 10:59:23 ----D---- C:\WINDOWS\Temp
2008-12-08 10:59:22 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-12-08 10:57:07 ----RD---- C:\Program Files
2008-12-08 10:56:21 ----D---- C:\WINDOWS\system32
2008-12-07 23:05:13 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 19:30:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-07 16:13:47 ----HD---- C:\WINDOWS\inf
2008-12-05 11:24:29 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 14:59:05 ----D---- C:\WINDOWS\Microsoft.Net
2008-12-03 14:59:04 ----RSD---- C:\WINDOWS\assembly
2008-12-03 13:56:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 12:42:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-03 11:43:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 11:42:01 ----SHD---- C:\WINDOWS\Installer
2008-12-03 11:36:59 ----D---- C:\WINDOWS\system32\1033
2008-12-03 11:33:57 ----D---- C:\WINDOWS\WinSxS
2008-12-03 11:25:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-03 11:22:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-03 11:22:32 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2008-12-03 11:16:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 11:11:22 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 11:10:35 ----D---- C:\WINDOWS\system32\spool
2008-12-03 11:06:01 ----D---- C:\Program Files\Internet Explorer
2008-12-03 11:04:49 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 11:31:03 ----D---- C:\WINDOWS\Help
2008-11-12 02:19:52 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-04-19 62959]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2002-12-12 99577]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-04-15 1376268]
R3 pctvnet;Pinnacle PCTV Ethernet Driver; C:\WINDOWS\system32\DRIVERS\pctvnet.sys [2004-04-05 9340]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver; C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 8832]
R3 TEchoCan;Toshiba Audio Effect; C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-02-04 30720]
R3 TMicAry;Toshiba Audio Effect with MicArray; C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 138240]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2004-04-09 45598]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w70n51;Intel(R) PRO/Wireless 2100 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2003-12-05 979840]
R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 13568]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2004-06-03 92544]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-02 36531]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 8573]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-06-24 48128]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2004-05-06 18308]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-06-03 57344]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USB28xxBGA;USB 2883 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-08-09 291200]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-09 28160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-02 1646720]
S3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-06-16 36864]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2004-04-15 77824]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2004-03-25 126976]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
Just wanted to update you. I booted up my computer again, and this there were no more error messages and the Startup Screen came up normally.
Dakeyras
2008-12-11, 19:14
Hi :)
I apolgise about the file submissions dilema and myself asking you for the results. I was actually informed of the results myself.
Just wanted to update you. I booted up my computer again, and this there were no more error messages and the Startup Screen came up normally.
Thank you for informing myself. If this occurs again try your best to describe what happens and any other symtoms please, thank you.
Next:
Both your presently installed Adobe Acrobat Reader and Java Installation are out of date and some older installations also installed. Both of these when out of date can be used as a back door for malware to re-infect a computer.
Please carry out the following:
Go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):
Adobe Reader 7.0
Java 2 Runtime Environment
If you wish to re-install both of the above applications the download locations for the updated versions are:
Adobe Reader 9 (http://www.adobe.com/products/acrobat/readstep2.html) to your PC's desktop.
Note: Adobe (Acrobat) 9 is a large program and if you prefer a smaller program you can get Foxit 2.3 (http://www.foxitsoftware.com/pdf/rd_intro.php) instead.
Also please note during the installtion of the apforementioned if you choose to install this application. It has a option to install the Ask ToolBar, I advice you de-select this option.
The latest verison of Java can be downloaded from here (http://java.com/en/download/).
Note: This new version of Java will need to be installed as the Kaspersky online scan I will be asking you carry out later in this post requires this application. However if you decide not to upgrade Java inform myself in your next post please and we will use a alternative online scan.
Next:
Please navigate to Start >> All Programs >> ERUNT
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry
Current user registry
Next click on OK
When the Question pop-up appears click on Yes
After a short duration the Registry backup is complete! popup will appear
Now click on OK. A backup has been created.
