Inactive [InActive] Startup problems in XP

I got hit with some kind of Trojan a week or so ago. I feel pretty confident that it's all cleaned up with TrendMicro Housecall. I don't remember what virus it was, unfortunately. However, I guess I probably deleted some kind of corrupted system file in the process, so now I can't start Windows except in Safe Mode. It loads up fine right up to the point at which it would normally go to the login screen. It BSODs for like a second and then goes back to the loading screen before prompting me to start it in Safe Mode. I tried starting it with Last Known Good configuration, but the same thing happened. Any idea what the problem is? If I need a dll file or something, do I have to have the XP disc or can I download it from somewhere?

Thanks.

 

I realize you had already "cleaned" your system but I would suggest posting this in "malware and Virus Removal" after following these instructions.

Also, posting a debug log would be helpful. look here

 

I downloaded RSIT and the Windows Debugging program. I can run RSIT fine, but when I try to open the installer for the Windows Debugger, a notification pops up that says "The system administrator has set policies to prevent this installation. "

Here's my RSIT log:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Aram! at 2008-11-03 02:01:10
Microsoft Windows XP Professional Service Pack 2
System drive C: has 52 GB (55%) free of 95 GB
Total RAM: 1014 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:18 AM, on 11/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aram!\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Aram!.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe "
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7558 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [2007-11-28 327759]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HWSetup "=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"SVPWUTIL "=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536]
"Tvs "=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"CeEKEY "=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-12-01 671744]
"PadTouch "=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-07-15 1077322]
"SmoothView "=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"TPNF "=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-12-13 53248]
"VirusScan Online "=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt "=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-12 53248]
"MCAgentExe "=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe "=c:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"IntelZeroConfig "=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless "=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"WinampAgent "=C:\Program Files\Winamp\wianmpa.exe []
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-17 185896]
"UserFaultCheck "=C:\WINDOWS\system32\dumprep 0 -u []
"PSQLLauncher "=C:\Program Files\Protector Suite QL\launcher.exe [2006-01-13 30208]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
"ZoomingHook "=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576]
"VSOCheckTask "=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"TPSMain "=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"TFncKy "=TFncKy.exe []
"TDispVol "=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"TCtryIOHook "=C:\WINDOWS\system32\TCtrlIOHook.exe [2006-01-03 28672]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2005-12-09 15691264]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Pinger "=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"NDSTray.exe "=NDSTray.exe []
"NBKeyScan "=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1 "=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"ehTray "=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"DLA "=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]
"CFSServ.exe "=CFSServ.exe -NoClient []
"Apoint "=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]
"Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"brastk "=brastk.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"SVCHOST.EXE "=C:\WINDOWS\system32\drivers\svchost.exe [2008-10-26 31232]
"brastk "=C:\WINDOWS\system32\brastk.exe []
"Aim6 "= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "karna.dat "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-01-13 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-10 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2006-09-28 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages "=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDSSserv.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\TOSHIBA\ivp\NetInt\Netint.exe "= "C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine "
"C:\TOSHIBA\Ivp\ISM\pinger.exe "= "C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe "= "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon "
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe "= "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed "
"C:\Program Files\Common Files\AOL\1140473335\EE\AOLServiceHost.exe "= "C:\Program Files\Common Files\AOL\1140473335\EE\AOLServiceHost.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\System Information\sinf.exe "= "C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe "= "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe "= "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe "= "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Soulseek\slsk.exe "= "C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek "
"C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe "= "C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe:*:Enabled:burst! download engine "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"C:\Program Files\Internet Explorer\IEXPLORE.EXE "= "C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer "
"C:\Program Files\DC++\DCPlusPlus.exe "= "C:\Program Files\DC++\DCPlusPlus.exe:*:EnabledC++ "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\Program Files\Winamp\winamp.exe "= "C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp "
"C:\Program Files\Real\RealPlayer\realplay.exe "= "C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer "
"C:\WINDOWS\system32\dpvsetup.exe "= "C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test "
"C:\WINDOWS\system32\rundll32.exe "= "C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Windows Media Player\wmplayer.exe "= "C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe "= "C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*isabled:Adobe Photoshop Elements Media Server "
"C:\Program Files\Pando Networks\Pando\pando.exe "= "C:\Program Files\Pando Networks\Pando\pando.exe:*isabledando "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Soulseek-Test\slsk.exe "= "C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek "
"C:\Program Files\Last.fm\LastFM.exe "= "C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm "
"C:\Documents and Settings\Aram!\Desktop\DCPlusPlus.exe "= "C:\Documents and Settings\Aram!\Desktop\DCPlusPlus.exe:*:EnabledC++ "
"C:\WINDOWS\system32\fxsclnt.exe "= "C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console "
"C:\WINDOWS\system32\drivers\svchost.exe "= "C:\WINDOWS\system32\drivers\svchost.exe:*isabled:svchost "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "

======List of files/folders created in the last 3 months======

2008-11-03 02:00:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-11-03 01:49:02 ----D---- C:\rsit
2008-10-29 07:23:39 ----SHD---- C:\WINDOWS\CSC
2008-10-29 03:09:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-29 03:05:07 ----A---- C:\WINDOWS\system32\TDSSqhrx.dll
2008-10-29 03:05:06 ----A---- C:\WINDOWS\system32\TDSScpvl.dll
2008-10-28 17:17:00 ----D---- C:\Mp3 Output
2008-10-28 17:16:57 ----A---- C:\WINDOWS\system32\NCMedia.dll
2008-10-28 17:16:57 ----A---- C:\WINDOWS\system32\libmp3lame-0.dll
2008-10-28 17:16:56 ----D---- C:\Program Files\Smallvideosoft
2008-10-26 04:15:26 ----A---- C:\WINDOWS\system32\wini10801.exe
2008-10-26 03:04:19 ----A---- C:\WINDOWS\system32\TDSSoiqh.dll
2008-10-26 03:03:12 ----A---- C:\WINDOWS\system32\delself.bat
2008-10-26 02:58:10 ----A---- C:\WINDOWS\system32\TDSSubwj.dll
2008-10-26 02:58:05 ----A---- C:\WINDOWS\system32\TDSSoicv.dll
2008-10-24 02:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-19 21:49:16 ----D---- C:\Program Files\Trend Micro
2008-10-19 21:35:02 ----D---- C:\WINDOWS\pss
2008-10-15 02:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 02:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-09-19 16:55:58 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-09-19 16:55:58 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-09-10 02:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 02:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-29 19:49:11 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-15 02:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 02:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 02:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 02:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 02:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 02:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 02:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-15 02:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-09 22:03:14 ----D---- C:\Program Files\Sonic Foundry
2008-08-09 22:02:35 ----D---- C:\Program Files\Sonic Foundry Setup
2008-08-09 21:52:08 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2008-08-09 21:52:08 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2008-08-09 21:51:34 ----D---- C:\Program Files\Microsoft SQL Server
2008-08-09 21:51:16 ----D---- C:\Documents and Settings\Aram!\Application Data\Sony
2008-08-09 21:50:56 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-08-09 21:50:12 ----D---- C:\Program Files\Vstplugins
2008-08-09 21:49:23 ----D---- C:\Program Files\Sony
2008-08-09 21:48:23 ----D---- C:\Program Files\Sony Setup
2008-08-09 21:11:06 ----D---- C:\Program Files\ggseq-0.3.1
2008-08-09 20:02:48 ----D---- C:\Program Files\Audacity
2008-08-08 19:44:06 ----A---- C:\WINDOWS\gwpreset.ini
2008-08-08 19:44:06 ----A---- C:\WINDOWS\goldwave.ini
2008-08-08 19:34:19 ----D---- C:\Program Files\GoldWave
2008-08-05 02:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-05 02:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-05 02:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-05 02:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-05 02:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-08-05 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

======List of files/folders modified in the last 3 months======

2008-11-03 02:00:34 ----D---- C:\WINDOWS\system32
2008-11-03 01:57:50 ----D---- C:\Program Files\Mozilla Firefox
2008-11-03 00:48:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-03 00:43:00 ----ASH---- C:\boot.ini
2008-11-03 00:43:00 ----A---- C:\WINDOWS\win.ini
2008-11-03 00:43:00 ----A---- C:\WINDOWS\system.ini
2008-11-03 00:42:44 ----HD---- C:\WINDOWS\inf
2008-10-30 21:28:08 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 21:47:38 ----D---- C:\Documents and Settings\Aram!\Application Data\toshiba
2008-10-29 21:47:37 ----SD---- C:\Documents and Settings\Aram!\Application Data\Microsoft
2008-10-29 21:44:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 15:15:29 ----D---- C:\WINDOWS
2008-10-29 03:45:42 ----D---- C:\WINDOWS\Temp
2008-10-29 03:06:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 03:06:18 ----D---- C:\Program Files\DC++
2008-10-28 17:17:21 ----D---- C:\WINDOWS\Prefetch
2008-10-28 17:16:56 ----D---- C:\Program Files
2008-10-26 15:57:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-26 03:06:22 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-10-26 03:05:36 ----D---- C:\WINDOWS\system32\DLA
2008-10-26 02:59:19 ----D---- C:\Program Files\DivX
2008-10-24 02:00:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-19 23:28:16 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-19 16:01:48 ----D---- C:\WINDOWS\system32\Lang
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:05:07 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 02:01:15 ----D---- C:\Program Files\Internet Explorer
2008-10-08 00:56:49 ----D---- C:\Program Files\Last.fm
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-22 12:54:38 ----D---- C:\Documents and Settings\Aram!\Application Data\Adobe
2008-09-10 02:01:28 ----D---- C:\WINDOWS\WinSxS
2008-09-04 01:19:13 ----D---- C:\WINDOWS\Help
2008-09-02 21:24:13 ----D---- C:\Documents and Settings\Aram!\Application Data\Mozilla
2008-08-31 20:19:02 ----D---- C:\Program Files\Soulseek
2008-08-29 20:16:38 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-29 19:49:11 ----D---- C:\WINDOWS\Debug
2008-08-20 00:33:20 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\browseui.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\danim.dll
2008-08-20 00:33:17 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-08-19 04:20:32 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-08-15 02:03:46 ----D---- C:\Program Files\Messenger
2008-08-14 04:55:01 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 04:18:46 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-09 22:03:28 ----SHD---- C:\WINDOWS\Installer
2008-08-09 21:52:07 ----HD---- C:\Program Files\Uninstall Information
2008-08-09 21:51:03 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
S1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-12-01 11264]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-13 21275]
S2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
S2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
S2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
S2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
S2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
S2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
S2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
S2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
S2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
S2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
S2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
S2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
S3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-10 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-10 71552]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-09-18 16640]
S3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-01-13 28800]
S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
S3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
S2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
S2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
S2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2006-09-28 204800]
S2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
S2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
S2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
S2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
S2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
S2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
S2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
S2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

