Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MEDIAPLAYERUPGRADE.EXE

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

MEDIAPLAYERUPGRADE.EXE

Unread postby mutiger17 » August 1st, 2009, 11:58 pm

Anytime I try to play a .wma file in WMP 11, a box pops up and says i need to upgrade my version. The file it wants me to run is "mediaplayerupgrade.exe". I know this is probably malware from what i've read, i just can't get rid of it. Here is my HJT v2.0.2 file. Hope someone can help! Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:39 PM, on 8/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AAF0B-1059-43C5-852B-91678C90C1C1} - \
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\wbwxllig.dll",sitypnow
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Auto NICKS PRINTER on HOME] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "Auto NICKS PRINTER on HOME" /O20 "\\HOME\NICKS PRINTER" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://www.candystand.com/play.do?id=18036"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.5.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2925175437
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://kmanywhere.kohls.com/InternalSi ... ompMgr.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: byxxuss - byxxuss.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9899c860cf28e) (gupdate1c9899c860cf28e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 14807 bytes

THANKS! MUTIGER17
mutiger17
Active Member
 
Posts: 9
Joined: August 1st, 2009, 11:52 pm
Advertisement
Register to Remove

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby jmw3 » August 4th, 2009, 5:40 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby mutiger17 » August 7th, 2009, 12:20 am

I downloaded the DDS and saved it to my desktop, but when i tried to open and run in, i got the error "cmd is not a valid Win32 application.

Also downloaded and saved the Gmer to desktop. Ran that and it scanned for a while, then got the blue screen of death and computer restarted.

Kind of scared to do anything right now, it only bothered me when i used Win. Med. Player, but i know malware can do other things in the background.

Thanks for your reply, hopefully you can help me fix this issue
mutiger17
Active Member
 
Posts: 9
Joined: August 1st, 2009, 11:52 pm

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby jmw3 » August 7th, 2009, 1:20 am

Hi
Try these programs:
Random's System Information Tool (RSIT)
  • Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run the tool
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Copy & paste the contents of both logs in your next reply
If info.txt does not minimise to the Task Bar, you will find it in C:\rsit

SysProt
Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under Attachments, or you can get it from one of the mirrors) then unzip it into a folder on your desktop.
http://sites.google.com/site/sysprotantirootkit/
  • Double click Sysprot.exe to start the program
  • Click on the Log tab
  • In the Write to log box select all items
  • Click on the Create Log button on the bottom right
  • After a few seconds a new window should appear
  • Select Scan Root Drive then click on the Start button
  • When it is complete a new window will appear to indicate that the scan is finished
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to
  • Open the text file and copy/paste the contents of the log in your next reply
To post in next reply:
Both RSIT logs
SysProt log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby mutiger17 » August 7th, 2009, 9:59 pm

here are my results from the two programs downloaded.

RSIT LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kelly at 2009-07-07 20:48:38
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (58%) free of 95 GB
Total RAM: 1015 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:48:51 PM, on 7/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kelly\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kelly.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AAF0B-1059-43C5-852B-91678C90C1C1} - \
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\wbwxllig.dll",sitypnow
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Auto NICKS PRINTER on HOME] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "Auto NICKS PRINTER on HOME" /O20 "\\HOME\NICKS PRINTER" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://www.candystand.com/play.do?id=18036"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.5.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2925175437
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://kmanywhere.kohls.com/InternalSi ... ompMgr.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: byxxuss - byxxuss.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9899c860cf28e) (gupdate1c9899c860cf28e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 14610 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1186546666.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385AAF0B-1059-43C5-852B-91678C90C1C1}]
\ []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-06 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208]
"ThpSrv"=thpsrv /logon []
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2006-07-05 258048]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2006-04-24 315392]
"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2006-04-24 110592]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2006-03-16 593920]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-13 57344]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]
"TFncKy"=TFncKy.exe []
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976]
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-30 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-30 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-30 118784]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"EPSON Stylus CX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-07 98304]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-06-26 212992]
"DXDllRegExe"=dxdllreg.exe []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"SearchIndexer"=C:\WINDOWS\system32\wbwxllig.dll,sitypnow []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-02 1948440]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-26 177472]
"Auto NICKS PRINTER on HOME"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-07 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-06 1830128]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-06 39408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
ImageMixer 3 SE Camera Monitor Ver.5.lnk - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-01 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxxuss]
byxxuss.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-30 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-23 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\\WINDOWS\\system32\\ssqpo
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dwunxxob.exe"="C:\WINDOWS\system32\dwu"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac501fc8-22e3-11dc-9b82-0015b7851e56}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-08-01 22:33:39 ----SHD---- C:\Config.Msi
2009-07-31 22:38:34 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-29 13:45:50 ----D---- C:\Program Files\SoundTells
2009-07-16 23:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\PIXELA
2009-07-15 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-12 00:09:44 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2009-07-07 20:48:38 ----D---- C:\rsit
2009-06-25 20:09:32 ----D---- C:\Program Files\Snood 4
2009-06-22 23:50:23 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2009-06-22 23:50:23 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2009-06-11 13:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 13:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 13:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-08-05 22:00:34 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-05 20:47:52 ----D---- C:\Program Files\Whale Communications
2009-08-01 22:34:26 ----SHD---- C:\WINDOWS\Installer
2009-08-01 22:34:11 ----D---- C:\Program Files
2009-08-01 22:33:41 ----D---- C:\Program Files\Common Files\SupportSoft
2009-08-01 22:27:13 ----SHD---- C:\WINDOWS\system32
2009-07-31 22:38:35 ----HD---- C:\WINDOWS\inf
2009-07-31 22:38:35 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-31 22:37:58 ----A---- C:\WINDOWS\win.ini
2009-07-31 22:35:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-31 22:31:24 ----D---- C:\Program Files\Internet Explorer
2009-07-31 22:31:22 ----D---- C:\WINDOWS\ie8updates
2009-07-31 22:30:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-31 22:30:19 ----D---- C:\WINDOWS\system32\drivers
2009-07-31 22:30:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-31 22:25:44 ----D---- C:\Documents and Settings\Kelly\Application Data\LimeWire
2009-07-31 16:54:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 03:01:42 ----A---- C:\WINDOWS\imsins.BAK
2009-07-29 03:00:25 ----D---- C:\WINDOWS\WinSxS
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 08:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 03:05:03 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-12 22:47:48 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-12 00:09:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-09 19:05:29 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-09 18:56:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-09 18:51:11 ----RSD---- C:\WINDOWS\assembly
2009-07-09 18:47:01 ----RSD---- C:\WINDOWS\Fonts
2009-07-09 18:46:23 ----D---- C:\Program Files\Microsoft Works
2009-07-07 20:48:44 ----D---- C:\WINDOWS\Prefetch
2009-07-07 20:48:41 ----D---- C:\WINDOWS\Temp
2009-07-07 12:12:24 ----HD---- C:\$AVG8.VAULT$
2009-07-07 11:03:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-07 11:03:18 ----SD---- C:\WINDOWS\Tasks
2009-07-07 10:59:52 ----D---- C:\WINDOWS\Registration
2009-07-07 10:59:48 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-07-07 10:59:32 ----D---- C:\WINDOWS
2009-07-07 10:57:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-07 10:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-06 23:14:43 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-06 23:11:23 ----D---- C:\WINDOWS\Minidump
2009-07-03 12:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 12:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 12:09:27 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 12:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 12:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 12:09:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 12:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 12:09:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 12:09:21 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 06:01:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-07-02 08:16:53 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 13:41:15 ----D---- C:\Program Files\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-04 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-06-23 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-18 8552]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-30 1169980]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 62673]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS []
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-03-21 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0; C:\WINDOWS\system32\DRIVERS\tnet1130x.sys []
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-02 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c9899c860cf28e;Google Update Service (gupdate1c9899c860cf28e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