Next:
Double-click OTMoveIt3.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
:Files
C:\WINDOWS\system32\mlJCSkhI.dll
C:\WINDOWS\system32\RsFx
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"=-
:Commands
[EmptyTemp]
[Reboot]
Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
Then click the red MoveIt! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Close OTMoveIt3.
Next:
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
This online tuturial (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif) will help explain how to use the aforementioned online scan.
Next:
Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)
Double click once on RSIT.exe
RSIT will start running, at the disclaimer click on Continue.
When done, 1 log will be produced.
Post that in your next reply.
When completed the above, please post back the following:
How is you computer perfoming now, any other symtoms?
OTMoveIT3 Log.
Kaspersky results.
A new RSIT Log.
Everything seems to be going fairly smootly. However, there are a couple things I wanted to mention. First each time I boot up my computer or run OTMoveIT3 Antivir reports a warning about OTMoveIT3.
Also, I'm not sure if its real or just in my head, but it seems like sometimes it takes longer than usual to load many websites
Finally, I wanted to mention that when I started up the Kaspersky online scan, it mentioned that it might not run properly if I had another Antivirus running during the scan. So, I shutdown Antivir while I ran the scan. Hope that was alright.
Otherwise everything seems to be going smoothly.
Here are my logs:
OTMoveIT3 Log:
========== FILES ==========
File/Folder C:\WINDOWS\system32\mlJCSkhI.dll not found.
C:\WINDOWS\system32\RsFx moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_ys7Q0RnorIxG2u4ddIq0 scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\user\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_ef0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12122008_121113
Files moved on Reboot...
File C:\DOCUME~1\user\LOCALS~1\Temp\etilqs_ys7Q0RnorIxG2u4ddIq0 not found!
C:\DOCUME~1\user\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_ef0.dat not found!
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\aqetbah3.default\XUL.mfl moved successfully.
Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, December 12, 2008 23:26:44
Records in database: 1456259
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
Scan statistics:
Files scanned: 45951
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:47:04
File name / Threat name / Threats count
C:\Documents and Settings\user\Desktop\OTMoveIt3.exe Infected: Backdoor.Win32.SubSeven.asu 1
The selected area was scanned.
RSIT log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by user at 2008-12-13 01:42:40
Microsoft Windows XP Professional Service Pack 2
System drive C: has 35 GB (62%) free of 57 GB
Total RAM: 1535 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:47 AM, on 12/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\Toshiba\TAudEffect\TAudEff.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Documents and Settings\user\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\user.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\Toshiba\TAudEffect\TAudEff.exe /run
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on SIYAMU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on SIYAMU" /O17 "\\SIYAMU\EPSONSty" /M "Stylus CX3800"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Auto EPSON Stylus CX3800 Series on SIYAMU] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P41 "Auto EPSON Stylus CX3800 Series on SIYAMU" /M "Stylus CX3800" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Startup: Sticky Notes.lnk = C:\WINDOWS\system32\stikynot.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
--
End of file - 9480 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-12 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-12 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-12 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2004-04-15 4866048]
"nwiz"=nwiz.exe /installquiet []
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-04-01 1368064]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2003-07-17 159744]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-09-26 184320]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-02-20 88363]
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2004-08-10 258048]
"CrossMenu"=C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe [2004-02-27 798720]
"TapButt"=C:\Program Files\Toshiba\TapButton\TapButt.exe [2003-10-31 176128]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"TAcelMgr"=C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe [2003-11-04 90112]
"TSkrMain"=C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe [2004-06-30 49152]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-06-01 278528]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-10-15 73728]
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-09-09 49152]
"TMESRV.EXE"=C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE [2004-03-25 126976]
"TMERzCtl.EXE"=C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE [2004-05-26 77824]
"TosRotation"=C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe [2004-01-29 266240]
