Print Page - Great...I have a virus. Please help.

Title: Great...I have a virus. Please help.
Post by: woody189 on July 13, 2009, 05:40:36 AM

Hi.

I have a Toshiba laptop running XP.

I downloaded a virus, and I'm not sure what to do. I have AVG and it deleted some spyware junk, but didn't detect any viruses. I then ran BitDefender and it detected 5 viruses, and supposedly deleted them.

My dvd drive isn't detected, so I can't even reformat (which I would have only done as a last resort anyway).

I deleted the file that I believe contained the virus.

What should I do? I'm not sure what info you need, but please inform me how to give you whatever info you need.

Thank you so much.

Title: Re: Great...I have a virus. Please help.
Post by: Eric the Red on July 13, 2009, 07:02:58 AM

Hi Woody189,

Welcome back. Is this the same Toshiba that had the virus back in April (http://www.landzdown.com/index.php?topic=31878.0)of this year? Are you able to tell us what BitDefender reported as having been detected? Please follow the directions shown below and supply the information requested, also, we would prefer it if you don't go off and do your own thing without telling us - thre are a lot of snake oil salesmen out there on the net.

Please download ATF Cleaner by Atribune from http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25 (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) . Save it to your Desktop.

Run ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Shutdown/restart the computer.

Next Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.

Please save it to a convenient location.
The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file in your next reply.

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 13, 2009, 08:01:52 AM

Hello Eric. Yes same comp. I never resolved the previous problem. A friend of mine got it running, but I stopped using it. I recently began using it again.

I don't recall what the Bitdefender said. I ran the ATF Cleaner already, but I did it again. I was in the process of doing a quick scan w/ the Malaware, but I canceled it to run a full scan. I will post results when I get them.

Thanks.

Title: Re: Great...I have a virus. Please help.
Post by: GR@PH;<'S on July 13, 2009, 10:35:05 AM

woody189,
It is always best to carry on posting till your PC is all clear as that way we know it is clean not only is it in your interest but it can ofern help other who come here for help

GR@PH;<'S :Hammys pint:

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 13, 2009, 11:21:44 AM

You got it. I'll let you know.

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 13, 2009, 04:18:26 PM

I THINK it worked. Here's the log in case you're still interested:

Malwarebytes' Anti-Malware 1.38
Database version: 2414
Windows 5.1.2600 Service Pack 3

7/13/2009 7:19:49 AM
mbam-log-2009-07-13 (07-19-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 162830
Time elapsed: 45 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.

I have a question though. Why is it that Bitdefender didn't find/remove all the viruses, and Malware did? IS it just because Malare is a better program, or because Bit as just online or what? Just wondering.

thanks again.

Title: Re: Great...I have a virus. Please help.
Post by: winchester73 on July 13, 2009, 06:05:37 PM

QuoteWhy is it that Bitdefender didn't find/remove all the viruses, and Malware did?

"No action taken"

You have tell MBAM to remove what it finds. You'll want to update it first, you are a couple definitions behind.

Title: Re: Great...I have a virus. Please help.
Post by: Aaron Hulett on July 13, 2009, 08:12:41 PM

From your other thread: "I got it to reformat my whole harddrive. I backed everything I needed up, so it's not that bad of a thing."

Unless the backup includes infected files.

Once the machine is infected, anything pulled off of it at that point is suspect. If you did carry out the format, before you brought files back in from the backup, were they scanned first, or at a minimum, was there some form of real-time antimalware protection keeping an eye on things? In any case, even with these practices, the files are still suspect. Proceed with caution when pulling files from this fileset.

//A

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 13, 2009, 10:00:33 PM

Things aren't good after all.

I THOUGHT it worked, but it didn't.

When I rebooted it again, there was no DVD drive detected again. Also, sometimes when I try to open a programs, they won't open. For example, if I try to open firefox, then the hourglass will show up, but it won't open. Same goes for a lot programs. Most of the times it works, but other times it doesn't

I didn't realize it said NO ACTION TAKEN.

At the end, I checked off all infected files, and then removed them. It said that they were in fact removed. I'm confused.

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 13, 2009, 10:13:06 PM

Oh, and I only kept some important emails and old documents.

No music, programs, vids, or anything downloaded.

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 13, 2009, 10:47:35 PM

I ran another full scan.

Results:
Malwarebytes' Anti-Malware 1.38
Database version: 2414
Windows 5.1.2600 Service Pack 3

7/13/2009 6:46:32 PM
mbam-log-2009-07-13 (18-46-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 162786
Time elapsed: 41 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Oh man.

Title: Re: Great...I have a virus. Please help.
Post by: Paddy on July 13, 2009, 11:24:43 PM

Make sure you update Malwarebytes >> the newest version 1.39 just released.
Don't be surprised if it askes you to reboot the computer after the update it did on this desktop,
tho it didn't on the laptop top or the other desktop..