RSIT INFO:

info.txt logfile of random's system information tool 1.06 2009-07-07 20:48:55

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\system32\RunDll32.Exe C:\WINDOWS\system32\SetupAPI.Dll,InstallHinfSection DefaultUninstall.NTx86 4 C:\WINDOWS\INF\tdudf.Inf
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DVIA Player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 8.1.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cycle Calculator for Women-->"C:\Program Files\SoundTells\Cycle Calculator for Women\Uninstall.exe" "C:\Program Files\SoundTells\Cycle Calculator for Women\install.log"
Dassault Systemes Software Prerequisites x86-->MsiExec.exe /X{6DE6837F-F3A3-40FF-9F5C-A0B95948E32D}
Desktop Dialer-->C:\WINDOWS\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Photo & Imaging 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
ImageMixer 3 SE Ver.5 Transfer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFE492C4-A9F5-413E-A2CC-6F5F3ACC229F}\Setup.exe" -l0x9 UNINSTALL -removeonly
ImageMixer 3 SE Ver.5 Video Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B674F947-56D6-4793-B465-7D7C87E04D0C}\Setup.exe" -l0x9 UNINSTALL -removeonly
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{91120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{44A91B04-3D0C-47F9-B644-7F682869AFF3}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Music Transfer Utility Ver.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61128AC7-BD78-4D62-A114-2EF23856F558}\setup.exe" -l0x9 UNINSTALL -removeonly
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Snood 4-->"C:\Program Files\Snood 4\unins000.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4497AFF6-98C4-4F49-B073-F48F42BCBF9E} /l1033
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Direct Disc Writer-->MsiExec.exe /X{400830CA-F056-4BBE-80A3-9DF9CA4FB889}
TOSHIBA Disc Creator-->MsiExec.exe /X{529DDE6B-4F31-438B-B218-F36266ABD8C0}
TOSHIBA Display Devices Change Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TDspBtn.inf,DefaultUninstall,5
TOSHIBA HDD Protection-->MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
Toshiba Media Center Game Console-->MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}
TOSHIBA Password Utility-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C0FC3B56-E345-40CD-A5CB-7EB791CE3E74} /l1033
TOSHIBA PC Diagnostic Tool-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2C38F661-26B7-445D-B87D-B53FE2D3BD42} /l1033
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Boot Utility-->MsiExec.exe /X{BBF5493A-05FB-4449-90DE-84A61EB78154}
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad On/Off Utility V2.05.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24300A63-DD78-4AA5-A914-4D582C41D33A}\Setup.exe" -uninst
TOSHIBA Utilities-->c:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{56190F69-01D3-46CA-9861-43377C5E9B87} /l1033
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {91120000-0011-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update for Windows Internet Explorer 8 (KB968220)-->"C:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
View22-->C:\Program Files\kohler\View22\Version 3.10.50\View22_Uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth - 3DVIA (Beta)-->MsiExec.exe /X{3D87EDEC-C9CD-4B24-8CEE-5249A3517993}
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Whale Communications' Client Components v3.6-->rundll32.exe C:\WINDOWS\DOWNLO~1\WhlMgr.dll,UnInstall 3.1.0 63 0 1 3.6
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Family Safety-->MsiExec.exe /X{DC509FE5-1445-46C9-827C-6120429CB942}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-4128-8AA1-EFD5A9603C53}\setup.exe" -l0x9

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: TOSHIBA-USER
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 30151
Source Name: W32Time
Time Written: 20090619030741.000000-300
Event Type: warning
User:

Computer Name: TOSHIBA-USER
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {B79F189E-BC02-4BAC-82E7-106E32197953}

User: TOSHIBA-USER\Kelly

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: regkey:HKCU@S-1-5-21-1916318671-1386828525-4270869588-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WhlCach3.exe;runkey:HKCU@S-1-5-21-1916318671-1386828525-4270869588-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WhlCach3.exe;file:C:\Program Files\Whale Communications\Client Components\3.1.0\WhlCach3.exe

Alert Type: Unclassified software

Detection Type:

Record Number: 30126
Source Name: WinDefend
Time Written: 20090618101657.000000-300
Event Type: warning
User:

Computer Name: TOSHIBA-USER
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 30125
Source Name: W32Time
Time Written: 20090618030717.000000-300
Event Type: warning
User:

Computer Name: TOSHIBA-USER
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {31072A38-EBF4-456E-A438-9FE868E0E018}

User: TOSHIBA-USER\Kelly

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: regkey:HKCU@S-1-5-21-1916318671-1386828525-4270869588-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WhlCach3.exe;runkey:HKCU@S-1-5-21-1916318671-1386828525-4270869588-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WhlCach3.exe;file:C:\Program Files\Whale Communications\Client Components\3.1.0\WhlCach3.exe

Alert Type: Unclassified software

Detection Type:

Record Number: 30120
Source Name: WinDefend
Time Written: 20090618014108.000000-300
Event Type: warning
User:

Computer Name: TOSHIBA-USER
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409

Scan ID: {3CA97242-A3D9-4BF6-A641-3A6C8AD482CF}

User: TOSHIBA-USER\Kelly

Name: Unknown

ID:

Severity: Not Yet Classified

Category: Not Yet Classified

Path Found: regkey:HKCU@S-1-5-21-1916318671-1386828525-4270869588-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WhlCach3.exe;runkey:HKCU@S-1-5-21-1916318671-1386828525-4270869588-1005\Software\Microsoft\Windows\CurrentVersion\Run\\WhlCach3.exe;file:C:\Program Files\Whale Communications\Client Components\3.1.0\WhlCach3.exe

Alert Type: Unclassified software

Detection Type:

Record Number: 30118
Source Name: WinDefend
Time Written: 20090617230855.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: TOSHIBA-USER
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 3851
Source Name: Userenv
Time Written: 20090107234735.000000-360
Event Type: warning
User: TOSHIBA-USER\Kelly

Computer Name: TOSHIBA-USER
Event Code: 1001
Message: Fault bucket 897315410.

Record Number: 3832
Source Name: Application Hang
Time Written: 20090104195831.000000-360
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18241, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3831
Source Name: Application Hang
Time Written: 20090104195829.000000-360
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 1001
Message: Fault bucket 897315410.

Record Number: 3830
Source Name: Application Hang
Time Written: 20090104193732.000000-360
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18241, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 3829
Source Name: Application Hang
Time Written: 20090104193729.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
mutiger17
Active Member
 
Posts: 9
Joined: August 1st, 2009, 11:52 pm

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby mutiger17 » August 7th, 2009, 10:02 pm

RAN OUT OF CHARACTERS ON PREVIOUS POST.

SYSPROT LOG:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 1036
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 1148
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1216
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1228
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1400
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1468
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MsMpEng.exe
PID: 1508
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1548
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PID: 1612
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PID: 1652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1744
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1960
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 540
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 632
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 668
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 688
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 728
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PID: 740
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\DVDRAMSV.exe
PID: 788
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehrecvr.exe
PID: 808
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehSched.exe
PID: 864
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1264
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PID: 1752
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PID: 1844
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1908
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 292
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 936
Hidden: No
Window Visible: No

Name: C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PID: 2056
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 2380
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 2400
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ThpSrv.exe
PID: 3172
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\TODDSrv.exe
PID: 3200
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PID: 3276
Hidden: No
Window Visible: No

Name: C:\Program Files\Canon\CAL\CALMAIN.exe
PID: 3372
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\mcrdsvc.exe
PID: 3556
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehtray.exe
PID: 4084
Hidden: No
Window Visible: No

Name: C:\Program Files\Analog Devices\Core\smax4pnp.exe
PID: 372
Hidden: No
Window Visible: No

Name: C:\WINDOWS\agrsmmsg.exe
PID: 1988
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint2K\Apoint.exe
PID: 1956
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ThpSrv.exe
PID: 2088
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\00THotkey.exe
PID: 2164
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PID: 2788
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\TPSODDCtl.exe
PID: 2800
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\TFNF5.exe
PID: 2820
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PID: 2848
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\dllhost.exe
PID: 2872
Hidden: No
Window Visible: No

Name: C:\Program Files\Protector Suite QL\psqltray.exe
PID: 3652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 1900
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\TPSBattM.exe
PID: 1024
Hidden: No
Window Visible: No

Name: C:\WINDOWS\ehome\ehmsas.exe
PID: 3840
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
PID: 4092
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\Tvs\TvsTray.exe
PID: 2100
Hidden: No
Window Visible: No

Name: C:\Program Files\Apoint2K\ApntEx.exe
PID: 2132
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
PID: 2304
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\Wireless Hotkey\TosHKCW.exe
PID: 2564
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\TouchED\TouchED.exe
PID: 2212
Hidden: No
Window Visible: No

Name: C:\Program Files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PID: 2596
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\hkcmd.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\igfxpers.exe
PID: 3032
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PID: 3384
Hidden: No
Window Visible: No

Name: C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PID: 3292
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 3568
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PID: 3772
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PID: 4012
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe
PID: 2408
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIACA.EXE
PID: 2688
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 3476
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
PID: 536
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 1408
Hidden: No
Window Visible: No

Name: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PID: 4064
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\RAMASST.exe
PID: 676
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 1716
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4888
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 1544
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\notepad.exe
PID: 4128
Hidden: No
Window Visible: Yes

Name: C:\WINDOWS\system32\notepad.exe
PID: 4016
Hidden: No
Window Visible: Yes

Name: C:\Documents and Settings\Kelly\Desktop\SysProt\SysProt\SysProt.exe
PID: 1028
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \??\C:\Documents and Settings\Kelly\Desktop\SysProt\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A971E000
Module End: A9729000
Hidden: No

