Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.
     
 
 Closed TopicStart new topic
Windows cannot find 'resycled/boot.com' error [CLOSED]
juschillin
post Nov 19 2008, 09:21 PM
Post #1


Member
**
Posts: 14
OS: XP
Hey guys

I would appreciate if you could give me some help. Two major virus attacked my system... Windows Antivirus 2008 and Advanced Antivirus. I used Malwarebytes Antimalware to get rid of them and it seems to have done it. But now when i try to access the C drive it gives me the above mentioned error 'resycled/boot.com' cannot be found. My Hijack log is posted below. Thanks in advance for your assistance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:14 PM, on 11/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1183966120\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WeFi\WeFi.exe
C:\Program Files\W3i\VibeFire\VibeFire.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\common files\aol\1183966120\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1183966120\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Toshiba\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1183966120\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [C:\Program Files\WinDefender 2008\Uninstall.exe" --install] C:\Program Files\WinDefender 2008\Uninstall.exe" --install
O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmzy.exe] C:\WINDOWS\system32\kdmzy.exe
O4 - HKLM\..\Run: [a8638298] rundll32.exe "C:\WINDOWS\system32\ubilmsjj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [wefi] C:\Program Files\WeFi\WeFi.exe
O4 - HKCU\..\Run: [VibeFireAlerts] C:\Program Files\W3i\VibeFire\VibeFire.exe
O4 - HKLM\..\Policies\Explorer\Run: [onkNr5vMFT] C:\Documents and Settings\All Users\Application Data\pqhmzgvi\zelsrmhm.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10385 bytes
Go to the top of the page
 
+Quote Post
Rorschach112
post Nov 20 2008, 02:23 PM
Post #2


GeekU Teacher
Group Icon
Posts: 21,845
From: Dublin
OS: XP
Hello

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
Go to the top of the page
 
+Quote Post
juschillin
post Nov 20 2008, 05:40 PM
Post #3


Member
**
Posts: 14
OS: XP

--------------------\\ Lop S&D 4.2.4-9c XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 2.00GHz )
BIOS : Insyde Software MobilePRO BIOS Version 4.20.09
USER : Toshiba ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:111 Go (Free:84 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( Thu 11/20/2008|15:28 )

--------------------\\ Listing folders in APPLIC~1

[12/01/2005|08:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[01/15/2007|12:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[11/04/2005|06:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[04/26/2008|09:53] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intel
[11/04/2005|08:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Intuit
[11/29/2005|04:24] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[11/04/2005|08:02] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> toshiba
[11/04/2005|08:28] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[10/04/2008|12:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[09/15/2008|01:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/15/2007|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ahead
[11/17/2008|05:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[09/22/2008|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[11/17/2008|06:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[01/15/2007|12:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[03/29/2007|01:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[01/15/2007|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intel
[11/04/2005|08:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Intuit
[10/13/2008|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> lqralshc
[11/17/2008|07:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[11/17/2008|05:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[01/15/2007|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[01/15/2007|12:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[10/13/2008|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nqrglyzs
[11/17/2008|05:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> pqhmzgvi
[11/04/2005|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[01/15/2008|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[09/11/2008|06:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SiteAdvisor
[11/17/2008|05:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[11/17/2008|05:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[11/04/2005|08:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[09/25/2008|07:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Winferno
[09/10/2008|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo! Companion

[12/01/2005|08:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[01/15/2007|12:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[11/04/2005|06:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[11/04/2005|08:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Intuit
[11/29/2005|04:24] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[11/04/2005|08:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> toshiba
[11/04/2005|08:28] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[11/04/2005|06:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[10/13/2008|11:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> SACore