"TAudEffect"=C:\Program Files\Toshiba\TAudEffect\TAudEff.exe [2004-03-08 270400]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2003-12-03 131072]
"NDSTray.exe"=NDSTray.exe []
"Sensiva"=C:\Symbol Commander\Sensiva.exe [2002-10-01 2052096]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-01-21 126976]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2003-10-20 159744]
"TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2004-08-04 16384]
"TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2004-08-04 271872]
"EPSON Stylus CX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
"Auto EPSON Stylus CX3800 Series on SIYAMU"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
"CFSServ.exe"=CFSServ.exe -NoClient []
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-12 136600]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"Auto EPSON Stylus CX3800 Series on SIYAMU"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-08 98304]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe
C:\Documents and Settings\user\Start Menu\Programs\Startup
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
Sticky Notes.lnk - C:\WINDOWS\system32\stikynot.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-04 47104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2004-08-04 30208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-04 239616]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\IVP\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"="C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Pinnacle\MediaCenter\Settings.exe"="C:\Program Files\Pinnacle\MediaCenter\Settings.exe:LocalSubNet:Enabled:Settings.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMC.exe"="C:\Program Files\Pinnacle\MediaCenter\PMC.exe:LocalSubNet:Enabled:Pmc.exe"
"C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe"="C:\Program Files\Pinnacle\MediaCenter\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Documents and Settings\user\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe"="C:\Documents and Settings\user\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe:*:Enabled:Main program for Octoshape client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
======List of files/folders created in the last 1 months======
2008-12-12 12:08:29 ----D---- C:\WINDOWS\ERDNT
2008-12-12 12:07:15 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-12 12:07:15 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-12 12:07:15 ----A---- C:\WINDOWS\system32\java.exe
2008-12-12 12:07:15 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-12 12:06:56 ----D---- C:\Program Files\Java
2008-12-12 11:57:57 ----D---- C:\WINDOWS\system32\appmgmt
2008-12-08 10:56:21 ----D---- C:\_OTMoveIt
2008-12-08 10:52:06 ----D---- C:\ERDNT Backups
2008-12-08 10:50:38 ----D---- C:\Program Files\ERUNT
2008-12-08 10:36:53 ----A---- C:\DirLook.txt
2008-12-05 12:31:31 ----D---- C:\rsit
2008-12-05 11:24:31 ----D---- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-12-05 11:24:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-05 11:24:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-05 10:24:38 ----D---- C:\Program Files\Avira
2008-12-05 10:24:38 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2008-12-03 14:41:24 ----D---- C:\Program Files\Trend Micro
2008-12-03 13:28:36 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 11:43:36 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-03 11:43:01 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-03 11:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-12-03 11:24:21 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-03 11:24:05 ----D---- C:\Program Files\Microsoft Synchronization Services
2008-12-03 11:24:04 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-03 11:15:49 ----D---- C:\Program Files\Microsoft.NET
2008-12-03 11:15:49 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-12-03 11:15:48 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-03 11:15:04 ----D---- C:\Program Files\Microsoft SDKs
2008-12-03 11:11:32 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-03 11:11:27 ----D---- C:\Program Files\MSBuild
2008-12-03 11:11:24 ----D---- C:\WINDOWS\system32\en-US
2008-12-03 11:11:16 ----D---- C:\Program Files\Reference Assemblies
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2008-12-03 11:09:55 ----A---- C:\WINDOWS\system32\prntvpt.dll
2008-12-03 11:09:54 ----D---- C:\fae0c0d1e993796764a45e
2008-12-03 11:04:19 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-12-03 11:04:06 ----D---- C:\Program Files\MSXML 6.0
2008-12-03 10:28:13 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-03 09:42:53 ----D---- C:\Downloads
======List of files/folders modified in the last 1 months======
2008-12-13 00:43:29 ----D---- C:\WINDOWS\Temp
2008-12-12 21:42:55 ----D---- C:\Program Files\Mozilla Firefox
2008-12-12 20:05:26 ----D---- C:\WINDOWS\Prefetch
2008-12-12 18:52:03 ----D---- C:\WINDOWS
2008-12-12 18:51:55 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-12-12 12:17:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-12 12:11:14 ----D---- C:\WINDOWS\system32
2008-12-12 12:07:19 ----SHD---- C:\WINDOWS\Installer
2008-12-12 12:06:56 ----RD---- C:\Program Files
2008-12-08 16:13:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-07 16:13:47 ----HD---- C:\WINDOWS\inf