Module Name: \WINDOWS\system32\ntoskrnl.exe
Service Name: ---
Module Base: 804D7000
Module End: 806FF000
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806FF000
Module End: 8071FD00
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: F7B97000
Module End: F7B99000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: F7AA7000
Module End: F7AAA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: F7648000
Module End: F7676000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\WMILIB.SYS
Service Name: ---
Module Base: F7B99000
Module End: F7B9B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: F7637000
Module End: F7648000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: F7697000
Module End: F76A1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys
Service Name: ohci1394
Module Base: F76A7000
Module End: F76B7000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS
Service Name: ---
Module Base: F76B7000
Module End: F76C5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys
Service Name: Compbatt
Module Base: F7AAB000
Module End: F7AAE000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: F7AAF000
Module End: F7AB3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: F7C5F000
Module End: F7C60000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: F7917000
Module End: F791E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys
Service Name: Pcmcia
Module Base: F7619000
Module End: F7637000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: F76C7000
Module End: F76D2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: F75FA000
Module End: F7619000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmload.sys
Service Name: dmload
Module Base: F7B9B000
Module End: F7B9D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dmio.sys
Service Name: dmio
Module Base: F75D4000
Module End: F75FA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: F791F000
Module End: F7924000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: F76D7000
Module End: F76E4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: F75BC000
Module End: F75D4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: F76E7000
Module End: F76F0000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: F76F7000
Module End: F7704000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: F759C000
Module End: F75BC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: F758A000
Module End: F759C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: F7927000
Module End: F792C000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: F7573000
Module End: F758A000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: F74E6000
Module End: F7573000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: F74B9000
Module End: F74E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\TVALZ.SYS
Service Name: TVALZ
Module Base: F792F000
Module End: F7934000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Thpevm.SYS
Service Name: Thpevm
Module Base: F7B9D000
Module End: F7B9F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\thpdrv.sys
Service Name: Thpdrv
Module Base: F7707000
Module End: F7710000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: F749F000
Module End: F74B9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Service Name: ialm
Module Base: F6B7C000
Module End: F6C9A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: F6B68000
Module End: F6B7C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: F6B40000
Module End: F6B68000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\w39n51.sys
Service Name: w39n51
Module Base: F69E3000
Module End: F6B40000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Service Name: usbuhci
Module Base: F7A17000
Module End: F7A1D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: F69BF000
Module End: F69E3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: F7A1F000
Module End: F7A27000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\e100b325.sys
Service Name: E100B
Module Base: F6998000
Module End: F69BF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\tifm21.sys
Service Name: tifm21
Module Base: F6970000
Module End: F6998000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\sdbus.sys
Service Name: sdbus
Module Base: F695C000
Module End: F6970000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: F7777000
Module End: F7784000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: F7A27000
Module End: F7A2D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Service Name: ApfiltrService
Module Base: F6943000
Module End: F695C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: F7A2F000
Module End: F7A35000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
Service Name: tdcmdpst
Module Base: F7467000
Module End: F746B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: F7787000
Module End: F7792000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Service Name: AFS2K
Module Base: F7797000
Module End: F77A0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\iviaspi.sys
Service Name: Iviaspi
Module Base: F7A37000
Module End: F7A3D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pfc.sys
Service Name: Pfc
Module Base: F7463000
Module End: F7466000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: F77A7000
Module End: F77B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: F77B7000
Module End: F77C6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: F6920000
Module End: F6943000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: F77C7000
Module End: F77D1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: F745B000
Module End: F745F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Service Name: intelppm
Module Base: F77D7000
Module End: F77E0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: F7D3B000
Module End: F7D3C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: F6CFA000
Module End: F6D07000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: F6F89000
Module End: F6F8C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: F6909000
Module End: F6920000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: F6CEA000
Module End: F6CF5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: F6CDA000
Module End: F6CE6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: F7967000
Module End: F796C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: F68F8000
Module End: F6909000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: F6CCA000
Module End: F6CD3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: F796F000
Module End: F7974000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: F7977000
Module End: F797C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
Service Name: odysseyIM3
Module Base: F6CBA000
Module End: F6CC9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Service Name: rdpdr
Module Base: F68C8000
Module End: F68F8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: F6CAA000
Module End: F6CB4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: F7BD9000
Module End: F7BDB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: F686A000
Module End: F68C8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: F7B3B000
Module End: F7B3F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
Service Name: tbiosdrv
Module Base: F7B3F000
Module End: F7B42000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: F7857000
Module End: F7861000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ADIHdAud.sys
Service Name: ADIHdAudAddService
Module Base: AAF91000
Module End: AAFC0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: AAF6D000
Module End: AAF91000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: F7867000
Module End: F7876000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\AEAudio.sys
Service Name: AEAudioService
Module Base: AAF4D000
Module End: AAF6D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Tvs.sys
Service Name: Tvs
Module Base: F7887000
Module End: F7893000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tsxt_kern_i386.sys
Service Name: ---
Module Base: F797F000
Module End: F7987000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wowhd_kern_i386.sys
Service Name: ---
Module Base: F798F000
Module End: F7996000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\csiidecoder_kern_i386.sys
Service Name: ---
Module Base: F7897000
Module End: F78A0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Service Name: AgereSoftModem
Module Base: AAE3A000
Module End: AAF4D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: F7BE1000
Module End: F7BE3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: F7997000
Module End: F799F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: F78B7000
Module End: F78C6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: F7BE3000
Module End: F7BE5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: F7D69000
Module End: F7D6A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: F7BE5000
Module End: F7BE7000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: F79B7000
Module End: F79BD000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: F7BE7000
Module End: F7BE9000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: F7BE9000
Module End: F7BEB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\meiudf.sys
Service Name: meiudf
Module Base: AAD39000
Module End: AAD52000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Udfs.SYS
Service Name: Udfs
Module Base: AAD28000
Module End: AAD39000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: F79BF000
Module End: F79C4000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: F79C7000
Module End: F79CF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: F7B83000
Module End: F7B86000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: AAD15000
Module End: AAD28000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: AACBC000
Module End: AAD15000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: AACA3000
Module End: AACBC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: AAC7D000
Module End: AACA3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: AAC55000
Module End: AAC7D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: F78E7000
Module End: F78F0000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: AAC0B000
Module End: AAC2D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: F78F7000
Module End: F7900000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: AABE6000
Module End: AAC0B000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: F79D7000
Module End: F79DD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: AABBB000
Module End: AABE6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: AAB4B000
Module End: AABBB000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: F7757000
Module End: F7762000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: F79DF000
Module End: F79E5000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: AAAFA000
Module End: AAB4B000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\tcusb.sys
Service Name: TcUsb
Module Base: F7A07000
Module End: F7A0F000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: AAAE2000
Module End: AAAFA000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7C3B000
Module End: F7C3D000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: AAC2D000
Module End: AAC30000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: F79FF000
Module End: F7A04000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: F7DC8000
Module End: F7DC9000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
Service Name: FileDisk2
Module Base: F7737000
Module End: F7740000
Hidden: No