Hi aramkolesar
Welcome to WindowsBBS

You still have some nasties on here.

Please do the following.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum.

Please post the SDFix log and a New RSIT log.txt.

Thanks
Geri

 

SDFix log:


SDFix: Version 1.239
Run by Aram! on Tue 11/04/2008 at 06:05 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Rootkit Found :
C:\WINDOWS\system32\drivers\TDSSmvpt.sys - Rootkit.Win32.Agent.cku
C:\WINDOWS\system32\drivers\TDSSpqxt.sys - Rootkit.Win32.Agent.cku

Name :
TDSSserv.sys
TDSSserv.sys)

Path :
\systemroot\system32\drivers\TDSSpqxt.sys
\systemroot\system32\drivers\TDSSmvpt.sys

TDSSserv.sys - Deleted
TDSSserv.sys) - Deleted



Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\wini10801.exe - Deleted
C:\Documents and Settings\Aram!\Favorites\Online Security Test.url - Deleted
C:\WINDOWS\system32\av.dat - Deleted
C:\WINDOWS\system32\delself.bat - Deleted
C:\WINDOWS\system32\drivers\svchost.exe - Deleted
C:\WINDOWS\system32\drivers\TDSSmvpt.sys - Deleted
C:\WINDOWS\system32\drivers\TDSSpqxt.sys - Deleted
C:\WINDOWS\system32\TDSSoicv.dll - Deleted
C:\WINDOWS\system32\TDSSubwj.dll - Deleted
C:\WINDOWS\system32\TDSSoiqh.dll - Deleted
C:\WINDOWS\system32\TDSScpvl.dll - Deleted
C:\WINDOWS\system32\TDSSqhrx.dll - Deleted
C:\WINDOWS\SYSTEM32\TDSSUBWJ.dll - Deleted
C:\WINDOWS\SYSTEM32\TDSSOICV.dll - Deleted
C:\WINDOWS\system32\TDSSmryl.dat - Deleted
C:\WINDOWS\system32\TDSSndep.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSMRYL.dat - Deleted
C:\WINDOWS\SYSTEM32\TDSSNDEP.dat - Deleted
C:\WINDOWS\system32\TDSSvubl.log - Deleted
C:\WINDOWS\SYSTEM32\TDSSVUBL.log - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 18:19:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3EA00C54-B608-9B9E-01F7-0930BD0F077A}]
"iankchfodelbemicje "=hex:6b,61,6b,6d,65,65,70,63,70,66,6f,6b,69,67,6a,70,70,67,66,63,63,..
"halkinpnkgmhphof "=hex:6b,61,6b,6d,65,65,70,63,70,66,6f,6b,69,67,6a,70,70,67,66,63,63,..
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74C59AC8-670E-DED1-7E39-F7212925584B}]
"iajmednpbkoffkmjhp "=hex:6a,61,6f,70,6f,6e,6d,66,64,62,6a,67,67,6c,66,63,6b,65,6a,63,00,..
"hahnkhololfhmdif "=hex:6a,61,6f,70,6f,6e,6d,66,64,62,6a,67,67,6c,66,63,6b,65,6a,63,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "= "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine "
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= "C:\\TOSHIBA\\IVP\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger "
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "= "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL "
"C:\\Program Files\\America Online 9.0\\waol.exe "= "C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon "
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "= "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed "
"C:\\Program Files\\Common Files\\AOL\\1140473335\\EE\\AOLServiceHost.exe "= "C:\\Program Files\\Common Files\\AOL\\1140473335\\EE\\AOLServiceHost.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "= "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "= "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "= "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL "
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "= "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\Soulseek\\slsk.exe "= "C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek "
"C:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe "= "C:\\Program Files\\burst\\core-new1.1.3\\btdownloadheadless.exe:*:Enabled:burst! download engine "
"C:\\Program Files\\Azureus\\Azureus.exe "= "C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus "
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE "= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer "
"C:\\Program Files\\DC++\\DCPlusPlus.exe "= "C:\\Program Files\\DC++\\DCPlusPlus.exe:*:EnabledC++ "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\\Program Files\\Winamp\\winamp.exe "= "C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp "
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe "= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer "
"C:\\WINDOWS\\system32\\dpvsetup.exe "= "C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test "
"C:\\WINDOWS\\system32\\rundll32.exe "= "C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App "
"C:\\Program Files\\Mozilla Firefox\\firefox.exe "= "C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox "
"C:\\Program Files\\Windows Media Player\\wmplayer.exe "= "C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player "
"C:\\Program Files\\AIM6\\aim6.exe "= "C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM "
"C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe "= "C:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe:*isabled:Adobe Photoshop Elements Media Server "
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe "= "C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*isabledando "
"C:\\Program Files\\LimeWire\\LimeWire.exe "= "C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire "
"C:\\Program Files\\Soulseek-Test\\slsk.exe "= "C:\\Program Files\\Soulseek-Test\\slsk.exe:*:Enabled:SoulSeek "
"C:\\Program Files\\Last.fm\\LastFM.exe "= "C:\\Program Files\\Last.fm\\LastFM.exe:*:Enabled:Last.fm "
"C:\\Documents and Settings\\Aram!\\Desktop\\DCPlusPlus.exe "= "C:\\Documents and Settings\\Aram!\\Desktop\\DCPlusPlus.exe:*:EnabledC++ "
"C:\\WINDOWS\\system32\\fxsclnt.exe "= "C:\\WINDOWS\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console "
"C:\\WINDOWS\\system32\\drivers\\svchost.exe "= "C:\\WINDOWS\\system32\\drivers\\svchost.exe:*isabled:svchost "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\AIM\\aim.exe "= "C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger "

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 18 Aug 2005 54,872 A..H. --- "C:\Program Files\America Online 9.0\AOLphx.exe "
Thu 18 Aug 2005 31,832 A..H. --- "C:\Program Files\America Online 9.0\rbm.exe "
Wed 14 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak "
Sat 3 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp "
Fri 23 Jun 2006 11,115 A.SH. --- "C:\Documents and Settings\Aram!\My Documents\My Music\License Backup\drmv2key.bak "

Finished!

 

RSIT log:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Aram! at 2008-11-04 18:29:09
Microsoft Windows XP Professional Service Pack 2
System drive C: has 53 GB (55%) free of 95 GB
Total RAM: 1014 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:29:20 PM, on 11/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aram!\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Aram!.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe "
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab
O20 - AppInit_DLLs: karna.dat
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9813 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan - c:\progra~1\mcafee.com\vso\mcvsshl.dll [2005-07-01 114688]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll [2007-11-28 327759]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HWSetup "=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe [2004-05-01 28672]
"SVPWUTIL "=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe [2004-05-01 65536]
"Tvs "=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2005-11-30 73728]
"CeEKEY "=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe [2005-12-01 671744]
"PadTouch "=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-07-15 1077322]
"SmoothView "=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"TPNF "=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe [2005-12-13 53248]
"VirusScan Online "=C:\Program Files\McAfee.com\VSO\mcvsshld.exe [2005-08-10 163840]
"OASClnt "=C:\Program Files\McAfee.com\VSO\oasclnt.exe [2005-08-12 53248]
"MCAgentExe "=c:\PROGRA~1\mcafee.com\agent\mcagent.exe [2005-09-22 303104]
"MCUpdateExe "=C:\PROGRA~1\mcafee.com\agent\McUpdate.exe [2006-01-11 212992]
"IntelZeroConfig "=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718]
"IntelWireless "=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182]
"WinampAgent "=C:\Program Files\Winamp\wianmpa.exe []
"TkBellExe "=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-17 185896]
"UserFaultCheck "=C:\WINDOWS\system32\dumprep 0 -u []
"PSQLLauncher "=C:\Program Files\Protector Suite QL\launcher.exe [2006-01-13 30208]
"Adobe Photo Downloader "=C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe [2006-09-14 61440]
"ZoomingHook "=C:\WINDOWS\system32\ZoomingHook.exe [2005-06-06 24576]
"VSOCheckTask "=C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe [2005-07-08 151552]
"TPSMain "=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"TFncKy "=TFncKy.exe []
"TDispVol "=C:\WINDOWS\system32\TDispVol.exe [2005-12-27 73728]
"TCtryIOHook "=C:\WINDOWS\system32\TCtrlIOHook.exe [2006-01-03 28672]
"RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2005-12-09 15691264]
"QuickTime Task "=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Pinger "=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"PHIME2002ASync "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A "=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"NDSTray.exe "=NDSTray.exe []
"NBKeyScan "=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
"MSPY2002 "=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"IMJPMIG8.1 "=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1 "=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"igfxtray "=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
"igfxpers "=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
"igfxhkcmd "=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
"ehTray "=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"DLA "=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-10-06 122940]
"CFSServ.exe "=CFSServ.exe -NoClient []
"Apoint "=C:\Program Files\Apoint2K\Apoint.exe [2004-03-24 196608]
"Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AGRSMMSG "=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"MSMSGS "=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"Aim6 "= []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "karna.dat "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll [2006-01-13 40448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-10 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8} "=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [2006-09-28 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages "=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"InstallVisualStyle "=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\TOSHIBA\ivp\NetInt\Netint.exe "= "C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine "
"C:\TOSHIBA\Ivp\ISM\pinger.exe "= "C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger "
"C:\Program Files\Common Files\AOL\Loader\aolload.exe "= "C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader "
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe "= "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL "
"C:\Program Files\America Online 9.0\waol.exe "= "C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe "= "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon "
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe "= "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed "
"C:\Program Files\Common Files\AOL\1140473335\EE\AOLServiceHost.exe "= "C:\Program Files\Common Files\AOL\1140473335\EE\AOLServiceHost.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\System Information\sinf.exe "= "C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe "= "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe "= "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL "
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe "= "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL "
"C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\Program Files\Soulseek\slsk.exe "= "C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek "
"C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe "= "C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe:*:Enabled:burst! download engine "
"C:\Program Files\Azureus\Azureus.exe "= "C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus "
"C:\Program Files\Internet Explorer\IEXPLORE.EXE "= "C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer "
"C:\Program Files\DC++\DCPlusPlus.exe "= "C:\Program Files\DC++\DCPlusPlus.exe:*:EnabledC++ "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "
"C:\Program Files\Winamp\winamp.exe "= "C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp "
"C:\Program Files\Real\RealPlayer\realplay.exe "= "C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer "
"C:\WINDOWS\system32\dpvsetup.exe "= "C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test "
"C:\WINDOWS\system32\rundll32.exe "= "C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App "
"C:\Program Files\Mozilla Firefox\firefox.exe "= "C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox "
"C:\Program Files\Windows Media Player\wmplayer.exe "= "C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player "
"C:\Program Files\AIM6\aim6.exe "= "C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM "
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe "= "C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*isabled:Adobe Photoshop Elements Media Server "
"C:\Program Files\Pando Networks\Pando\pando.exe "= "C:\Program Files\Pando Networks\Pando\pando.exe:*isabledando "
"C:\Program Files\LimeWire\LimeWire.exe "= "C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire "
"C:\Program Files\Soulseek-Test\slsk.exe "= "C:\Program Files\Soulseek-Test\slsk.exe:*:Enabled:SoulSeek "
"C:\Program Files\Last.fm\LastFM.exe "= "C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm "
"C:\Documents and Settings\Aram!\Desktop\DCPlusPlus.exe "= "C:\Documents and Settings\Aram!\Desktop\DCPlusPlus.exe:*:EnabledC++ "
"C:\WINDOWS\system32\fxsclnt.exe "= "C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console "
"C:\WINDOWS\system32\drivers\svchost.exe "= "C:\WINDOWS\system32\drivers\svchost.exe:*isabled:svchost "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\Program Files\AIM\aim.exe "= "C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger "

======List of files/folders created in the last 3 months======

2008-11-04 18:16:19 ----D---- C:\Documents and Settings\Aram!\Application Data\WinRAR
2008-11-04 18:01:20 ----D---- C:\WINDOWS\ERUNT
2008-11-04 16:39:39 ----D---- C:\SDFix
2008-11-03 01:49:02 ----D---- C:\rsit
2008-10-29 07:23:39 ----SHD---- C:\WINDOWS\CSC
2008-10-29 03:09:59 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-28 17:17:00 ----D---- C:\Mp3 Output
2008-10-28 17:16:57 ----A---- C:\WINDOWS\system32\NCMedia.dll
2008-10-28 17:16:57 ----A---- C:\WINDOWS\system32\libmp3lame-0.dll
2008-10-28 17:16:56 ----D---- C:\Program Files\Smallvideosoft
2008-10-24 02:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-19 21:49:16 ----D---- C:\Program Files\Trend Micro
2008-10-19 21:35:02 ----D---- C:\WINDOWS\pss
2008-10-15 02:04:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 02:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 02:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 02:04:09 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 02:03:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-15 02:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-09-19 16:55:58 ----A---- C:\WINDOWS\system32\ssldivx.dll
2008-09-19 16:55:58 ----A---- C:\WINDOWS\system32\libdivx.dll
2008-09-10 02:01:27 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-10 02:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-08-29 19:49:11 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-08-15 02:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-15 02:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-15 02:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-15 02:03:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-15 02:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-15 02:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-15 02:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-15 02:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-08-09 22:03:14 ----D---- C:\Program Files\Sonic Foundry
2008-08-09 22:02:35 ----D---- C:\Program Files\Sonic Foundry Setup
2008-08-09 21:52:08 ----N---- C:\WINDOWS\system32\dbmsqlgc.dll
2008-08-09 21:52:08 ----N---- C:\WINDOWS\system32\dbmsgnet.dll
2008-08-09 21:51:34 ----D---- C:\Program Files\Microsoft SQL Server
2008-08-09 21:51:16 ----D---- C:\Documents and Settings\Aram!\Application Data\Sony
2008-08-09 21:50:56 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2008-08-09 21:50:12 ----D---- C:\Program Files\Vstplugins
2008-08-09 21:49:23 ----D---- C:\Program Files\Sony
2008-08-09 21:48:23 ----D---- C:\Program Files\Sony Setup
2008-08-09 21:11:06 ----D---- C:\Program Files\ggseq-0.3.1
2008-08-09 20:02:48 ----D---- C:\Program Files\Audacity
2008-08-08 19:44:06 ----A---- C:\WINDOWS\gwpreset.ini
2008-08-08 19:44:06 ----A---- C:\WINDOWS\goldwave.ini
2008-08-08 19:34:19 ----D---- C:\Program Files\GoldWave
2008-08-05 02:02:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-05 02:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-05 02:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-05 02:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-08-05 02:01:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-08-05 02:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