2008-12-05 11:24:29 ----D---- C:\WINDOWS\system32\drivers
2008-12-03 14:59:05 ----D---- C:\WINDOWS\Microsoft.Net
2008-12-03 14:59:04 ----RSD---- C:\WINDOWS\assembly
2008-12-03 13:56:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-03 12:42:37 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-03 11:43:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-03 11:36:59 ----D---- C:\WINDOWS\system32\1033
2008-12-03 11:33:57 ----D---- C:\WINDOWS\WinSxS
2008-12-03 11:25:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-03 11:22:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-03 11:22:32 ----SD---- C:\Documents and Settings\user\Application Data\Microsoft
2008-12-03 11:16:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-03 11:11:22 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 11:10:35 ----D---- C:\WINDOWS\system32\spool
2008-12-03 11:06:01 ----D---- C:\Program Files\Internet Explorer
2008-12-03 11:04:49 ----A---- C:\WINDOWS\imsins.BAK
2008-11-14 11:31:03 ----D---- C:\WINDOWS\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 TMEI3E;TMEI3E; C:\WINDOWS\System32\Drivers\TMEI3E.SYS [2004-06-16 5888]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-04-19 62959]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-04-07 116176]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-02-20 1265388]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2002-12-12 99577]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-09-25 140800]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-04-15 1376268]
R3 pctvnet;Pinnacle PCTV Ethernet Driver; C:\WINDOWS\system32\DRIVERS\pctvnet.sys [2004-04-05 9340]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-09-11 38425]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-06-23 266880]
R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver; C:\WINDOWS\system32\DRIVERS\TBtnKey.sys [2002-09-12 8832]
R3 TEchoCan;Toshiba Audio Effect; C:\WINDOWS\system32\DRIVERS\TEchoCan.sys [2004-02-04 30720]
R3 TMicAry;Toshiba Audio Effect with MicArray; C:\WINDOWS\system32\DRIVERS\TMicAry.sys [2004-02-04 138240]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2004-04-09 45598]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w70n51;Intel(R) PRO/Wireless 2100 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2003-12-05 979840]
R3 WacomPen;Wacom Serial Pen HID Driver; C:\WINDOWS\system32\DRIVERS\wacompen.sys [2004-08-03 13568]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2004-08-03 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2004-06-03 92544]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-02 36531]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 8573]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-06-24 48128]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2004-05-06 18308]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-06-03 57344]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USB28xxBGA;USB 2883 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-08-09 291200]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-08-09 28160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 w22n51;Intel(R) PRO/Wireless 2200 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w22n51.sys [2004-01-02 1646720]
S3 w29n51;Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-08-07 3210496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-06-16 36864]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-12 152984]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2004-04-15 77824]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
R2 Tmesrv;Tmesrv3; C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe [2004-03-25 126976]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
-----------------EOF-----------------
Dakeyras
2008-12-13, 16:03
Hi :)
Everything seems to be going fairly smootly. However, there are a couple things I wanted to mention. First each time I boot up my computer or run OTMoveIT3 Antivir reports a warning about OTMoveIT3.
That is fine and thank you for bringing this to my attention. it is in-fact a False Positive on Avira Antivir's behalf.
Also, I'm not sure if its real or just in my head, but it seems like sometimes it takes longer than usual to load many websites
This could be due to your actual ISP and or also that your computer is now most likely in need of some system maintenance, we will address this particular issue shortly.
Finally, I wanted to mention that when I started up the Kaspersky online scan, it mentioned that it might not run properly if I had another Antivirus running during the scan. So, I shutdown Antivir while I ran the scan. Hope that was alright.
Technically this is correct but since only the real time protective feature of Avira Antivir, namely the guard would have been active during the scan a conflict should not occur. However temporally disabling your Anti-Virus application was a prudent move on your behalf if not sure :bigthumb:
Otherwise everything seems to be going smoothly.
That is good news indeed!
Congratulations your computer now appears to be malware free.
At some point soon I suggest you read this topic here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=34484) as in regard to the various system maintenance advice, since we have put your computer through the mill so to speak.