Module Name: \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
Service Name: FdRedir
Module Base: AAA0E000
Module End: AAA12000
Hidden: No

Module Name: \??\C:\Program Files\Protector Suite QL\smihlp.sys
Service Name: smihlp
Module Base: F7CA5000
Module End: F7CA6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tdudf.sys
Service Name: tdudf
Module Base: AA989000
Module End: AA9A2000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: F7747000
Module End: F7757000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: F7A77000
Module End: F7A7C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
Service Name: fssfltr
Module Base: AAAAA000
Module End: AAAB6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\s24trans.sys
Service Name: s24trans
Module Base: AA97D000
Module End: AA981000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: AA9F2000
Module End: AA9F6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netdevio.sys
Service Name: Netdevio
Module Base: AAACE000
Module End: AAAD1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: AA59C000
Module End: AA5C9000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Service Name: ASCTRM
Module Base: F7BD1000
Module End: F7BD3000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: AA2B3000
Module End: AA2F4000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: AA239000
Module End: AA28B000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: AA0BC000
Module End: AA0D1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: AA404000
Module End: AA413000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Service Name: SASENUM
Module Base: F7A8F000
Module End: F7A94000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: A8CAA000
Module End: A8CD5000
Hidden: No

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: AABEF0B0
Driver Base: AABE6000
Driver End: AAC0B000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: PsGetProcessWin32WindowStation
At Address: 804F41EC
Jump To: FD806070
Module Name: _unknown_

Hooked Function: PsGetProcessJob
At Address: 804F41EC
Jump To: FD806070
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: TOSHIBA-USER:1802
Remote Address: IY-IN-F137.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: TOSHIBA-USER:1792
Remote Address: IY-IN-F100.GOOGLE.COM:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: TOSHIBA-USER:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: TOSHIBA-USER:27015
Remote Address: LOCALHOST:1051
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: ESTABLISHED

Local Address: TOSHIBA-USER:27015
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
State: LISTENING

Local Address: TOSHIBA-USER:18080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: TOSHIBA-USER:13128
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: TOSHIBA-USER:10080
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
State: LISTENING

Local Address: TOSHIBA-USER:5354
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: LISTENING

Local Address: TOSHIBA-USER:5152
Remote Address: LOCALHOST:1787
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: CLOSE_WAIT

Local Address: TOSHIBA-USER:5152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jqs.exe
State: LISTENING

Local Address: TOSHIBA-USER:1051
Remote Address: LOCALHOST:27015
Type: TCP
Process: C:\Program Files\iTunes\iTunesHelper.exe
State: ESTABLISHED

Local Address: TOSHIBA-USER:1035
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\alg.exe
State: LISTENING

Local Address: TOSHIBA-USER:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: TOSHIBA-USER:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\system32\svchost.exe
State: LISTENING

Local Address: TOSHIBA-USER:5353
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: TOSHIBA-USER:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TOSHIBA-USER:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: TOSHIBA-USER:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: TOSHIBA-USER:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TOSHIBA-USER:1900
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TOSHIBA-USER:1749
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: TOSHIBA-USER:1707
Remote Address: NA
Type: UDP
Process: C:\Program Files\Internet Explorer\iexplore.exe
State: NA

Local Address: TOSHIBA-USER:1041
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TOSHIBA-USER:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\svchost.exe
State: NA

Local Address: TOSHIBA-USER:65324
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: TOSHIBA-USER:4500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: TOSHIBA-USER:3776
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\ehome\mcrdsvc.exe
State: NA

Local Address: TOSHIBA-USER:1025
Remote Address: NA
Type: UDP
Process: C:\Program Files\Bonjour\mDNSResponder.exe
State: NA

Local Address: TOSHIBA-USER:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\system32\lsass.exe
State: NA

Local Address: TOSHIBA-USER:MICROSOFT-DS
Remote Address: NA
Type: UDP
Process: System
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information\_restore{D4FC4288-AED1-478C-B27D-F4DBE4700DFF}
Status: Access denied

THANKS!
mutiger17
Active Member
 
Posts: 9
Joined: August 1st, 2009, 11:52 pm

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby jmw3 » August 8th, 2009, 1:14 am

Hi
MRU P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.1.2

I'd like you to read the MRU policy for P2P Programs.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.
Once this done run RSIT once more using these instructions:
  • Ensure rsit.exe is on your desktop
  • Click the Windows Start then Run
  • Copy/paste the following into the run box & click OK
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • Copy & paste the contents of both logs in your next reply
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby mutiger17 » August 8th, 2009, 10:03 pm

LIMEWIRE REMOVED. PLEASE CONTINUE. THANKS!