======List of files/folders modified in the last 3 months======

2008-11-04 18:26:03 ----D---- C:\Program Files\Mozilla Firefox
2008-11-04 18:25:13 ----D---- C:\WINDOWS\Prefetch
2008-11-04 18:23:51 ----D---- C:\WINDOWS\Temp
2008-11-04 18:15:24 ----D---- C:\WINDOWS\system32
2008-11-04 18:15:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-04 18:10:50 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-11-04 18:09:17 ----D---- C:\WINDOWS\system32\DLA
2008-11-04 18:07:19 ----D---- C:\WINDOWS\system32\drivers
2008-11-04 18:01:20 ----D---- C:\WINDOWS
2008-11-03 00:43:00 ----ASH---- C:\boot.ini
2008-11-03 00:43:00 ----A---- C:\WINDOWS\win.ini
2008-11-03 00:43:00 ----A---- C:\WINDOWS\system.ini
2008-11-03 00:42:44 ----HD---- C:\WINDOWS\inf
2008-10-29 21:47:38 ----D---- C:\Documents and Settings\Aram!\Application Data\toshiba
2008-10-29 21:47:37 ----SD---- C:\Documents and Settings\Aram!\Application Data\Microsoft
2008-10-29 21:44:21 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 03:06:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 03:06:18 ----D---- C:\Program Files\DC++
2008-10-28 17:16:56 ----D---- C:\Program Files
2008-10-26 15:57:25 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-26 02:59:19 ----D---- C:\Program Files\DivX
2008-10-24 02:00:36 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-19 23:28:16 ----D---- C:\WINDOWS\system32\FxsTmp
2008-10-19 16:01:48 ----D---- C:\WINDOWS\system32\Lang
2008-10-15 11:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 02:05:07 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 02:01:15 ----D---- C:\Program Files\Internet Explorer
2008-10-08 00:56:49 ----D---- C:\Program Files\Last.fm
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-09-22 12:54:38 ----D---- C:\Documents and Settings\Aram!\Application Data\Adobe
2008-09-10 02:01:28 ----D---- C:\WINDOWS\WinSxS
2008-09-04 01:19:13 ----D---- C:\WINDOWS\Help
2008-09-02 21:24:13 ----D---- C:\Documents and Settings\Aram!\Application Data\Mozilla
2008-08-31 20:19:02 ----D---- C:\Program Files\Soulseek
2008-08-29 20:16:38 ----D---- C:\WINDOWS\system32\CatRoot
2008-08-29 19:49:11 ----D---- C:\WINDOWS\Debug
2008-08-20 00:33:20 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\shlwapi.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\shdocvw.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-20 00:33:19 ----A---- C:\WINDOWS\system32\browseui.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\mstime.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\msrating.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\inseng.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\iepeers.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-20 00:33:18 ----A---- C:\WINDOWS\system32\danim.dll
2008-08-20 00:33:17 ----A---- C:\WINDOWS\system32\cdfview.dll
2008-08-19 04:20:32 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2008-08-15 02:03:46 ----D---- C:\Program Files\Messenger
2008-08-14 04:55:01 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 04:18:46 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-09 22:03:28 ----SHD---- C:\WINDOWS\Installer
2008-08-09 21:52:07 ----HD---- C:\Program Files\Uninstall Information
2008-08-09 21:51:03 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys []
R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-10 36096]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R1 TPwSav;Common Driver; C:\WINDOWS\System32\Drivers\TPwSav.sys [2005-12-01 11264]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-13 21275]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-10-06 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-10-06 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-10-06 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-10-06 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-10-06 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-10-06 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-10-06 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R2 FdRedir;FdRedir; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys []
R2 FileDisk2;FileDisk Protector Kernel Driver; \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys []
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568]
R2 smihlp;SMI helper driver; \??\C:\Program Files\Protector Suite QL\smihlp.sys []
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 101874]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 catchme;catchme; \??\C:\DOCUME~1\Aram!\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-01-13 28800]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-11-30 162560]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2005-11-30 43392]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-10 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2004-08-10 71552]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2004-08-10 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2004-08-10 10240]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2006-09-18 16640]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2004-10-20 10328]
R2 AOL TopSpeedMonitor;AOL TopSpeed Monitor; C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [2004-10-15 100016]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2006-09-28 204800]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753]
R2 McDetect.exe;McAfee WSC Integration; c:\program files\mcafee.com\agent\mcdetect.exe [2005-10-13 126976]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McShield;McAfee.com McShield; c:\PROGRA~1\mcafee.com\vso\mcshield.exe [2005-08-10 221184]
R2 McTskshd.exe;McAfee Task Scheduler; c:\PROGRA~1\mcafee.com\agent\mctskshd.exe [2005-08-24 122368]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-11-28 540745]
R2 Swupdtmr;Swupdtmr; c:\Toshiba\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-10 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe [2005-07-01 245760]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

 

Hi
Ok please do this.