My actual advice would be carry out the advised maintenance a minimum of once per week to both increase system performance and stability.
Next:
Time for some housecleaning:
Please delete the following:
RSIT.exe
C:\RSIT
Empty the Recyle Bin
Clean up with OTMoveIt3:
Double-click OTMoveIt3.exe to start the program.
Close all other programs apart from OTMoveIt2 as this step will require a reboot
On the OTMoveIt main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
Hide system files:
Open My Computer.
Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Do not show hidden files and folders.
Check (tick) Hide extensions of known file types.
Check (tick) Hide protected operating system files (Recommended).
Click OK.
Close My Computer.
Reset the system restore points:
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start >> All Programs >> Accessories >> System Tools >> System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start >> Run... and type cleanmgr in the box and press OK
Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm
Optional Update Advice:
There is a new service pack for XP, namely SP3. I advice you download/install this as it will increase the security side of your system.
Download can be found here (http://www.microsoft.com/downloads/details.aspx?FamilyID=68c48dad-bc34-40be-8d85-6bb4f56f5110&displaylang=en) or the CD ordered for your country here (http://support.microsoft.com/kb/322389) <--scroll down to and click on 'How to obtain Windows XP Service Pack 3 on a CD'
Please read this Microsoft article (http://support.microsoft.com/kb/950717) before actually installing the aforementioned service pack.
Now some advice for on-line safety:
Malwarebyte's Anti-Malware:
This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.
Other installed security software:
Your presently installed Anti-Virus application, Avira Antivir automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.
I advice and run a through scan once a week.
Keep your system updated:
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.
Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates
Be careful when opening attachments and downloading files:
Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).
Stop malicious scripts:
Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript (http://www.symantec.com/avcenter/noscript.exe) by Symantec or Script Defender (http://www.analogx.com/contents/download/system/sdefend.htm) by AnalogX to handle these scripts.
Backup regularly:
You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article (http://www.microsoft.com/athome/security/update/howbackup.mspx) to learn how to backup. Follow this article (http://support.microsoft.com/kb/309340) by Microsoft to restore your backups.
Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer (http://www.bleepingcomputer.com/tutorials/tutorial127.html).
Note: You can also use the ERUNT (Emergency Recovery Utility NT) if you decide to keep this installed as a means to keep a complete backup of your registry and restore it when needed.
Make your Internet Explorer safer:
For Internet Explorer 7
Please read this article (http://surfthenetsafely.com/ieseczone8.htm) to configure Internet Explorer 7 properly.
Avoid Peer to Peer software:
P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.
Prevent a re-infection:
Enable Spybot S&D TeaTimer:
You can start Resident TeaTimer by clicking on Tools ? Resident on the left navigation bar (therefore Spybot-S&D has to run in Advanced Mode). There you can tick the checkboxes next to Resident "TeaTimer" (Protection of over-all system settings) active in order to activate TeaTimer.
Further information on how to use this application can be found here (http://www.spybot.info/en/tutorial/index.html).
Hosts File:
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.
Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.
Here are some Hosts files:
MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hphosts.mysteryfcm.co.uk/?s=Download).
Only use one of the above.
Next:
There is no sign of a software firewall installed on your system. Regardless if using a hardware type and or using the inbuilt Windows Service Pack 2(SP3 if you chose to upgrade) firewall this is a necessary application as it will also provide outbound protection where as the aforementioned do not..
I highly advise you download ONE of the following firewalls and install it. Restart the computer for changes to take effect.
Online Armour (http://www.tallemu.com/free-firewall-protection-software.html)
Sunbelt Kerio (http://www.sunbelt-software.com/Kerio.cfm)
This article is a excellent resource regarding the aforementioned firewalls: Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Finally a educational source:
To learn more about how to protect yourself while on the internet read this article by Tony Klein:
So how did I get infected in the first place? (http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=4959)
Happy/Safe Surfing :)
Thanks Dakeyras!!!
I really appreciate all the help!!!
Dakeyras
2008-12-16, 12:14
You are very welcome :)