Paddy.. :)

Title: Re: Great...I have a virus. Please help.
Post by: Aaron Hulett on July 14, 2009, 12:13:33 AM

Quote from: woody189 on July 13, 2009, 10:13:06 PM
Oh, and I only kept some important emails and old documents.

No music, programs, vids, or anything downloaded.

"emails and old documents" fall within the scope of anything in the sentence, "Once the machine is infected, anything pulled off of it at that point is suspect."

The only potentially trustworthy backups from an infected system are those taken before the infection occurred. After that, anything and everything on the system is potentially infected. Everything.

//A

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 14, 2009, 12:49:07 AM

Quote from: Aaron Hulett - MSFT on July 14, 2009, 12:13:33 AM

"emails and old documents" fall within the scope of anything in the sentence,

//A

Wow.. Sorry, I'm not exactly computer savvy, hence the thread.

I understand it's possible (then again, what isn't), but I don't think that's where it came from.

Everything was fine, and I recently downloaded a file, and then started to have problems. When I ran the virus scan, the file I d/led was one of the files that came up as being infected. It was then supposedly fixed, but I'm still having the problems.

Paddy, after I completed the scan, I realized that I didn't update. I updated, rebooted, and reran the scan and still nothing came up as being infected. Thanks for the idea though.

Title: Re: Great...I have a virus. Please help.
Post by: Corrine on July 14, 2009, 02:14:02 PM

Let's take a look at what is on the computer.

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 14, 2009, 06:03:03 PM

Hope this helps Corrine.

Log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ravi at 2009-07-14 14:00:45
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (22%) free of 95 GB
Total RAM: 1015 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:08 PM, on 7/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ravi\Desktop\RSIT.exe
C:\Program Files\trend micro\Ravi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} (SOConfig6 Class) - https://ampf.ez-data.com/java/downloads/SOConfig6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} (SmartBridge6 Class) - https://ampf.ez-data.com/java/downloads/SmartOfficeLink6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10352 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-08 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2004-12-08 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2004-12-08 720896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-10-08 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-10-08 126976]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-14 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-14 688218]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2004-12-14 368640]
"NDSTray.exe"=NDSTray.exe []
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-09-15 135168]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2004-11-12 73728]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-03 122939]
"TFncKy"=TFncKy.exe []
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-08-27 278528]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2004-11-03 147456]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-08 1948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-06-13 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2010-04-17 5828608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2008-11-17 827904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-08 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Activision\Prototype\prototypef.exe"="C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 2 months======