Download ComboFix from Here to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post the Combofix log

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - Allow ComboFix to update if prompted.

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Thanks
Geri

 

Okay, here's the log from that:

ComboFix 08-11-04.02 - Aram! 2008-11-05 1:29:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.533 [GMT -5:00]
Running from: c:\documents and settings\Aram!\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aram!\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

.
((((((((((((((((((((((((( Files Created from 2008-10-05 to 2008-11-05 )))))))))))))))))))))))))))))))
.

2008-11-04 18:01 . 2008-11-04 18:01 <DIR> d-------- c:\windows\ERUNT
2008-11-04 16:39 . 2008-11-04 18:23 <DIR> d-------- C:\SDFix
2008-11-03 01:49 . 2008-11-03 01:49 <DIR> d-------- C:\rsit
2008-10-29 21:46 . 2008-10-29 21:46 552 --a------ c:\windows\system32\d3d8caps.dat
2008-10-29 21:01 . 2008-10-29 21:47 664 --a------ c:\windows\system32\d3d9caps.dat
2008-10-28 17:17 . 2008-10-28 17:17 <DIR> d-------- C:\Mp3 Output
2008-10-28 17:16 . 2008-10-28 17:16 <DIR> d-------- c:\program files\Smallvideosoft
2008-10-28 17:16 . 2007-03-01 03:18 4,762,112 --a------ c:\windows\system32\NCMedia.dll
2008-10-28 17:16 . 2007-02-25 14:36 383,238 --a------ c:\windows\system32\libmp3lame-0.dll
2008-10-19 21:49 . 2008-10-19 21:49 <DIR> d-------- c:\program files\Trend Micro
2008-10-19 21:46 . 2008-10-31 12:18 <DIR> d-------- c:\documents and settings\Aram!\.housecall6.6
2008-10-17 21:56 . 2004-08-10 07:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 20:07 36,416 ----a-w c:\documents and settings\Aram!\Application Data\wklnhst.dat
2008-10-30 02:47 --------- d-----w c:\documents and settings\Aram!\Application Data\toshiba
2008-10-29 08:06 --------- d-----w c:\program files\DC++
2008-10-26 07:59 --------- d-----w c:\program files\DivX
2008-10-08 05:56 --------- d-----w c:\program files\Last.fm
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD "= "c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"MSMSGS "= "c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck "= "c:\windows\system32\dumprep 0 -u" [X]
"HWSetup "= "c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL "= "c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"Tvs "= "c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"CeEKEY "= "c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 671744]
"PadTouch "= "c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView "= "c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TPNF "= "c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-13 53248]
"VirusScan Online "= "c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"OASClnt "= "c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe "= "c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe "= "c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"IntelZeroConfig "= "c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-11-17 185896]
"PSQLLauncher "= "c:\program files\Protector Suite QL\launcher.exe" [2006-01-13 30208]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"VSOCheckTask "= "c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Pinger "= "c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1 "= "c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Apoint "= "c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"ZoomingHook "= "ZoomingHook.exe" [2005-06-06 c:\windows\system32\ZoomingHook.exe]
"TPSMain "= "TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]
"TFncKy "= "TFncKy.exe" [BU]
"TDispVol "= "TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]
"TCtryIOHook "= "TCtrlIOHook.exe" [2006-01-03 c:\windows\system32\TCtrlIOHook.exe]
"RTHDCPL "= "RTHDCPL.EXE" [2005-12-09 c:\windows\RTHDCPL.exe]
"NDSTray.exe "= "NDSTray.exe" [BU]
"CFSServ.exe "= "CFSServ.exe" [BU]
"AGRSMMSG "= "AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle "= c:\windows\Resources\Themes\Royale\Royale.msstyles
"InstallTheme "= c:\windows\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-01-13 21:40 40448 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe "=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe "= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
"c:\\Program Files\\America Online 9.0\\waol.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe "=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe "=
"c:\\Program Files\\Common Files\\AOL\\1140473335\\EE\\AOLServiceHost.exe "=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Soulseek\\slsk.exe "=
"c:\\Program Files\\Azureus\\Azureus.exe "=
"c:\\Program Files\\DC++\\DCPlusPlus.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Program Files\\Winamp\\winamp.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\WINDOWS\\system32\\dpvsetup.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\Program Files\\Soulseek-Test\\slsk.exe "=
"c:\\Program Files\\Last.fm\\LastFM.exe "=
"c:\\WINDOWS\\system32\\fxsclnt.exe "=

R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2006-01-13 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2006-01-13 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [2006-01-13 3456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-WinampAgent - c:\program files\Winamp\wianmpa.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKU-Default-Run-brastk - c:\windows\system32\brastk.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Aram!\Application Data\Mozilla\Firefox\Profiles\6nunny13.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.thehungersite.com/clickToGive/home.faces?siteId=6&link=ctg_lit_home_from_ars_thankyou_sitenav
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF -: plugin - c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-05 01:35:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> c:\windows\system32\TDispVol.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\system32\DVDRAMSV.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\McAfee.com\Agent\mcagent.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\program files\Apoint2K\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-11-05 1:44:07 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-05 06:44:02

Pre-Run: 55,562,690,560 bytes free
Post-Run: 55,594,528,768 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Windows XP Media Center Edition" /noexecute=optin /fastdetect

215 --- E O F --- 2008-10-24 07:01:35

 

Hi aramkolesar
Sorry for the late reply, had a few things going on.