[11/04/2005|06:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft


[09/10/2008|04:08] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Adobe
[08/26/2008|04:57] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> AdobeUM
[01/15/2007|12:08] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> AOL
[11/17/2008|06:14] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Apple Computer
[09/15/2008|02:18] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> FunWebProducts
[01/18/2007|08:48] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Google
[01/17/2007|12:21] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Help
[11/04/2005|06:41] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Identities
[01/15/2007|12:05] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Intel
[02/10/2007|03:01] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> InterVideo
[11/04/2005|08:23] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Intuit
[01/15/2007|12:22] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Lavasoft
[01/15/2007|12:28] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Macromedia
[11/17/2008|07:56] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Malwarebytes
[09/15/2008|01:36] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Microsoft
[09/09/2008|05:45] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Mozilla
[10/30/2008|01:41] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> SmartShopper
[01/20/2007|04:26] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Template
[12/04/2007|04:44] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> toshiba
[11/17/2008|04:46] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> U3
[01/22/2007|10:50] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Viewpoint
[09/22/2008|01:24] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> W3i
[09/15/2008|01:53] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> WeatherBug
[11/17/2008|05:49] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> Yahoo!
[11/04/2005|08:28] C:\DOCUME~1\Toshiba\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[09/22/2008 01:24 PM][--a------] C:\WINDOWS\tasks\rpc.job
[09/22/2008 12:37 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[11/20/2008 03:24 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[11/17/2008|05:31] C:\Program Files\<DIR> Ahead
[11/17/2008|07:39] C:\Program Files\<DIR> Alwil Software
[11/17/2008|05:31] C:\Program Files\<DIR> America Online 9.0
[11/17/2008|05:31] C:\Program Files\<DIR> America Online 9.0a
[11/17/2008|05:31] C:\Program Files\<DIR> America Online 9.0b
[11/17/2008|05:31] C:\Program Files\<DIR> America Online 9.0c
[07/08/2007|11:04] C:\Program Files\<DIR> AOL
[06/25/2007|10:27] C:\Program Files\<DIR> AOL Companion
[09/22/2008|12:37] C:\Program Files\<DIR> Apple Software Update
[11/18/2008|04:17] C:\Program Files\<DIR> Applications
[01/15/2007|11:53] C:\Program Files\<DIR> ArcSoft
[09/09/2008|05:45] C:\Program Files\<DIR> AskSearch
[09/15/2008|01:53] C:\Program Files\<DIR> AWS
[09/22/2008|12:39] C:\Program Files\<DIR> Bonjour
[11/17/2008|05:56] C:\Program Files\<DIR> Common Files
[01/15/2007|12:17] C:\Program Files\<DIR> DVD Decrypter
[01/15/2007|12:18] C:\Program Files\<DIR> DVD Shrink
[11/04/2005|07:40] C:\Program Files\<DIR> DVD-RAM
[09/10/2007|04:02] C:\Program Files\<DIR> Edmark
[11/17/2008|04:57] C:\Program Files\<DIR> Enigma Software Group
[09/10/2008|04:06] C:\Program Files\<DIR> Google
[01/15/2007|12:15] C:\Program Files\<DIR> InstallShield Installation Information
[01/15/2007|12:03] C:\Program Files\<DIR> Intel
[11/17/2008|05:31] C:\Program Files\<DIR> Internet Explorer
[01/15/2007|11:52] C:\Program Files\<DIR> InterVideo
[10/04/2008|12:41] C:\Program Files\<DIR> iPod
[10/04/2008|12:42] C:\Program Files\<DIR> iTunes
[11/04/2005|07:21] C:\Program Files\<DIR> Java
[02/19/2007|02:05] C:\Program Files\<DIR> Learn2.com
[01/15/2007|03:36] C:\Program Files\<DIR> Lexmark 510 Series
[12/01/2005|08:20] C:\Program Files\<DIR> ltmoh
[11/17/2008|07:56] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[10/14/2008|12:01] C:\Program Files\<DIR> Messenger
[12/01/2005|08:33] C:\Program Files\<DIR> Microsoft ActiveSync
[11/04/2005|06:41] C:\Program Files\<DIR> microsoft frontpage
[12/01/2005|08:33] C:\Program Files\<DIR> Microsoft Office
[12/01/2005|08:32] C:\Program Files\<DIR> Microsoft Works
[11/08/2005|01:47] C:\Program Files\<DIR> Microsoft.NET
[10/14/2008|12:01] C:\Program Files\<DIR> Movie Maker
[10/13/2008|06:21] C:\Program Files\<DIR> Mozilla Firefox
[02/06/2007|07:31] C:\Program Files\<DIR> MSN
[11/04/2005|06:38] C:\Program Files\<DIR> MSN Gaming Zone
[10/14/2008|12:01] C:\Program Files\<DIR> NetMeeting
[11/04/2005|06:38] C:\Program Files\<DIR> Online Services
[10/14/2008|12:01] C:\Program Files\<DIR> Outlook Express
[06/25/2007|10:21] C:\Program Files\<DIR> Pure Networks
[01/15/2007|12:12] C:\Program Files\<DIR> Quicken
[11/17/2008|05:31] C:\Program Files\<DIR> QuickTime
[09/22/2008|01:29] C:\Program Files\<DIR> Real
[11/29/2005|04:13] C:\Program Files\<DIR> Realtek
[10/04/2008|12:33] C:\Program Files\<DIR> Safari
[01/15/2007|11:51] C:\Program Files\<DIR> Synaptics
[01/15/2007|12:27] C:\Program Files\<DIR> TOSHIBA
[11/04/2005|08:28] C:\Program Files\<DIR> Viewpoint
[09/22/2008|01:23] C:\Program Files\<DIR> W3i
[11/20/2008|03:25] C:\Program Files\<DIR> WeFi
[11/17/2008|05:31] C:\Program Files\<DIR> Windows Media Player
[10/14/2008|12:01] C:\Program Files\<DIR> Windows NT
[01/15/2007|12:18] C:\Program Files\<DIR> WinRAR
[11/04/2005|06:41] C:\Program Files\<DIR> xerox
[11/17/2008|05:49] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[01/15/2007|12:20] C:\Program Files\Common Files\<DIR> Ahead
[11/17/2008|05:31] C:\Program Files\Common Files\<DIR> AOL
[02/19/2007|02:05] C:\Program Files\Common Files\<DIR> aolback
[11/17/2008|05:31] C:\Program Files\Common Files\<DIR> aolshare
[09/22/2008|12:37] C:\Program Files\Common Files\<DIR> Apple
[12/01/2005|08:33] C:\Program Files\Common Files\<DIR> DESIGNER
[11/04/2005|07:31] C:\Program Files\Common Files\<DIR> InstallShield
[11/04/2005|07:20] C:\Program Files\Common Files\<DIR> Java
[12/01/2005|08:33] C:\Program Files\Common Files\<DIR> Microsoft Shared
[11/04/2005|06:39] C:\Program Files\Common Files\<DIR> MSSoap
[01/15/2007|12:22] C:\Program Files\Common Files\<DIR> Nero
[11/04/2005|08:28] C:\Program Files\Common Files\<DIR> Nullsoft
[11/04/2005|08:28] C:\Program Files\Common Files\<DIR> Real
[07/08/2007|11:29] C:\Program Files\Common Files\<DIR> Scanner
[11/04/2005|06:39] C:\Program Files\Common Files\<DIR> Services
[11/04/2005|10:34] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/14/2008|12:01] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 60 Processes )