2009-07-14 14:00:46 ----D---- C:\Program Files\trend micro
2009-07-14 14:00:45 ----D---- C:\rsit
2009-07-14 02:32:31 ----SHD---- C:\WINDOWS\ftpcache
2009-07-14 02:23:00 ----D---- C:\Config.Msi
2009-07-13 22:05:34 ----D---- C:\Root
2009-07-13 22:05:31 ----D---- C:\Program Files\Activision
2009-07-13 21:36:31 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-07-13 21:36:31 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-07-13 21:36:31 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-07-13 21:36:30 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-07-13 21:36:30 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-07-13 21:36:29 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-07-13 21:36:29 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-07-13 21:36:28 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-07-13 21:36:28 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-07-13 21:36:27 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-07-13 21:36:27 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-07-13 21:36:27 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-07-13 21:36:26 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-07-13 21:36:25 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-07-13 21:36:25 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-07-13 21:36:24 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-07-13 21:36:24 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-07-13 21:36:23 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-07-13 21:36:23 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-07-13 21:36:23 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-07-13 21:36:22 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-07-13 21:36:21 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-07-13 21:36:21 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-07-13 21:36:20 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-07-13 21:36:20 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-07-13 21:36:19 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-07-13 21:36:19 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-07-13 21:36:18 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-07-13 21:36:18 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-07-13 21:36:17 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-07-13 21:36:16 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-07-13 21:36:15 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-07-13 21:36:15 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-07-13 21:36:15 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-07-13 21:36:14 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-07-13 21:36:14 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-07-13 21:36:13 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-07-13 21:36:13 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-07-13 21:36:12 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-07-13 21:36:11 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-07-13 21:36:08 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-07-13 21:36:06 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-07-13 21:36:06 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-07-13 21:36:04 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-07-13 21:36:03 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-07-13 21:36:03 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-07-13 21:36:02 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-07-13 21:36:02 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-07-13 21:36:02 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-13 21:36:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-07-13 21:36:01 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-13 21:36:00 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-07-13 21:36:00 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-07-13 21:35:59 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-07-13 21:35:59 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-07-13 21:35:49 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-07-13 21:35:49 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-07-13 21:35:48 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-07-13 21:35:47 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-13 21:35:47 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-13 21:35:46 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-07-13 21:35:46 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-07-13 21:35:44 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-07-13 21:35:34 ----D---- C:\WINDOWS\Logs
2009-07-13 03:16:34 ----D---- C:\Documents and Settings\Ravi\Application Data\Malwarebytes
2009-07-13 03:16:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-13 03:16:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-13 02:23:56 ----A---- C:\WINDOWS\entpack.ini
2009-07-13 00:12:19 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-12 02:09:31 ----D---- C:\WINDOWS\BDOSCAN8
2009-07-10 16:02:06 ----D---- C:\Documents and Settings\Ravi\Application Data\Viewpoint
2009-07-10 05:03:03 ----D---- C:\Program Files\Windows Sidebar
2009-07-10 04:45:15 ----D---- C:\Program Files\Common Files\Nero
2009-07-10 02:41:47 ----D---- C:\Documents and Settings\Ravi\Application Data\AviDvdBurner
2009-07-10 02:41:28 ----D---- C:\Program Files\AviDvdBurner
2009-07-10 02:15:40 ----D---- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2009-07-10 00:34:38 ----D---- C:\Program Files\DOSBox-0.73
2009-07-09 12:05:45 ----HD---- C:\$AVG8.VAULT$
2009-07-08 02:02:24 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-08 02:01:36 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-08 01:58:08 ----D---- C:\Program Files\AVG
2009-07-08 01:18:53 ----D---- C:\Program Files\iPod
2009-07-08 01:14:57 ----D---- C:\Program Files\QuickTime
2009-06-15 23:56:15 ----D---- C:\Program Files\Joboshare
2009-06-15 23:55:03 ----D---- C:\Documents and Settings\Ravi\Application Data\GetRightToGo
2009-06-13 22:37:40 ----D---- C:\Documents and Settings\Ravi\Application Data\Vso
2009-06-13 22:37:40 ----A---- C:\Documents and Settings\Ravi\Application Data\inst.exe
2009-06-11 20:26:18 ----D---- C:\Documents and Settings\Ravi\Application Data\DivX
2009-06-11 03:03:37 ----D---- C:\WINDOWS\ie8updates
2009-06-11 03:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 17:07:54 ----A---- C:\WINDOWS\UNWISE.EXE
2009-06-10 17:07:43 ----D---- C:\YDKJ
2009-06-07 00:36:34 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-06-07 00:36:33 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-06-07 00:36:33 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-06-07 00:36:32 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-06-07 00:36:32 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-06-07 00:36:31 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-06-07 00:36:31 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-06-07 00:35:35 ----D---- C:\Program Files\Common Files\DivX Shared
2009-06-07 00:35:33 ----D---- C:\Program Files\DivX
2009-05-21 11:52:06 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-21 11:52:06 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-21 11:52:06 ----A---- C:\WINDOWS\system32\java.exe
2009-05-21 11:52:06 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 2 months======

2009-07-14 14:00:46 ----D---- C:\Program Files
2009-07-14 13:57:19 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-07-14 12:48:37 ----D---- C:\WINDOWS\Prefetch
2009-07-14 12:34:05 ----D---- C:\Program Files\Mozilla Firefox
2009-07-14 12:18:05 ----D---- C:\WINDOWS\Temp
2009-07-14 12:18:03 ----D---- C:\WINDOWS\system32
2009-07-14 04:24:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-14 04:23:47 ----D---- C:\Program Files\Mozilla Thunderbird
2009-07-14 04:23:39 ----D---- C:\Documents and Settings\Ravi\Application Data\uTorrent
2009-07-14 03:28:36 ----AD---- C:\WINDOWS
2009-07-14 02:34:23 ----SHD---- C:\WINDOWS\Installer
2009-07-14 02:23:50 ----D---- C:\WINDOWS\system32\drivers
2009-07-14 02:23:44 ----D---- C:\WINDOWS\system32\DirectX
2009-07-13 22:22:31 ----HD---- C:\WINDOWS\inf
2009-07-13 21:46:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-13 21:35:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-13 21:35:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-13 21:18:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-13 07:20:06 ----SD---- C:\WINDOWS\Tasks
2009-07-12 02:09:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-12 00:29:36 ----D---- C:\Documents and Settings\Ravi\Application Data\Apple Computer
2009-07-12 00:24:03 ----D---- C:\WINDOWS\system32\Restore
2009-07-11 01:17:26 ----D---- C:\Program Files\SlySoft
2009-07-11 01:08:18 ----RASH---- C:\boot.ini
2009-07-11 01:08:18 ----A---- C:\WINDOWS\win.ini
2009-07-11 01:08:18 ----A---- C:\WINDOWS\system.ini
2009-07-10 20:23:15 ----D---- C:\Documents and Settings\Ravi\Application Data\Nero
2009-07-10 20:05:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-10 05:04:40 ----D---- C:\Program Files\Nero
2009-07-10 04:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-07-10 04:45:15 ----D---- C:\Program Files\Common Files
2009-07-10 02:42:18 ----D---- C:\WINDOWS\WinSxS
2009-07-09 03:55:17 ----D---- C:\Documents and Settings\Ravi\Application Data\LimeWire
2009-07-09 01:58:06 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-08 04:06:15 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-08 01:59:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-08 01:58:29 ----SD---- C:\Documents and Settings\Ravi\Application Data\Microsoft
2009-07-08 01:19:35 ----D---- C:\Program Files\iTunes
2009-07-08 01:18:22 ----D---- C:\Program Files\Common Files\Apple
2009-07-08 01:12:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-08 01:12:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-06-17 18:50:57 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-06-11 03:03:47 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-11 03:03:46 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:03:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 03:03:33 ----A---- C:\WINDOWS\imsins.BAK
2009-06-05 13:46:56 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-06-05 11:42:38 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-21 11:55:06 ----D---- C:\Program Files\Quicken
2009-05-21 11:51:44 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-11 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-08 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-08 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2009-05-01 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2009-05-01 9464]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-01-14 24360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-20 17119]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-03 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-03 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-03 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-03 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-03 86138]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-03 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-03 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-03 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-03 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-01-16 103488]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2009-05-04 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-14 185728]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-09-13 146304]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2004-07-26 4352]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2004-11-12 29056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-12-08 3222784]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-11-26 224000]
S3 auxk5ipl;auxk5ipl; C:\WINDOWS\system32\drivers\auxk5ipl.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-06-13 47360]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090707.004\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-08 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2003-03-19 335872]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
R2 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2004-12-14 34816]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2005-10-29 520904]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-10-29 144576]