OK things look good, lets get a on line scan.

I see you have P2P software ( Limewire, BitTorrent uTorrent etc… ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them,

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at Windowsbbs Malware and Virus removal.


Please do this.

Download ATF Cleaner by Atribune and save it to your Desktop.
This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle bin

The rest are optional - if you want it to remove everything check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

Thanks
Geri

 

Here is that log. Thanks for all the help on this, by the way. It's great to be able to start my computer normally.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-09 16:00:49
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 5
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan 10.02 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No E:\Aram\Application Data\Mozilla\Profiles\DEFAULT\GWZHVJVK.SLT\COOKIES.TXT[.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No E:\Aram\Application Data\Mozilla\Profiles\DEFAULT\GWZHVJVK.SLT\COOKIES.TXT[.bravenet.com/]
00431239 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044027.dll
00431239 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044028.dll
00440996 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0045213.dll
00444840 Bck/Tdss.C Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0045210.dll
00520936 Application/ViewPoint HackTools No 0 Yes No C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
00524419 Application/Altnet HackTools No 0 Yes No E:\Aram\Desktop\Downloads\kazaa_lite_202_english.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP696\A0045346.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP696\A0045332.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP685\A0042837.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP685\A0042838.sys
02902637 Rootkit/Nurech.BC HackTools No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP685\A0040827.sys
03378493 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Roguescanfix\BFU.exe
03378493 Generic Trojan Virus/Trojan No 0 Yes No C:\Program Files\Roguescanfix\bfu.zip[BFU.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\apps\Cghtme.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\catchme.exe
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP696\A0045324.exe[C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP696\A0045324.exe][SDFix\apps\Cghtme.exe]
03738686 Generic Malware Virus/Trojan No 0 No No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP696\A0045324.exe[C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP696\A0045324.exe][SDFix\catchme.exe]
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0045138.exe
03738686 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0045137.exe
03935940 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\backups\backups.zip[backups/av.dat]
03939303 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044031.dll
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044025.dll
03939308 Adware/XPAntiSpyware2009 Adware No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044026.dll
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044033.dll
03939310 Adware/UltimateDefender Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044032.dll
03939339 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP691\A0044000.exe
03939339 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044029.exe
03939339 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0044030.exe
03944134 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP685\A0041826.exe
03944134 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP685\A0042826.exe
03944134 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP685\A0041827.exe
03944134 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP691\A0043999.exe
03944134 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP685\A0040826.exe
03944134 Adware/RogueAntimalware2009 Adware No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP685\A0042827.exe
03964795 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0045229.exe
03964795 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP694\A0045207.exe
03964795 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\SDFix\backups\backups.zip[backups/svchost.exe]
04003408 Generic Malware Virus/Trojan No 0 Yes No C:\SDFix\backups\catchme.zip[TDSSpqxt.sys]
;===================================================================================================================================================================================
SUSPECTS
Sent Location VE
;===================================================================================================================================================================================
No C:\Documents and Settings\Aram!\Desktop\ComboFix.exe VE
No C:\Documents and Settings\Aram!\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] VE
No C:\Documents and Settings\Aram!\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] VE
No C:\Documents and Settings\Aram!\Desktop\ComboFix.exe[32788R22FWJFW\psexec.cfexe] VE
No C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\ViewBar.dll VE
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description VE
;===================================================================================================================================================================================
108742 MEDIUM MS06-006 VE
;===================================================================================================================================================================================

 

Hi
OK good. Let's clean up.

Please do the following.

Click Start > Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing any infected files there as well.
Please check and verify that C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

Please delete these.

Roguescanfix
SDFix.exe
Viewpoint Toolbar << I would remove this if you don't use it.

Using Windows Explorer (to get there right-click your Start button and go to "Explore "), please delete these folders (if present):

C:\Program Files\Roguescanfix
C:\SDFix


Now please do one more scan with Panda and post the log, Make sure you run ATF cleaner before the scan.

Thanks
Geri

 

Here's that log. I hope I deleted all of the files I should have. I wasn't 100% sure if I got SDFix, in particular.


;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-11-11 03:00:42
PROTECTIONS: 1
MALWARE: 3
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan 10.02 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No E:\Aram\Application Data\Mozilla\Profiles\DEFAULT\GWZHVJVK.SLT\COOKIES.TXT[.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No E:\Aram\Application Data\Mozilla\Profiles\DEFAULT\GWZHVJVK.SLT\COOKIES.TXT[.bravenet.com/]
00520936 Application/ViewPoint HackTools No 0 Yes No C:\System Volume Information\_restore{9BCCDCE7-37F6-4E2E-8B77-7F9EE9C69547}\RP702\A0045668.dll
00524419 Application/Altnet HackTools No 0 Yes No E:\Aram\Desktop\Downloads\kazaa_lite_202_english.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
108742 MEDIUM MS06-006
;===================================================================================================================================================================================