Logfile of random's system information tool 1.06 (written by random/random)
Run by Kelly at 2009-07-08 21:01:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 55 GB (58%) free of 95 GB
Total RAM: 1015 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:21 PM, on 7/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Kelly\Desktop\SysProt\SysProt\SysProt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kelly\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kelly.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AAF0B-1059-43C5-852B-91678C90C1C1} - \
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\wbwxllig.dll",sitypnow
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Auto NICKS PRINTER on HOME] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "Auto NICKS PRINTER on HOME" /O20 "\\HOME\NICKS PRINTER" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://www.candystand.com/play.do?id=18036"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.5.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2925175437
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://kmanywhere.kohls.com/InternalSi ... ompMgr.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: byxxuss - byxxuss.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9899c860cf28e) (gupdate1c9899c860cf28e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 14779 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\HP DArC Task #Hewlett-Packard#hp psc 1300 series#1186546666.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{385AAF0B-1059-43C5-852B-91678C90C1C1}]
\ []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-17 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-06 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-12-13 88204]
"Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2006-05-05 30208]
"ThpSrv"=thpsrv /logon []
"00THotkey"=C:\WINDOWS\system32\00THotkey.exe [2006-07-05 258048]
"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2006-04-24 315392]
"TPSODDCtl"=C:\WINDOWS\system32\TPSODDCtl.exe [2006-04-24 110592]
"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2006-03-16 593920]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"TOSDCR"=C:\WINDOWS\system32\TOSDCR.EXE [2005-12-13 57344]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]
"TFncKy"=TFncKy.exe []
"TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2005-05-17 49152]
"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2005-06-28 126976]
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-06-30 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-06-30 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-06-30 118784]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"EPSON Stylus CX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-07 98304]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-06-26 212992]
"DXDllRegExe"=dxdllreg.exe []
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"SearchIndexer"=C:\WINDOWS\system32\wbwxllig.dll,sitypnow []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-02 1948440]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-03-26 177472]
"Auto NICKS PRINTER on HOME"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-07 98304]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-06 1830128]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-06 39408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
ImageMixer 3 SE Camera Monitor Ver.5.lnk - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-01-01 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-02 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byxxuss]
byxxuss.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-06-30 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-05-05 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-23 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\\WINDOWS\\system32\\ssqpo
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\dwunxxob.exe"="C:\WINDOWS\system32\dwu"
"C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Enabled:SAgent4"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac501fc8-22e3-11dc-9b82-0015b7851e56}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-08-01 22:33:39 ----SHD---- C:\Config.Msi
2009-07-31 22:38:34 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-29 13:45:50 ----D---- C:\Program Files\SoundTells
2009-07-16 23:54:24 ----D---- C:\Documents and Settings\All Users\Application Data\PIXELA
2009-07-15 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-12 00:09:44 ----D---- C:\Documents and Settings\All Users\Application Data\PopCap
2009-07-07 20:48:38 ----D---- C:\rsit
2009-06-25 20:09:32 ----D---- C:\Program Files\Snood 4
2009-06-22 23:50:23 ----A---- C:\WINDOWS\system32\lfgif13n.dll
2009-06-22 23:50:23 ----A---- C:\WINDOWS\system32\lfbmp13n.dll
2009-06-11 13:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 13:40:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 13:36:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 13:36:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 1 months======

2009-08-01 22:34:26 ----SHD---- C:\WINDOWS\Installer
2009-08-01 22:34:11 ----D---- C:\Program Files
2009-08-01 22:33:41 ----D---- C:\Program Files\Common Files\SupportSoft
2009-08-01 22:27:13 ----SHD---- C:\WINDOWS\system32
2009-07-31 22:38:35 ----HD---- C:\WINDOWS\inf
2009-07-31 22:38:35 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-31 22:37:58 ----A---- C:\WINDOWS\win.ini
2009-07-31 22:35:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-31 22:31:24 ----D---- C:\Program Files\Internet Explorer
2009-07-31 22:31:22 ----D---- C:\WINDOWS\ie8updates
2009-07-31 22:30:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-31 22:30:19 ----D---- C:\WINDOWS\system32\drivers
2009-07-31 22:30:18 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-31 22:25:44 ----D---- C:\Documents and Settings\Kelly\Application Data\LimeWire
2009-07-31 16:54:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-29 03:01:42 ----A---- C:\WINDOWS\imsins.BAK
2009-07-29 03:00:25 ----D---- C:\WINDOWS\WinSxS
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 08:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-15 03:05:03 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-12 22:47:48 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-12 00:09:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-09 19:05:29 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-09 18:56:11 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-09 18:51:11 ----RSD---- C:\WINDOWS\assembly
2009-07-09 18:47:01 ----RSD---- C:\WINDOWS\Fonts
2009-07-09 18:46:23 ----D---- C:\Program Files\Microsoft Works
2009-07-08 21:01:18 ----D---- C:\WINDOWS\Prefetch
2009-07-08 21:01:15 ----D---- C:\WINDOWS\Temp
2009-07-08 21:00:42 ----D---- C:\Program Files\LimeWire
2009-07-08 15:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-08 13:34:12 ----D---- C:\Program Files\Whale Communications
2009-07-08 13:28:20 ----SD---- C:\WINDOWS\Tasks
2009-07-08 12:12:32 ----HD---- C:\$AVG8.VAULT$
2009-07-08 00:12:29 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-07 11:03:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-07 10:59:52 ----D---- C:\WINDOWS\Registration
2009-07-07 10:59:48 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-07-07 10:59:32 ----D---- C:\WINDOWS
2009-07-07 10:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-06 23:14:43 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-06 23:11:23 ----D---- C:\WINDOWS\Minidump
2009-07-03 12:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 12:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 12:09:27 ----A---- C:\WINDOWS\system32\occache.dll
2009-07-03 12:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 12:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 12:09:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 12:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 12:09:23 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 12:09:21 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 06:01:06 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-07-02 08:16:53 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 09:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-11 13:41:15 ----D---- C:\Program Files\Microsoft Office

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-04 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-02 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-08 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-06-23 21275]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-18 8552]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-02-28 176128]
R3 AEAudioService;AEAudio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2005-03-04 127872]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-12-13 1124097]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-05-08 101833]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2007-11-16 165496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-06-30 1169980]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2003-05-14 62673]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SysProtDrv.sys;SysProtDrv.sys; \??\C:\Documents and Settings\Kelly\Desktop\SysProt\SysProt\SysProtDrv.sys []
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2006-04-01 471264]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\CBTNDIS5.SYS []
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-03-21 179200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-08-11 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-08-11 21488]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0; C:\WINDOWS\system32\DRIVERS\tnet1130x.sys []
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-26 132424]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-02 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 Thpsrv;TOSHIBA HDD Protection; C:\WINDOWS\system32\ThpSrv.exe [2005-12-20 176128]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c9899c860cf28e;Google Update Service (gupdate1c9899c860cf28e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-08-11 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
mutiger17
Active Member
 
Posts: 9
Joined: August 1st, 2009, 11:52 pm

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby jmw3 » August 8th, 2009, 10:37 pm