-----------------EOF-----------------

Info:

info.txt logfile of random's system information tool 1.06 2009-07-14 14:01:10

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA561482-C49D-4687-A61C-96236C1688F0}\Setup.exe" -l0x9
AT&T Connection Services Manager-->C:\WINDOWS\WNBackup\WnClient62\unwise32.exe /Z /U C:\WINDOWS\WNBackup\WnClient62\install.log "AT&T Connection Services Manager"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD43 v4.4.0-->"C:\Program Files\dvd43\unins000.exe"
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\Setup.exe" DVD-RAM Driver
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 4.2-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Joboshare DVD Copy-->C:\Program Files\Joboshare\DVD Copy\Uninstall.exe
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 12 [pre-release]-->MsiExec.exe /X{10120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Professional Enterprise Edition 12 [pre-release]-->"C:\Program Files\Common Files\Microsoft Shared\Office Setup Controller\setup.exe" /uninstall PRO
Microsoft Office Proof Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI Edition (English) 12 [pre-release]-->MsiExec.exe /X{10120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-249K-1T0E-3A1A-C7AA-MUZ3-8EL4-2U9W"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Notebook Maximizer-->C:\WINDOWS\iun6002.exe "C:\Program Files\Notebook Maximizer\irunin.ini"
Prototype(TM)-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio Burn Engine-->MsiExec.exe /X{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{73B2BC65-F997-4208-AEE5-CF8B809A3A71}
TOSHIBA Assist-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\Setup.exe" -l0x9
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
TOSHIBA PC Diagnostic Tool-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe"
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
Toshiba Tbiosdrv Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Toshiba\Toshiba Tbiosdrv Driver\Tbiosdrv.isu"
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\Setup.exe" /uninstall
TOSHIBA Zooming Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64212898-097F-4F3F-AECA-6D34A7EF82DF}\Setup.exe"
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
YOU DON'T KNOW JACK V1.0-->C:\WINDOWS\unwise.exe C:\YDKJ\install.log

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: TOSHIBA-USER
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 22051
Source Name: Cdrom
Time Written: 20090706203850.000000-240
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 22050
Source Name: Cdrom
Time Written: 20090706203850.000000-240
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 22049
Source Name: Cdrom
Time Written: 20090706203850.000000-240
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 22048
Source Name: Cdrom
Time Written: 20090706203850.000000-240
Event Type: error
User:

Computer Name: TOSHIBA-USER
Event Code: 11
Message: The driver detected a controller error on \Device\CdRom0.

Record Number: 22047
Source Name: Cdrom
Time Written: 20090706203850.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: TOSHIBA-USER
Event Code: 10005
Message: Product: Norton AntiVirus 2005 -- Norton AntiVirus 2005 does not support the Repair feature, please uninstall and reinstall.

Record Number: 3779
Source Name: MsiInstaller
Time Written: 20090622111059.000000-240
Event Type: error
User: TOSHIBA-USER\Ravi

Computer Name: TOSHIBA-USER
Event Code: 1001
Message: Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete' failed during request for component '{6EA56B47-0667-460E-A91B-53AA80E3616D}'

Record Number: 3778
Source Name: MsiInstaller
Time Written: 20090622111057.000000-240
Event Type: warning
User: TOSHIBA-USER\Ravi

Computer Name: TOSHIBA-USER
Event Code: 1004
Message: Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete', component '{6DD22B40-C9AA-4632-A6C3-F364E77568C0}' failed. The resource 'c:\Program Files\Norton AntiVirus\Quarantine\Portal\' does not exist.