iexplore.exe ~ [PID:1192]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Toshiba\LOCALS~1\Temp\nsa540.tmp
C:\DOCUME~1\Toshiba\Cookies\toshiba@adopt.euroclick[2].txt

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-20 15:32:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\HjjmlUvw.ini
C:\WINDOWS\system32\HjjmlUvw.ini2
C:\WINDOWS\system32\wvUlmjjH.dll
==> VUNDO <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Toshiba\Recent\SpyHunter Security Suite v3.4.9+Crack-HeartBug.lnk


[F:646][D:20]-> C:\DOCUME~1\Toshiba\LOCALS~1\Temp
[F:562][D:0]-> C:\DOCUME~1\Toshiba\Cookies
[F:3114][D:9]-> C:\DOCUME~1\Toshiba\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Thu 11/20/2008|15:35 - Option : [1]

--------------------\\ Scan completed at 15:35:12
Go to the top of the page
 
+Quote Post
Rorschach112
post Nov 20 2008, 05:55 PM
Post #4


GeekU Teacher
Group Icon
Posts: 21,845
From: Dublin
OS: XP
You got infected because you downloaded cracks

Please download the OTMoveIt3 by OldTimer or from here.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    CODE
    :Processes
    explorer.exe

    :Services

    :Reg

    :Files
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\nqrglyzs
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\pqhmzgvi
    C:\WINDOWS\system32\HjjmlUvw.ini
    C:\WINDOWS\system32\HjjmlUvw.ini2
    C:\WINDOWS\system32\wvUlmjjH.dll
    C:\DOCUME~1\Toshiba\Recent\SpyHunter Security Suite v3.4.9+Crack-HeartBug.lnk

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Go to the top of the page
 
+Quote Post
juschillin
post Nov 21 2008, 08:34 AM
Post #5


Member
**
Posts: 14
OS: XP
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\DOCUME~1\ALLUSE~1\APPLIC~1\nqrglyzs moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\pqhmzgvi moved successfully.
C:\WINDOWS\system32\HjjmlUvw.ini moved successfully.
C:\WINDOWS\system32\HjjmlUvw.ini2 moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\wvUlmjjH.dll
C:\WINDOWS\system32\wvUlmjjH.dll NOT unregistered.
C:\WINDOWS\system32\wvUlmjjH.dll moved successfully.
C:\DOCUME~1\Toshiba\Recent\SpyHunter Security Suite v3.4.9+Crack-HeartBug.lnk moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Toshiba\LOCALS~1\Temp\~DFCF4D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11212008_062241





Logfile of random's system information tool 1.04 (written by random/random)
Run by Toshiba at 2008-11-21 06:29:59
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 86 GB (76%) free of 114 GB
Total RAM: 1015 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:30:15 AM, on 11/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1183966120\ee\AOLSoftware.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\WeFi\WeFi.exe
C:\Program Files\W3i\VibeFire\VibeFire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL Companion\companion.exe
C:\WINDOWS\system32\RAMASST.exe
c:\program files\common files\aol\1183966120\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1183966120\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Toshiba\Desktop\RSIT.exe
C:\Documents and Settings\Toshiba\Desktop\Toshiba.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - {605B3D3F-4F33-41D0-BA27-98238E1E839F} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: {9ca09841-fcda-3369-a6c4-5b3f42d7e1d2} - {2d1e7d24-f3b5-4c6a-9633-adcf14890ac9} - C:\WINDOWS\system32\lxstue.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F0389911-FA14-40F3-B5C7-F706A55FFD33} - C:\WINDOWS\system32\wvUlmjjH.dll (file missing)
O2 - BHO: (no name) - {F1F1537F-671E-41C2-8B7E-C3042F59C7ED} - C:\WINDOWS\system32\yayaWOEX.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1183966120\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [C:\Program Files\WinDefender 2008\Uninstall.exe" --install] C:\Program Files\WinDefender 2008\Uninstall.exe" --install
O4 - HKLM\..\Run: [RelevantKnowledge] C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [C:\WINDOWS\system32\kdmzy.exe] C:\WINDOWS\system32\kdmzy.exe
O4 - HKLM\..\Run: [a8638298] rundll32.exe "C:\WINDOWS\system32\ubilmsjj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [wefi] C:\Program Files\WeFi\WeFi.exe
O4 - HKCU\..\Run: [VibeFireAlerts] C:\Program Files\W3i\VibeFire\VibeFire.exe
O4 - HKLM\..\Policies\Explorer\Run: [onkNr5vMFT] C:\Documents and Settings\All Users\Application Data\pqhmzgvi\zelsrmhm.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0c\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll (file missing)
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O20 - AppInit_DLLs: C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll
O20 - Winlogon Notify: yayaWOEX - C:\WINDOWS\SYSTEM32\yayaWOEX.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11200 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\rpc.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d1e7d24-f3b5-4c6a-9633-adcf14890ac9}]
C:\WINDOWS\system32\lxstue.dll [2008-11-08 113152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-09-10 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0389911-FA14-40F3-B5C7-F706A55FFD33}]
C:\WINDOWS\system32\wvUlmjjH.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1F1537F-671E-41C2-8B7E-C3042F59C7ED}]
C:\WINDOWS\system32\yayaWOEX.dll [2008-11-08 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-11-10 15473664]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2005-11-23 352256]
"NDSTray.exe"=NDSTray.exe []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-10-15 88203]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-08 94208]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-08 77824]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2005-06-08 114688]
"TFncKy"=TFncKy.exe []
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [2005-04-26 122880]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-15 761947]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-07-22 401408]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-07-22 385024]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AOLDialer"=C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [2004-04-07 496752]
"Pure Networks Port Magic"=C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe [2004-05-07 99480]
"HostManager"=C:\Program Files\Common Files\AOL\1183966120\ee\AOLSoftware.exe [2006-03-10 48280]
"C:\Program Files\WinDefender 2008\Uninstall.exe" --install"=C:\Program Files\WinDefender 2008\Uninstall.exe --install []
"RelevantKnowledge"=C:\Program Files\RelevantKnowledge\rlvknlg.exe -boot []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"C:\WINDOWS\system32\kdmzy.exe"=C:\WINDOWS\system32\kdmzy.exe []
"a8638298"=C:\WINDOWS\system32\ubilmsjj.dll [2008-11-19 75776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"onkNr5vMFT"=C:\Documents and Settings\All Users\Application Data\pqhmzgvi\zelsrmhm.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-09-10 171448]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1 []
"wefi"=C:\Program Files\WeFi\WeFi.exe [2008-08-19 412160]
"VibeFireAlerts"=C:\Program Files\W3i\VibeFire\VibeFire.exe [2008-10-08 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
America Online 9.0 Tray Icon.lnk - C:\Program Files\America Online 9.0c\aoltray.exe
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Toshiba\Start Menu\Programs\Startup
Adobe Media Player.lnk - C:\Program Files\Adobe Media Player\Adobe Media Player.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll,C:\Program,Files\RelevantKnowledge\rlai.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2005-07-22 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayaWOEX]
C:\WINDOWS\system32\yayaWOEX.dll [2008-11-08 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F1F1537F-671E-41C2-8B7E-C3042F59C7ED}"=C:\WINDOWS\system32\yayaWOEX.dll [2008-11-08 32256]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\wvUlmjjH
"notification packages"=:\WINDOW

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1131164868\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1131164868\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\Temp\~os30.tmp\ossproxy.exe"="C:\WINDOWS\Temp\~os30.tmp\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0c\waol.exe"="C:\Program Files\America Online 9.0c\waol.exe:*:Enabled:AOL"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35ea0710-b506-11dd-984b-00038a000015}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35ea0711-b506-11dd-984b-00038a000015}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
shell\Open\command - F:\resycled\boot.com f:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9dfc7d00-a4d2-11db-9703-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
shell\Open\command - resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d79fc390-ade6-11dd-9848-00038a000015}]
shell\AutoRun\command - WDSetup.exe


======List of files/folders created in the last 1 months======

2008-11-21 06:29:59 ----D---- C:\rsit
2008-11-21 06:22:41 ----D---- C:\_OTMoveIt
2008-11-20 15:28:56 ----A---- C:\lopR.txt
2008-11-20 15:28:21 ----D---- C:\Lop SD
2008-11-19 18:45:40 ----ASH---- C:\WINDOWS\system32\jjsmlibu.ini
2008-11-19 18:45:35 ----A---- C:\WINDOWS\system32\ubilmsjj.dll
2008-11-18 04:21:34 ----SHD---- C:\Config.Msi
2008-11-17 19:56:33 ----D---- C:\Documents and Settings\Toshiba\Application Data\Malwarebytes
2008-11-17 19:56:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-17 19:56:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-17 19:39:10 ----D---- C:\Program Files\Alwil Software
2008-11-17 16:57:18 ----D---- C:\Program Files\Enigma Software Group
2008-11-17 16:17:15 ----D---- C:\Documents and Settings\Toshiba\Application Data\U3
2008-11-08 14:18:27 ----A---- C:\WINDOWS\system32\lxstue.dll
2008-11-08 14:18:21 ----A---- C:\WINDOWS\system32\owdhdokv.dll
2008-11-08 14:17:32 ----A---- C:\WINDOWS\system32\a34046e6-.txt
2008-11-08 14:07:55 ----A---- C:\WINDOWS\system32\fccbYopm.dll
2008-11-08 14:07:54 ----A---- C:\WINDOWS\system32\yayaWOEX.dll
2008-10-30 14:21:23 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

======List of files/folders modified in the last 1 months======

2008-11-21 06:30:07 ----D---- C:\WINDOWS\Prefetch
2008-11-21 06:26:23 ----D---- C:\Program Files\WeFi
2008-11-21 06:26:08 ----D---- C:\WINDOWS\system32\Lang
2008-11-21 06:25:32 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-11-21 06:25:30 ----D---- C:\WINDOWS\Temp
2008-11-21 06:24:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-21 06:22:42 ----AD---- C:\WINDOWS\system32
2008-11-18 04:26:00 ----A---- C:\WINDOWS\NeroDigital.ini
2008-11-18 04:24:37 ----AD---- C:\WINDOWS\system32\drivers
2008-11-18 04:23:24 ----D---- C:\Program Files
2008-11-18 04:21:39 ----SHD---- C:\WINDOWS\Installer
2008-11-18 04:18:50 ----D---- C:\WINDOWS
2008-11-18 04:18:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-18 04:17:13 ----D---- C:\Program Files\Applications
2008-11-17 19:51:52 ----D---- C:\WINDOWS\system32\config
2008-11-17 18:14:41 ----D---- C:\Documents and Settings\Toshiba\Application Data\Apple Computer
2008-11-17 18:14:36 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-17 17:57:01 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2008-11-17 17:56:51 ----D---- C:\Program Files\Common Files
2008-11-17 17:50:30 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-17 17:49:45 ----D---- C:\Program Files\Yahoo!
2008-11-17 17:49:41 ----D---- C:\Documents and Settings\Toshiba\Application Data\Yahoo!
2008-11-17 17:48:18 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-17 17:40:15 ----SD---- C:\WINDOWS\Tasks
2008-11-17 17:31:26 ----D---- C:\Program Files\Windows Media Player
2008-11-17 17:31:12 ----D---- C:\Program Files\QuickTime
2008-11-17 17:31:06 ----D---- C:\Program Files\Internet Explorer
2008-11-17 17:31:04 ----D---- C:\Program Files\Common Files\aolshare
2008-11-17 17:31:04 ----D---- C:\Program Files\Common Files\AOL
2008-11-17 17:31:03 ----D---- C:\Program Files\America Online 9.0c
2008-11-17 17:31:03 ----D---- C:\Program Files\America Online 9.0b
2008-11-17 17:31:03 ----D---- C:\Program Files\America Online 9.0a
2008-11-17 17:31:03 ----D---- C:\Program Files\America Online 9.0
2008-11-17 17:31:02 ----D---- C:\Program Files\Ahead
2008-11-17 17:10:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-17 17:06:43 ----D---- C:\WINDOWS\Minidump
2008-11-08 14:44:30 ----HD---- C:\WINDOWS\inf
2008-11-08 14:16:56 ----D---- C:\ARCSOFT
2008-11-03 15:35:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-30 14:32:08 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-30 14:21:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-30 14:20:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-30 13:41:24 ----D---- C:\Documents and Settings\Toshiba\Application Data\SmartShopper
2008-10-30 13:36:04 ----A---- C:\WINDOWS\st_affiliate.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-01-15 17801]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-11-04 8552]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-07-22 11354]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-11-15 1122656]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-11-10 4064256]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-10 21060]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-15 191936]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-23 162176]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-03-02 4864]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-07-19 3289088]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]
S1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2005-08-01 64896]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-08-10 114464]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2005-07-11 3712]
S3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-06-20 44288]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-08-19 107904]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2005-08-25 36480]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2004-05-17 8573]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2005-08-23 62080]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2005-04-06 50048]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2005-08-19 36864]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-07-22 86016]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-11-05 307200]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-07-22 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-07-22 372809]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2005-08-10 35328]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINDOWS\wanmpsvc.exe [2003-01-10 65536]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gus