Hi

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
New HijackThis log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby mutiger17 » August 9th, 2009, 9:45 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:15 PM, on 7/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385AAF0B-1059-43C5-852B-91678C90C1C1} - \
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Auto NICKS PRINTER on HOME] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "Auto NICKS PRINTER on HOME" /O20 "\\HOME\NICKS PRINTER" /M "Stylus CX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.5.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2925175437
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://kmanywhere.kohls.com/InternalSi ... ompMgr.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9899c860cf28e) (gupdate1c9899c860cf28e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 13592 bytes

ComboFix 09-08-09.04 - Kelly 07/09/2009 20:24.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.431 [GMT -5:00]
Running from: c:\documents and settings\Kelly\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
c:\program files\outlook
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\xOe
c:\windows\cookies.ini
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\Installer\268d821.msi
c:\windows\kb913800.exe
c:\windows\system32\bszip.dll
c:\windows\system32\cmd.com
c:\windows\system32\gillxwbw.ini
c:\windows\system32\netstat.com
c:\windows\system32\opqss.bak2
c:\windows\system32\pac.txt
c:\windows\system32\ping.com
c:\windows\system32\taskkill.com
c:\windows\system32\tasklist.com
c:\windows\system32\tracert.com
c:\windows\system32\vMW04a
c:\windows\system32\Y1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-08-01 03:48 . 2009-07-10 01:33 117760 ----a-w- c:\documents and settings\Kelly\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-29 18:45 . 2009-07-29 18:45 -------- d-----w- c:\program files\SoundTells
2009-07-17 04:54 . 2009-07-17 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PIXELA
2009-07-12 05:09 . 2009-07-12 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-07-08 01:48 . 2009-07-08 01:48 -------- d-----w- C:\rsit
2009-07-07 04:20 . 2009-07-07 04:20 152576 ----a-w- c:\documents and settings\Kelly\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-06-26 01:09 . 2009-06-26 01:16 -------- d-----w- c:\program files\Snood 4
2009-06-23 04:50 . 2004-05-14 21:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2009-06-23 04:50 . 2003-11-04 20:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2009-06-16 14:36 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-06-15 01:22 . 2009-06-15 01:22 152576 ----a-w- c:\documents and settings\Kelly\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 04:52 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-11 04:52 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 03:33 . 2008-07-19 18:47 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-08-01 03:25 . 2007-07-03 06:18 -------- d-----w- c:\documents and settings\Kelly\Application Data\LimeWire
2009-07-31 21:54 . 2008-01-22 04:48 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 05:39 . 2007-06-24 04:36 73472 ----a-w- c:\documents and settings\Kelly\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 08:05 . 2007-06-27 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-13 03:47 . 2007-06-25 04:02 686 ----a-w- c:\documents and settings\Kelly\Application Data\wklnhst.dat
2009-07-10 14:20 . 2006-08-19 02:16 73472 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 23:46 . 2006-08-19 01:16 -------- d-----w- c:\program files\Microsoft Works
2009-07-09 22:36 . 2007-07-06 05:35 1915520 ----a-w- c:\documents and settings\Kelly\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-09 06:13 . 2009-04-06 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-09 02:00 . 2007-07-03 06:18 -------- d-----w- c:\program files\LimeWire
2009-07-08 18:34 . 2007-10-12 16:15 -------- d-----w- c:\program files\Whale Communications
2009-07-07 04:14 . 2008-01-27 16:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-04 14:13 . 2008-06-23 12:36 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-03 17:09 . 2006-08-18 23:48 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 13:16 . 2008-06-23 12:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 13:16 . 2007-09-29 16:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2006-08-18 23:48 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-08-18 23:47 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-03 19:09 . 2006-08-18 23:48 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 02:14 . 2009-06-01 02:14 -------- d-----w- c:\documents and settings\Kelly\Application Data\ZoomBrowser EX
2009-06-01 01:57 . 2009-06-01 01:55 -------- d-----w- c:\program files\Canon
2009-06-01 01:56 . 2009-06-01 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-06-01 01:54 . 2009-06-01 01:54 -------- d-----w- c:\program files\Common Files\Canon
2009-06-01 01:42 . 2006-08-19 01:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-01 01:32 . 2009-06-01 01:32 -------- d-----w- c:\program files\PIXELA
2009-05-26 17:35 . 2008-03-22 04:01 -------- d-----w- c:\program files\Safari
2009-05-25 04:10 . 2006-08-19 02:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-05-21 23:02 . 2006-08-19 02:51 -------- d-----w- c:\program files\Google
2009-05-08 14:17 . 2009-02-04 15:14 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-07 15:32 . 2006-08-18 23:47 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 2006-08-18 23:48 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2006-08-18 23:48 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-15 03:33 . 2009-04-15 03:33 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{385AAF0B-1059-43C5-852B-91678C90C1C1}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-07-07 1830128]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2006-07-05 258048]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152]
"TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-30 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-30 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-30 118784]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-06-26 212992]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"Auto NICKS PRINTER on HOME"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-12-13 88204]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2006-04-25 315392]
"TPSODDCtl"="TPSODDCtl.exe" - c:\windows\system32\TPSODDCtl.exe [2006-04-25 110592]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2006-03-17 593920]
"TOSDCR"="TOSDCR.EXE" - c:\windows\system32\TOSDCR.exe [2005-12-13 57344]
"TFncKy"="TFncKy.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-7-7 233472]
ImageMixer 3 SE Camera Monitor Ver.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.5\Transfer Utility\CameraMonitor.exe [2009-5-31 253952]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-18 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 15:47 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 13:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/28/2004 1:31 AM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [8/18/2006 9:17 PM 6528]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/23/2008 7:36 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/4/2009 10:14 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 74480]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/23/2008 7:36 AM 298776]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 8:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 7:59 PM 33024]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2/4/2009 9:32 AM 55136]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 7:33 PM 3456]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 1:50 PM 98816]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 9:19 PM 13592]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
S2 gupdate1c9899c860cf28e;Google Update Service (gupdate1c9899c860cf28e);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2009 10:22 PM 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [12/8/2008 6:01 PM 533344]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\Kelly\Desktop\SysProt\SysProt\SysProtDrv.sys [7/7/2009 8:51 PM 44288]
S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys --> c:\windows\system32\DRIVERS\tnet1130x.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2009-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-06 23:53]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 03:22]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-08 03:22]