Record Number: 3777
Source Name: MsiInstaller
Time Written: 20090622111057.000000-240
Event Type: warning
User: TOSHIBA-USER\Ravi

Computer Name: TOSHIBA-USER
Event Code: 10005
Message: Product: Norton AntiVirus 2005 -- Norton AntiVirus 2005 does not support the Repair feature, please uninstall and reinstall.

Record Number: 3775
Source Name: MsiInstaller
Time Written: 20090622111057.000000-240
Event Type: error
User: TOSHIBA-USER\Ravi

Computer Name: TOSHIBA-USER
Event Code: 1001
Message: Detection of product '{C6F5B6CF-609C-428E-876F-CA83176C021B}', feature 'Complete' failed during request for component '{6EA56B47-0667-460E-A91B-53AA80E3616D}'

Record Number: 3774
Source Name: MsiInstaller
Time Written: 20090622111056.000000-240
Event Type: warning
User: TOSHIBA-USER\Ravi

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISIO

Title: Re: Great...I have a virus. Please help.
Post by: Paddy on July 15, 2009, 12:30:15 AM

While you persist in usein these programes, Its not going to help your cause of getting that computer clean, or Help Corrine in doing it ..

Quote[ Hope this helps Corrine.

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed below.

"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

Paddy..

Title: Re: Great...I have a virus. Please help.
Post by: Aaron Hulett on July 15, 2009, 07:16:10 AM

Scrap the P2P. It's swarming with potentially malicious files.

Title: Re: Great...I have a virus. Please help.
Post by: Corrine on July 15, 2009, 03:23:36 PM

Thank you, Paddy & Aaron. You took the words off my keyboard. :)

Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.

Double-click on JavaRa.exe to start the program. (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
Click on Remove Older Versions to remove older versions of Java.
A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment (JRE) 6 Update 14 (http://java.sun.com/javase/downloads/index.jsp).

Note: UNCHECK any pre-checked toolbar and/or software options presented with the update. They are not part of the software update and are completely optional.

Please go here (http://www.eset.com/onlinescan/) to run an online scan from ESET.

Note: It is easiest if you use Internet explorer for this scan. (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic with a fresh HijackThis log and let me know how things are now.

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 15, 2009, 05:23:07 PM

I think you will all be happy to know that I uninstalled the programs.

I tried downloaded the JAVA runtime environment, but the D/l keeps failing. Not sure why.

Just out of curiosity, why did you have me untick the remove found threats box?

Is the HijackThis log going to be the same log I got from RSIT, or do i need to d/l HijackThis?

I'm going to run the scan right now.

Title: Re: Great...I have a virus. Please help.
Post by: Corrine on July 15, 2009, 05:45:08 PM

SunJava isn't required but is used by some games and some online sites. You can try again after your system is clean.

It is your computer that has been infected through the use of P2P programs. In addition, P2P programs provide a direct conduit to your computer and any P2P security measures are easily circumvented.

I asked you to untick the remove threats found because I would like to see what is found and determine what I feel is the best course of action.

Yes, HijackThis will be the same as via RSIT.

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 15, 2009, 06:56:24 PM

C:\Documents and Settings\Ravi\My Documents\Downloads\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso Win32/Toolbar.AskSBar application

This is the only threat.

Title: Re: Great...I have a virus. Please help.
Post by: winchester73 on July 15, 2009, 07:06:05 PM

Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso

Is that a cracked version you got via P2P?

You also have a v9 trial?

Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-249K-1T0E-3A1A-C7AA-MUZ3-8EL4-2U9W"

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 16, 2009, 04:45:32 AM

Yes, it was a cracked version I got via P2P.

The Nero9 was something else. The nero 8 was old.

Should I just delete the file and never D/L from P2P again(which i never intend on doing again anyway)?
Or do I have to take some additional steps to remove the infection?

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 16, 2009, 04:48:07 AM

Sorry. Forgot to include this...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ravi at 2009-07-16 00:45:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 37 GB (39%) free of 95 GB
Total RAM: 1015 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:02 AM, on 7/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Ravi\Desktop\RSIT.exe
C:\Program Files\trend micro\Ravi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1FA44E01-A60B-4449-BF97-66CDAA200433} (SOConfig6 Class) - https://ampf.ez-data.com/java/downloads/SOConfig6.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D22621D3-E219-4B03-AF3E-5E8AEF7CC70B} (SmartBridge6 Class) - https://ampf.ez-data.com/java/downloads/SmartOfficeLink6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10363 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-08 1107224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-08-03 118842]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2004-12-08 720896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2004-12-08 720896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-10-08 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-10-08 126976]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-10-14 98394]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-10-14 688218]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2004-12-14 368640]
"NDSTray.exe"=NDSTray.exe []
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2003-09-05 184320]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2004-09-15 135168]
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2004-11-12 73728]
"SoundMAXPnP"=C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [2004-07-27 1388544]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2004-08-06 860160]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-08-03 122939]
"TFncKy"=TFncKy.exe []
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2004-08-27 278528]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2004-09-07 1077301]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2004-11-03 147456]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-15 385024]
"EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2004-10-15 356352]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-08 1948440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
C:\WINDOWS\AGRSMMSG.exe [2004-10-28 88363]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-06-13 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2010-04-17 5828608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2008-11-17 827904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Notebook Maximizer]
C:\Program Files\Notebook Maximizer\maximizer_startup.exe [2004-05-25 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-08 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-10-08 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-10-15 110592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-15 15:49:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 15:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 15:48:36 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 13:08:05 ----D---- C:\Program Files\ESET
2009-07-14 14:00:46 ----D---- C:\Program Files\trend micro
2009-07-14 14:00:45 ----D---- C:\rsit
2009-07-14 02:32:31 ----SHD---- C:\WINDOWS\ftpcache
2009-07-14 02:23:00 ----D---- C:\Config.Msi
2009-07-13 21:36:31 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-07-13 21:36:31 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-07-13 21:36:31 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-07-13 21:36:30 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-07-13 21:36:30 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-07-13 21:36:29 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-07-13 21:36:29 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-07-13 21:36:28 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-07-13 21:36:28 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-07-13 21:36:27 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-07-13 21:36:27 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-07-13 21:36:27 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-07-13 21:36:26 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-07-13 21:36:25 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-07-13 21:36:25 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-07-13 21:36:24 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-07-13 21:36:24 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-07-13 21:36:23 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-07-13 21:36:23 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-07-13 21:36:23 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-07-13 21:36:22 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-07-13 21:36:21 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-07-13 21:36:21 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-07-13 21:36:20 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-07-13 21:36:20 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-07-13 21:36:19 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-07-13 21:36:19 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-07-13 21:36:18 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-07-13 21:36:18 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-07-13 21:36:17 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-07-13 21:36:16 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-07-13 21:36:15 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-07-13 21:36:15 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-07-13 21:36:15 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-07-13 21:36:14 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-07-13 21:36:14 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2009-07-13 21:36:13 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-07-13 21:36:13 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-07-13 21:36:12 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-07-13 21:36:11 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-07-13 21:36:08 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-07-13 21:36:06 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-07-13 21:36:06 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-07-13 21:36:04 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-07-13 21:36:03 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-07-13 21:36:03 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-07-13 21:36:02 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-07-13 21:36:02 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-07-13 21:36:02 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-07-13 21:36:01 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-07-13 21:36:01 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-07-13 21:36:00 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-07-13 21:36:00 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-07-13 21:35:59 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-07-13 21:35:59 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-07-13 21:35:49 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-07-13 21:35:49 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-07-13 21:35:48 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-07-13 21:35:47 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-07-13 21:35:47 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-07-13 21:35:46 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-07-13 21:35:46 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-07-13 21:35:44 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-07-13 21:35:34 ----D---- C:\WINDOWS\Logs
2009-07-13 03:16:34 ----D---- C:\Documents and Settings\Ravi\Application Data\Malwarebytes
2009-07-13 03:16:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-13 03:16:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-13 02:23:56 ----A---- C:\WINDOWS\entpack.ini
2009-07-13 00:12:19 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-12 02:09:31 ----D---- C:\WINDOWS\BDOSCAN8
2009-07-10 16:02:06 ----D---- C:\Documents and Settings\Ravi\Application Data\Viewpoint
2009-07-10 05:03:03 ----D---- C:\Program Files\Windows Sidebar
2009-07-10 04:45:15 ----D---- C:\Program Files\Common Files\Nero
2009-07-10 02:41:47 ----D---- C:\Documents and Settings\Ravi\Application Data\AviDvdBurner
2009-07-10 02:41:28 ----D---- C:\Program Files\AviDvdBurner
2009-07-10 02:15:40 ----D---- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2009-07-10 00:34:38 ----D---- C:\Program Files\DOSBox-0.73
2009-07-09 12:05:45 ----HD---- C:\$AVG8.VAULT$
2009-07-08 02:02:24 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-08 02:01:36 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-08 01:58:08 ----D---- C:\Program Files\AVG
2009-07-08 01:18:53 ----D---- C:\Program Files\iPod
2009-07-08 01:14:57 ----D---- C:\Program Files\QuickTime

======List of files/folders modified in the last 1 months======

2009-07-16 00:40:01 ----D---- C:\Program Files\Mozilla Thunderbird
2009-07-16 00:39:59 ----D---- C:\Program Files\Mozilla Firefox
2009-07-16 00:39:55 ----D---- C:\WINDOWS\Prefetch
2009-07-16 00:39:21 ----AD---- C:\WINDOWS
2009-07-16 00:39:21 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2009-07-15 15:50:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-15 15:50:00 ----HD---- C:\WINDOWS\inf
2009-07-15 15:49:58 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 15:49:56 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 15:49:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-15 15:49:55 ----D---- C:\WINDOWS\system32
2009-07-15 15:49:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 15:48:51 ----D---- C:\WINDOWS\Temp
2009-07-15 13:58:28 ----RASH---- C:\boot.ini
2009-07-15 13:58:27 ----A---- C:\WINDOWS\win.ini
2009-07-15 13:58:27 ----A---- C:\WINDOWS\system.ini
2009-07-15 13:30:47 ----D---- C:\Program Files
2009-07-15 13:30:46 ----SHD---- C:\WINDOWS\Installer
2009-07-15 13:08:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-15 12:50:55 ----D---- C:\Program Files\Java
2009-07-15 00:37:29 ----D---- C:\WINDOWS\system32\DirectX
2009-07-14 12:11:57 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-14 04:23:39 ----D---- C:\Documents and Settings\Ravi\Application Data\uTorrent
2009-07-14 02:23:50 ----D---- C:\WINDOWS\system32\drivers
2009-07-13 21:46:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-13 21:35:52 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-13 21:35:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-13 07:20:06 ----SD---- C:\WINDOWS\Tasks
2009-07-12 00:29:36 ----D---- C:\Documents and Settings\Ravi\Application Data\Apple Computer
2009-07-12 00:24:03 ----D---- C:\WINDOWS\system32\Restore
2009-07-11 01:17:26 ----D---- C:\Program Files\SlySoft
2009-07-10 20:23:15 ----D---- C:\Documents and Settings\Ravi\Application Data\Nero
2009-07-10 20:05:22 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-10 05:04:40 ----D---- C:\Program Files\Nero
2009-07-10 04:56:56 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-07-10 04:45:15 ----D---- C:\Program Files\Common Files
2009-07-10 02:42:18 ----D---- C:\WINDOWS\WinSxS
2009-07-10 02:16:20 ----D---- C:\Documents and Settings\Ravi\Application Data\Vso
2009-07-10 02:16:18 ----A---- C:\Documents and Settings\Ravi\Application Data\inst.exe
2009-07-09 03:55:17 ----D---- C:\Documents and Settings\Ravi\Application Data\LimeWire
2009-07-08 04:06:15 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-08 01:59:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-08 01:58:29 ----SD---- C:\Documents and Settings\Ravi\Application Data\Microsoft
2009-07-08 01:19:35 ----D---- C:\Program Files\iTunes
2009-07-08 01:18:22 ----D---- C:\Program Files\Common Files\Apple
2009-07-08 01:12:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-08 01:12:32 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-07 11:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-17 18:50:57 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-11 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-08 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-08 108552]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2009-05-01 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2009-05-01 9464]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-01-14 24360]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2004-01-30 90480]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.6.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-03-20 17119]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2004-11-16 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-07-14 40448]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-10-15 11354]
R2 TBiosDrv;TBiosDrv; \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-08-03 25723]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-08-03 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-08-03 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-08-03 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-08-03 86138]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-08-03 14715]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-08-03 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-08-03 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-08-03 100603]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2004-10-06 129280]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-10-28 1270572]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-01-16 103488]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2009-05-04 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-10-08 752093]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-09-01 259648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-10-14 185728]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2004-09-13 146304]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2004-07-26 4352]
R3 Tvs;Toshiba Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2004-11-12 29056]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-12-08 3222784]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-11-26 224000]
S3 a715zx0f;a715zx0f; C:\WINDOWS\system32\drivers\a715zx0f.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-06-13 47360]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20090707.004\symidsco.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-08 298776]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2004-11-10 36864]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-10-15 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2003-03-19 335872]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
R2 OwnershipProtocol;OwnershipProtocol; C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe [2004-10-15 98304]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-10-15 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-10-15 360521]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2004-05-13 53248]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2004-12-14 34816]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2005-10-29 520904]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2005-10-29 144576]

-----------------EOF-----------------

It didn't open up an Info log this time.

Title: Re: Great...I have a virus. Please help.
Post by: Eric the Red on July 16, 2009, 07:33:26 AM

Quote from: woody189 on July 16, 2009, 04:45:32 AM

Should I just delete the file and never D/L from P2P again(which i never intend on doing again anyway)?

I take it that was a rhetorical question. Take a look at this recent post (http://www.netlib.com/blogpost.asp?id=51) and you will find your answer. As for your second question - stay tuned here and we'll do our best to get you clean.

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 16, 2009, 08:20:51 AM

Well, I didn't mean for the "never d/l from a p2p network again" to be a question. Of course that's something that should be done no matter what. I should have rephrased that.

What I was asking was whether or not i should delete the file. I asked this, because in an earlier post, Corrine said not to remove any malicious files because she would let me what the proper way to get rid of them would be. I wasn't sure if just deleting it would be good enough, or if there was another way that would give me better results.

Interesting article. Kinda scary actually.

Title: Re: Great...I have a virus. Please help.
Post by: winchester73 on July 16, 2009, 12:58:14 PM

Quote from: woody189 on July 16, 2009, 04:45:32 AM
Yes, it was a cracked version I got via P2P.

A reminder for anyone who comes along down the road and reads this thread ...

Cracked/warez versions of programs sound "good" and "cheap", but they can cause all sorts of headaches for you and damage to your computer. No reputable forum will support any method of cracking, warez, workarounds, providing any methods, tools, or posting of links designed for this express purpose.

There are people who have spent a great deal of money on developing and testing hardware and software, marketing and distributing it, and then on education and support for it. They have spent long, tedious, difficult and brain-numbing days/nights on their endeavor. They are attempting to make an honest living and feed their families.

Let's not support the thieves who rip them off and cheat them out of the fruits of their labor.

Some random thoughts ...

Use common sense, and be wary of any unsolicited invitation to download something that proclaims to be "wonderful", especially if the offers appear as a popup (or a flash ad, or in an email attachment).

Only download files when you have an effective and fully updated anti-virus program running. Treat executable file downloads with extreme caution.

Never never never ever download a file unless you know the source is trustworthy (that includes pictures and music attachments). That would suggest that you should only download software from well-known or trustworthy companies. Sites that offer no-spyware guarantees are a plus.

Be extra careful when looking at peer-to-peer filesharing programs or files. Use trusted download websites rather than peer-to-peer systems to get programs.

There's no such thing as a free lunch.

Never never never ever use cracked or warez versions or sites that push them.

Before downloading something, "Google" it and see what the search returns.

Make sure you have a current backup of your system before you install any software that you download.

It's a good idea to scan files for viruses, worms and other malware before you run the installer (or open them).

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 16, 2009, 04:44:03 PM

Quote from: winchester73 on July 16, 2009, 12:58:14 PM
Quote from: woody189 on July 16, 2009, 04:45:32 AM
Yes, it was a cracked version I got via P2P.

There are people who have spent a great deal of money on developing and testing hardware and software, marketing and distributing it, and then on education and support for it. They have spent long, tedious, difficult and brain-numbing days/nights on their endeavor. They are attempting to make an honest living and feed their families.

You are completely right.

Title: Re: Great...I have a virus. Please help.
Post by: Corrine on July 16, 2009, 07:12:24 PM

Yes, go ahead and remove the Nero files but do it via Add/Remove Programs as there are uninstallers listed there:

Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-249K-1T0E-3A1A-C7AA-MUZ3-8EL4-2U9W"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

Following that, from your Download folder, delete the following:

C:\Documents and Settings\Ravi\My Documents\Downloads\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 19, 2009, 03:32:14 AM

Okay. I did that. Thank you all so much for all your help.

Title: Re: Great...I have a virus. Please help.
Post by: Eric the Red on July 19, 2009, 08:47:48 AM

Would you please let us know how the machine is now behaving? I suggest that you update MBAM, scan and post the latest results.

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 20, 2009, 03:48:21 AM

here it is...Malwarebytes' Anti-Malware 1.39
Database version: 2464
Windows 5.1.2600 Service Pack 3

7/19/2009 11:46:16 PM
mbam-log-2009-07-19 (23-46-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161084
Time elapsed: 45 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Title: Re: Great...I have a virus. Please help.
Post by: winchester73 on July 20, 2009, 12:58:40 PM

Is everything working to your satisfaction?

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 20, 2009, 04:08:59 PM

Yea, everything's fine. I do have another question though.

I always had 1 dvd drive (D:).
for some reason, now it's showing 2 drives. DVD Drive D: and DVD RAM drive E:

Is there a reason for this? Other than that, everything is running good.

Title: Re: Great...I have a virus. Please help.
Post by: Corrine on July 20, 2009, 05:44:36 PM

Do you have a DVD in the drive?

Title: Re: Great...I have a virus. Please help.
Post by: woody189 on July 23, 2009, 03:02:26 AM

If I do or don't, it still shows 2 drives. I think it may be possible that a program I have that mounts a cd into the drive could be the cause though. I used to use it so I don't have to keep the disc in whenever I play the game.

IDK if that's what it is though. If I insert a disc, it is read in the E: drive, not D:

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: woody189 on July 13, 2009, 05:40:36 AM