2009-07-08 c:\windows\Tasks\HP DArC Task 2003-06-26 13:16ewlett-Packard2003-06-26 13:16p psc 1300 seriesA3652443A372B157BFD83129692C2C2475483DE7186546666.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-06-26 23:50]

2009-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Comcast Install 1.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.04506.30;
HKLM-Run-DXDllRegExe - dxdllreg.exe
Notify-byxxuss - byxxuss.dll


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 20:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP000000445A2E152BE64C8739

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1176)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1232)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(3476)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\windows\system32\ThpSrv.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-10 20:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-10 01:37

Pre-Run: 57,507,782,656 bytes free
Post-Run: 57,585,676,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /forceresetreg

304 --- E O F --- 2009-07-07 04:25
mutiger17
Active Member
 
Posts: 9
Joined: August 1st, 2009, 11:52 pm

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby jmw3 » August 9th, 2009, 11:31 pm

Hi

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
O2 - BHO: (no name) - {385AAF0B-1059-43C5-852B-91678C90C1C1} - \
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.
OTM
Download OTM by OldTimer Here & save it to your desktop.
  • Double click on OTM.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error
Code: Select all
:Files
c:\documents and settings\All Users\Application Data\PopCap
c:\documents and settings\Kelly\Application Data\LimeWire
c:\program files\LimeWire
:Commands
[Purity]
[EmptyTemp]
[Reboot]

  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 14.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 14. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the Download button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel
Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
To post in next reply:
OTM log
Kaspersky Scan log
New HijackThis log
Update on how the computer is running / problems
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby mutiger17 » August 13th, 2009, 12:33 am

COMPUTER SEEMS TO BE RUNNING FASTER. ATTEMPTED TO RUN THE KASPERSKY 7.0, AND THE UPDATE PORTION KEPT FAILING AND WOULD NEVER LET ME SCAN.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:48 PM, on 7/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2925175437
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Whale Client Components) - https://kmanywhere.kohls.com/InternalSi ... ompMgr.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9899c860cf28e) (gupdate1c9899c860cf28e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 12937 bytes

OTM LOG

All processes killed
========== FILES ==========
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2\sounds\stream moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2\sounds moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2\puzzles moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2\images\upsell moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2\images\mainmenubkg moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2\images\backdrops moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2\images moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2\data moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone\bejeweled2 moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader\zone moved successfully.
c:\documents and settings\All Users\Application Data\PopCap\PopCapLoader moved successfully.
c:\documents and settings\All Users\Application Data\PopCap moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\xml\schemas moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\xml\misc moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\xml\data moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\xml moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\themes\windows_theme moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\themes\other_theme moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\themes\limewire_theme moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\themes\classic_theme moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\themes\black_theme moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\themes moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\promotion moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\mozilla-profile\updates\0 moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\mozilla-profile\updates moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\mozilla-profile\extensions moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\mozilla-profile\Cache moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\mozilla-profile moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\certificate moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\res\html moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\res\fonts moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\res\entityTables moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\res\dtd moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\res moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\plugins moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\modules moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\greprefs moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\dictionaries moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\defaults\profile\US\chrome moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\defaults\profile\US moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\defaults\profile\chrome moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\defaults\profile moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\defaults\pref moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\defaults\autoconfig moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\defaults moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\components moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner\chrome moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser\xulrunner moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\browser moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\.NetworkShare\Incomplete moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\.NetworkShare moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire\.AppSpecialShare moved successfully.
c:\documents and settings\Kelly\Application Data\LimeWire moved successfully.
c:\program files\LimeWire\lib moved successfully.
c:\program files\LimeWire moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kelly
->Temp folder emptied: 333215 bytes
File delete failed. C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 52494641 bytes
->Java cache emptied: 13425380 bytes
->Apple Safari cache emptied: 51879 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 5320 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 9324 bytes
RecycleBin emptied: 12233780 bytes

Total Files Cleaned = 74.99 mb


OTM by OldTimer - Version 3.0.0.6 log created on 07122009_223037

Files moved on Reboot...

Registry entries deleted on Reboot...
mutiger17
Active Member
 
Posts: 9
Joined: August 1st, 2009, 11:52 pm

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby jmw3 » August 13th, 2009, 3:57 am

Hi

There is a problem with Kaspersky Online scanner at the moment. Kaspersky are looking in to it. Try this one:
ESET Online Scanner
Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby mutiger17 » August 13th, 2009, 12:01 pm

ESET LOG: VIRUSES FOUND!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6048
# api_version=3.0.2
# EOSSerial=735880956833ce478a79819c28fd83f0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-07-13 03:53:53
# local_time=2009-07-13 10:53:53 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1026 21 83 100 0
# compatibility_mode=5889 61 66 100 719292439843750
# scanned=86912
# found=3
# cleaned=0
# scan_time=3886
C:\Qoobox\Quarantine\C\WINDOWS\system32\gillxwbw.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\opqss.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\WINDOWS\system32\3587.bat BAT/KillFiles.NAM trojan 00000000000000000000000000000000 I
mutiger17
Active Member
 
Posts: 9
Joined: August 1st, 2009, 11:52 pm

Re: MEDIAPLAYERUPGRADE.EXE

Unread postby jmw3 » August 13th, 2009, 12:23 pm

Hi
OTM
  • Double click on OTM.exe to run it
  • Copy & paste the contents of the Code box below into Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error
Code: Select all
:Files
C:\WINDOWS\system32\3587.bat
:Commands
[Purity]
[EmptyTemp]
[Reboot]

  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

To post in next reply:
OTM log
New HijackThis log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware