Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - nunya53

Pages: [1] 2 3
1
Tech Clinic / wife's laptop got bit
« on: October 12, 2008, 09:53:32 AM »
Thanks for all of you help, Guestolo.

To answer your question, yes, we set Avira up for auto updates and runs on all of our computers.

Things are working great and we appreciate your help.

Nunya

2
Tech Clinic / wife's laptop got bit
« on: September 29, 2008, 05:55:35 PM »
Thanks for all of your help Guestolo. The computer is definitely running better and the pop-ups are gone. I've done as you have requested. Here is the Combo Fix log....


ComboFix 08-09-28.03 - Faith Moran 2008-09-29 18:20:17.3 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1062 [GMT -5:00]
Running from: C:\Documents and Settings\Faith Moran\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Faith Moran\Desktop\CFScript.txt
 * Created a new restore point

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\DfPsttwa.ini
C:\WINDOWS\system32\DfPsttwa.ini2
.

(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-29  )))))))))))))))))))))))))))))))
.

2008-09-28 17:38 . 2008-09-28 17:40   <DIR>   d--------   C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 17:38 . 2008-09-28 17:38   <DIR>   d--------   C:\Documents and Settings\Faith Moran\Application Data\Malwarebytes
2008-09-28 17:38 . 2008-09-28 17:38   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 17:38 . 2008-09-10 00:04   38,528   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-28 17:38 . 2008-09-10 00:03   17,200   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-09-28 13:54 . 2008-09-28 13:55   <DIR>   d--------   C:\rsit
2008-09-28 12:53 . 2008-09-28 12:53   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-28 10:33 . 2008-09-28 10:33   9,662   --a------   C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-18 06:14 . 2008-09-18 06:14   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-09-18 06:14 . 2008-09-18 06:14   <DIR>   d--------   C:\WINDOWS\system32\en
2008-09-18 06:14 . 2008-09-18 06:14   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-09-18 06:14 . 2008-09-18 06:14   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-09-18 06:12 . 2008-09-18 06:15   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-09-16 05:48 . 2008-04-13 19:12   4,274,816   --a------   C:\WINDOWS\system32\nv4_disp.dll
2008-09-16 05:47 . 2008-04-13 19:11   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-29 00:01   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-28 19:44   ---------   d-----w   C:\Program Files\WildTangent
2008-09-28 19:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WildTangent
2008-09-28 19:37   ---------   d-----w   C:\Program Files\Java
2008-09-18 11:27   ---------   d-----w   C:\Program Files\MSN Messenger
2008-07-19 03:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-19 03:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2004-08-10 12:00   94,784   --sh--w   C:\WINDOWS\twain.dll
2008-04-14 00:12   50,688   --sh--w   C:\WINDOWS\twain_32.dll
2006-02-17 03:33   1,216   --sh--w   C:\WINDOWS\Twunk_16.dll
2006-02-17 03:33   1,216   --sh--w   C:\WINDOWS\Twunk_32.dll
2008-04-14 00:11   1,028,096   --sha-w   C:\WINDOWS\system32\mfc42.dll
2008-04-14 00:12   57,344   --sh--w   C:\WINDOWS\system32\msvcirt.dll
2008-04-14 00:12   413,696   --sha-w   C:\WINDOWS\system32\msvcp60.dll
2008-04-14 00:12   343,040   --sha-w   C:\WINDOWS\system32\msvcrt.dll
2008-04-14 00:12   551,936   --sh--w   C:\WINDOWS\system32\oleaut32.dll
2008-04-14 00:12   84,992   --sh--w   C:\WINDOWS\system32\olepro32.dll
2008-04-14 00:12   11,776   --sh--w   C:\WINDOWS\system32\regsvr32.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-25 299008]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-02 700416]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-19 98304]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-10-05 25214]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-07-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
S3 SVRPEDRV;SVRPEDRV;C:\SYSPREP\PEDrv.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 18:22:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-29 18:24:01
ComboFix-quarantined-files.txt  2008-09-29 23:23:50
ComboFix2.txt  2008-09-28 20:23:05
ComboFix3.txt  2008-09-28 20:18:11

Pre-Run: 63,917,842,432 bytes free
Post-Run: 63,928,008,704 bytes free

142   --- E O F ---   2008-09-20 03:18:07


...and here is the Hijack This log I ran after the combo fix was finished....



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:51 PM, on 9/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 9520 bytes

3
Tech Clinic / wife's laptop got bit
« on: September 28, 2008, 06:19:38 PM »
Alright, Guestolo...I appreciate your help with this.

Here is the mbam log....
Malwarebytes' Anti-Malware 1.28
Database version: 1221
Windows 5.1.2600 Service Pack 3

9/28/2008 6:39:43 PM
mbam-log-2008-09-28 (18-39-43).txt

Scan type: Full Scan (C:\|)
Objects scanned: 113861
Time elapsed: 24 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\kiwzma.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1438a7dd-9ac0-45c2-883b-48aed0e19c50} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1438a7dd-9ac0-45c2-883b-48aed0e19c50} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e780f0b-bcd6-40cb-b2db-7af47ab4d4a4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a138be8b-f051-4802-9a3f-a750a6d862d4} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c4ac0cde (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmc79f3f42 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kiwzma.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\hkgasden.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nedsagkh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\CouponPrinter.ocx (Adware.Coupons) -> Quarantined and deleted successfully.
C:\Documents and Settings\Faith Moran\~.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\GetModule\GetModule23.exe.vir (Adware.ISM) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awttsPfD.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcdApPg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\qoMExXOG.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP651\A0037645.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP651\A0037647.exe (Adware.SpeedMonitor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP651\A0037648.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP651\A0037776.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP651\A0037777.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP652\A0037789.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP652\A0037792.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP652\A0037793.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP652\A0037795.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP652\A0037810.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CD0BACDB-7BB8-4982-9127-7CA9CF228C78}\RP652\A0037811.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kscyuauq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kpuhbxfr.dll (Trojan.Agent) -> Quarantined and deleted successfully.


...and here is the rsit log I ran after I ran Malwarebyte...



Logfile of random's system information tool 1.02 (written by random/random)
Run by Faith Moran at 2008-09-28 18:46:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 61 GB (80%) free of 76 GB
Total RAM: 1526 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:46:22 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Faith Moran\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Faith Moran.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: kiwzma.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 9756 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-08-02 364544]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NDSTray.exe"=NDSTray.exe []
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-23 16050688]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-22 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-22 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-22 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-02 761948]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-03-18 89541]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]
"TFncKy"=TFncKy.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-07-03 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-07-02 700416]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-07-19 98304]
"CXMon"=C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2001-08-27 45056]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kiwzma.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-22 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-09-28 17:38:51 ----D---- C:\Documents and Settings\Faith Moran\Application Data\Malwarebytes
2008-09-28 17:38:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-28 17:38:47 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-28 15:23:06 ----D---- C:\WINDOWS\temp
2008-09-28 15:23:05 ----A---- C:\ComboFix.txt
2008-09-28 15:20:34 ----D---- C:\ComboFix
2008-09-28 15:02:14 ----D---- C:\WINDOWS\erdnt
2008-09-28 15:01:46 ----D---- C:\QooBox
2008-09-28 15:01:39 ----A---- C:\WINDOWS\zip.exe
2008-09-28 15:01:39 ----A---- C:\WINDOWS\VFind.exe
2008-09-28 15:01:39 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-28 15:01:39 ----A---- C:\WINDOWS\SWSC.exe
2008-09-28 15:01:39 ----A---- C:\WINDOWS\swreg.exe
2008-09-28 15:01:39 ----A---- C:\WINDOWS\sed.exe
2008-09-28 15:01:39 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-28 15:01:39 ----A---- C:\WINDOWS\grep.exe
2008-09-28 15:01:39 ----A---- C:\WINDOWS\fdsv.exe
2008-09-28 13:54:56 ----D---- C:\rsit
2008-09-28 12:53:22 ----D---- C:\Program Files\Trend Micro
2008-09-28 10:37:01 ----D---- C:\WINDOWS\pss
2008-09-28 10:29:14 ----A---- C:\WINDOWS\system32\cf8fc8a0-.txt
2008-09-19 22:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-18 06:23:56 ----D---- C:\WINDOWS\Prefetch
2008-09-18 06:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-18 06:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-18 06:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-18 06:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-18 06:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-18 06:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-18 06:20:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-18 06:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-18 06:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-18 06:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-18 06:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-18 06:14:57 ----D---- C:\WINDOWS\system32\scripting
2008-09-18 06:14:57 ----D---- C:\WINDOWS\l2schemas
2008-09-18 06:14:56 ----D---- C:\WINDOWS\system32\en
2008-09-18 06:14:56 ----D---- C:\WINDOWS\system32\bits
2008-09-18 06:12:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-18 06:03:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-16 05:49:33 ----A---- C:\WINDOWS\system32\wlanapi.dll
2008-09-16 05:49:14 ----A---- C:\WINDOWS\system32\tspkg.dll
2008-09-16 05:48:55 ----A---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-16 05:48:52 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-16 05:48:50 ----N---- C:\WINDOWS\slrundll.exe
2008-09-16 05:48:50 ----A---- C:\WINDOWS\system32\slserv.exe
2008-09-16 05:48:50 ----A---- C:\WINDOWS\system32\slrundll.exe
2008-09-16 05:48:49 ----A---- C:\WINDOWS\system32\slgen.dll
2008-09-16 05:48:49 ----A---- C:\WINDOWS\system32\slextspk.dll
2008-09-16 05:48:49 ----A---- C:\WINDOWS\system32\slcoinst.dll
2008-09-16 05:48:46 ----A---- C:\WINDOWS\system32\setupn.exe
2008-09-16 05:48:44 ----A---- C:\WINDOWS\system32\s3gnb.dll
2008-09-16 05:48:40 ----A---- C:\WINDOWS\system32\rasqec.dll
2008-09-16 05:48:39 ----A---- C:\WINDOWS\system32\qutil.dll
2008-09-16 05:48:37 ----A---- C:\WINDOWS\system32\qcliprov.dll
2008-09-16 05:48:37 ----A---- C:\WINDOWS\system32\qagentrt.dll
2008-09-16 05:48:37 ----A---- C:\WINDOWS\system32\qagent.dll
2008-09-16 05:48:32 ----A---- C:\WINDOWS\system32\onex.dll
2008-09-16 05:48:29 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-16 05:48:25 ----A---- C:\WINDOWS\system32\napstat.exe
2008-09-16 05:48:25 ----A---- C:\WINDOWS\system32\napmontr.dll
2008-09-16 05:48:25 ----A---- C:\WINDOWS\system32\napipsec.dll
2008-09-16 05:48:24 ----A---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-16 05:48:23 ----A---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-16 05:48:23 ----A---- C:\WINDOWS\system32\mssha.dll
2008-09-16 05:48:10 ----A---- C:\WINDOWS\system32\mmcperf.exe
2008-09-16 05:48:10 ----A---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-16 05:48:10 ----A---- C:\WINDOWS\system32\mmcex.dll
2008-09-16 05:48:10 ----A---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-16 05:48:09 ----A---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-16 05:48:02 ----A---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-16 05:48:02 ----A---- C:\WINDOWS\system32\kmsvc.dll
2008-09-16 05:48:01 ----A---- C:\WINDOWS\system32\kbdpash.dll
2008-09-16 05:48:01 ----A---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-16 05:48:01 ----A---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-16 05:48:01 ----A---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-16 05:47:57 ----A---- C:\WINDOWS\system32\smtpapi.dll
2008-09-16 05:47:56 ----A---- C:\WINDOWS\system32\rwnh.dll
2008-09-16 05:47:54 ----A---- C:\WINDOWS\system32\comsdupd.exe
2008-09-16 05:47:53 ----A---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-16 05:47:50 ----A---- C:\WINDOWS\003373_.tmp
2008-09-16 05:47:49 ----A---- C:\WINDOWS\system32\faxpatch.exe
2008-09-16 05:47:49 ----A---- C:\WINDOWS\system32\eapsvc.dll
2008-09-16 05:47:49 ----A---- C:\WINDOWS\system32\eapqec.dll
2008-09-16 05:47:48 ----A---- C:\WINDOWS\system32\eappprxy.dll
2008-09-16 05:47:48 ----A---- C:\WINDOWS\system32\eapphost.dll
2008-09-16 05:47:48 ----A---- C:\WINDOWS\system32\eappgnui.dll
2008-09-16 05:47:48 ----A---- C:\WINDOWS\system32\eappcfg.dll
2008-09-16 05:47:48 ----A---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-16 05:47:48 ----A---- C:\WINDOWS\system32\eapolqec.dll
2008-09-16 05:47:47 ----A---- C:\WINDOWS\system32\dot3ui.dll
2008-09-16 05:47:47 ----A---- C:\WINDOWS\system32\dot3svc.dll
2008-09-16 05:47:47 ----A---- C:\WINDOWS\system32\dot3msm.dll
2008-09-16 05:47:47 ----A---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-16 05:47:47 ----A---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-16 05:47:47 ----A---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-16 05:47:47 ----A---- C:\WINDOWS\system32\dot3api.dll
2008-09-16 05:47:46 ----A---- C:\WINDOWS\system32\dimsroam.dll
2008-09-16 05:47:46 ----A---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-16 05:47:45 ----A---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-16 05:47:44 ----A---- C:\WINDOWS\system32\credssp.dll
2008-09-16 05:47:41 ----A---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-16 05:47:40 ----A---- C:\WINDOWS\system32\azroles.dll
2008-09-16 05:47:40 ----A---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-16 05:47:40 ----A---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-16 05:47:39 ----A---- C:\WINDOWS\system32\ati3duag.dll
2008-09-16 05:47:39 ----A---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-16 05:47:39 ----A---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-16 05:47:39 ----A---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-16 05:47:39 ----A---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-09 21:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-09 21:56:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 1 months======

2008-09-28 18:42:06 ----D---- C:\WINDOWS\Registration
2008-09-28 18:41:59 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-09-28 18:41:55 ----D---- C:\WINDOWS
2008-09-28 18:41:26 ----D---- C:\Program Files
2008-09-28 18:41:26 ----AD---- C:\WINDOWS\system32\drivers
2008-09-28 18:41:26 ----AD---- C:\WINDOWS\system32
2008-09-28 18:40:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-28 15:22:07 ----A---- C:\WINDOWS\system.ini
2008-09-28 15:21:30 ----D---- C:\WINDOWS\AppPatch
2008-09-28 15:21:30 ----D---- C:\Program Files\Common Files
2008-09-28 15:17:36 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-28 15:12:05 ----D---- C:\WINDOWS\system32\config
2008-09-28 14:44:59 ----D---- C:\Program Files\WildTangent
2008-09-28 14:44:56 ----D---- C:\Documents and Settings\All Users\Application Data\WildTangent
2008-09-28 14:37:40 ----D---- C:\Program Files\Java
2008-09-27 19:01:36 ----D---- C:\Program Files\AntiVir PersonalEdition Classic
2008-09-27 19:01:33 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-19 22:18:06 ----HD---- C:\WINDOWS\inf
2008-09-19 22:17:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-19 04:45:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-18 06:28:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-18 06:27:54 ----SHD---- C:\WINDOWS\Installer
2008-09-18 06:27:54 ----HD---- C:\Config.Msi
2008-09-18 06:27:47 ----D---- C:\Program Files\MSN Messenger
2008-09-18 06:25:22 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-18 06:24:07 ----A---- C:\WINDOWS\setuplog.txt
2008-09-18 06:23:22 ----D---- C:\WINDOWS\system32\Setup
2008-09-18 06:23:20 ----D---- C:\WINDOWS\system32\wbem
2008-09-18 06:23:19 ----RSD---- C:\WINDOWS\Fonts
2008-09-18 06:22:36 ----D---- C:\WINDOWS\security
2008-09-18 06:22:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-18 06:21:41 ----A---- C:\WINDOWS\imsins.BAK
2008-09-18 06:20:20 ----D---- C:\Program Files\Messenger
2008-09-18 06:18:13 ----RSD---- C:\WINDOWS\assembly
2008-09-18 06:15:31 ----D---- C:\WINDOWS\WinSxS
2008-09-18 06:15:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-18 06:15:11 ----D---- C:\WINDOWS\network diagnostic
2008-09-18 06:15:11 ----D---- C:\WINDOWS\ime
2008-09-18 06:15:11 ----D---- C:\WINDOWS\Help
2008-09-18 06:14:58 ----D---- C:\WINDOWS\system32\usmt
2008-09-18 06:14:58 ----D---- C:\WINDOWS\system32\en-us
2008-09-18 06:14:56 ----D---- C:\WINDOWS\PeerNet
2008-09-18 06:14:56 ----D---- C:\Program Files\Movie Maker
2008-09-18 06:11:44 ----D---- C:\WINDOWS\system32\Restore
2008-09-18 06:11:44 ----D---- C:\WINDOWS\system32\npp
2008-09-18 06:11:44 ----D---- C:\WINDOWS\mui
2008-09-18 06:11:42 ----D---- C:\WINDOWS\msagent
2008-09-18 06:11:40 ----D---- C:\WINDOWS\srchasst
2008-09-18 06:11:36 ----D---- C:\Program Files\NetMeeting
2008-09-18 06:11:29 ----D---- C:\WINDOWS\system32\Com
2008-09-18 06:11:23 ----D---- C:\Program Files\Windows NT
2008-09-18 06:11:22 ----D---- C:\Program Files\Outlook Express
2008-09-18 06:11:10 ----D---- C:\Program Files\Common Files\System
2008-09-18 06:10:45 ----AD---- C:\WINDOWS\system32\oobe
2008-09-18 06:10:43 ----D---- C:\WINDOWS\system
2008-09-18 06:07:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-18 06:03:48 ----D---- C:\WINDOWS\ehome
2008-09-16 05:23:54 ----D---- C:\WINDOWS\Debug
2008-09-12 09:37:59 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-04 21419]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-19 8552]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-07-03 12544]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-18 1155584]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-08-25 61824]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-08-22 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-07-13 74752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-22 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-23 4374016]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-02 1706752]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-28 81920]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-02 191968]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 SVRPEDRV;SVRPEDRV; \??\C:\SYSPREP\PEDrv.sys []
S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-08-14 149761]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-07-02 434176]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-07-02 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-07-02 937984]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2006-02-07 35840]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-10-05 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

4
Tech Clinic / wife's laptop got bit
« on: September 28, 2008, 04:15:02 PM »
Combofix.log

ComboFix 08-09-27.05 - Faith Moran 2008-09-28 15:20:49.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1034 [GMT -5:00]
Running from: C:\Documents and Settings\Faith Moran\Desktop\ComboFix.exe

[color=\"red\"]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMc79f3f42.txt
C:\WINDOWS\BMc79f3f42.xml
C:\WINDOWS\pskt.ini

.
(((((((((((((((((((((((((   Files Created from 2008-08-28 to 2008-09-28  )))))))))))))))))))))))))))))))
.

2008-09-28 15:18 . 2008-09-28 15:18   121   ---hs----   C:\WINDOWS\system32\nedsagkh.ini
2008-09-28 13:54 . 2008-09-28 13:55   <DIR>   d--------   C:\rsit
2008-09-28 12:53 . 2008-09-28 12:53   <DIR>   d--------   C:\Program Files\Trend Micro
2008-09-28 10:34 . 2008-09-28 10:34   71,168   --a------   C:\WINDOWS\system32\hkgasden.dll
2008-09-28 10:33 . 2008-09-28 10:33   9,662   --a------   C:\WINDOWS\system32\ZoneAlarmIconUS.ico
2008-09-28 10:31 . 2008-09-28 10:31   128,000   --a------   C:\WINDOWS\system32\kscyuauq.dll
2008-09-28 10:31 . 2008-09-28 10:31   128,000   --a------   C:\WINDOWS\system32\kiwzma.dll
2008-09-28 10:29 . 2008-09-28 10:29   105,984   --a------   C:\WINDOWS\system32\kpuhbxfr.dll
2008-09-28 10:22 . 2008-09-28 10:22   3,072   --a------   C:\Documents and Settings\Faith Moran\~.exe
2008-09-18 06:14 . 2008-09-18 06:14   <DIR>   d--------   C:\WINDOWS\system32\scripting
2008-09-18 06:14 . 2008-09-18 06:14   <DIR>   d--------   C:\WINDOWS\system32\en
2008-09-18 06:14 . 2008-09-18 06:14   <DIR>   d--------   C:\WINDOWS\system32\bits
2008-09-18 06:14 . 2008-09-18 06:14   <DIR>   d--------   C:\WINDOWS\l2schemas
2008-09-18 06:12 . 2008-09-18 06:15   <DIR>   d--------   C:\WINDOWS\ServicePackFiles
2008-09-16 05:48 . 2008-04-13 19:12   4,274,816   --a------   C:\WINDOWS\system32\nv4_disp.dll
2008-09-16 05:47 . 2008-04-13 19:11   1,888,992   --a------   C:\WINDOWS\system32\ati3duag.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 19:44   ---------   d-----w   C:\Program Files\WildTangent
2008-09-28 19:44   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\WildTangent
2008-09-28 19:37   ---------   d-----w   C:\Program Files\Java
2008-09-28 00:01   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-18 11:27   ---------   d-----w   C:\Program Files\MSN Messenger
2008-07-19 03:10   94,920   ----a-w   C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10   53,448   ----a-w   C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10   45,768   ----a-w   C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10   36,552   ----a-w   C:\WINDOWS\system32\wups.dll
2008-07-19 03:09   563,912   ----a-w   C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09   325,832   ----a-w   C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09   205,000   ----a-w   C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09   1,811,656   ----a-w   C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:26   253,952   ----a-w   C:\WINDOWS\system32\es.dll
2004-08-10 12:00   94,784   --sh--w   C:\WINDOWS\twain.dll
2008-04-14 00:12   50,688   --sh--w   C:\WINDOWS\twain_32.dll
2006-02-17 03:33   1,216   --sh--w   C:\WINDOWS\Twunk_16.dll
2006-02-17 03:33   1,216   --sh--w   C:\WINDOWS\Twunk_32.dll
2008-04-14 00:11   1,028,096   --sha-w   C:\WINDOWS\system32\mfc42.dll
2008-04-14 00:12   57,344   --sh--w   C:\WINDOWS\system32\msvcirt.dll
2008-04-14 00:12   413,696   --sha-w   C:\WINDOWS\system32\msvcp60.dll
2008-04-14 00:12   343,040   --sha-w   C:\WINDOWS\system32\msvcrt.dll
2008-04-14 00:12   551,936   --sh--w   C:\WINDOWS\system32\oleaut32.dll
2008-04-14 00:12   84,992   --sh--w   C:\WINDOWS\system32\olepro32.dll
2008-04-14 00:12   11,776   --sh--w   C:\WINDOWS\system32\regsvr32.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1438a7dd-9ac0-45c2-883b-48aed0e19c50}]
2008-09-28 10:31   128000   --a------   C:\WINDOWS\system32\kiwzma.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-02 364544]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-25 299008]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-22 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-22 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-02 700416]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-19 98304]
"CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"c4ac0cde"="C:\WINDOWS\system32\hkgasden.dll" [2008-09-28 71168]
"BMc79f3f42"="C:\WINDOWS\system32\kpuhbxfr.dll" [2008-09-28 105984]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-23 C:\WINDOWS\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 C:\WINDOWS\agrsmmsg.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" [BU]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-10-05 25214]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-07-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kiwzma.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= C:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 tdudf;TOSHIBA UDF File System Driver;C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
S3 SVRPEDRV;SVRPEDRV;C:\SYSPREP\PEDrv.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-28 15:22:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-28 15:23:04
ComboFix-quarantined-files.txt  2008-09-28 20:22:53
ComboFix2.txt  2008-09-28 20:18:11

Pre-Run: 63,957,921,792 bytes free
Post-Run: 63,942,971,392 bytes free

165   --- E O F ---   2008-09-20 03:18:07






javara.log





JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Sep 28 14:36:52 2008

Found and removed: C:\Program Files\Java\jre1.5.0_06

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: C:\Program Files\Java\jre1.5.0_11

Found and removed: C:\Program Files\Java\jre1.6.0_01

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64

Found and removed: Software\JavaSoft\Java2D\1.5.0_06

Found and removed: Software\JavaSoft\Java2D\1.5.0_10

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

Found and removed: Software\Classes\JavaPlugin.160_01

Found and removed: Software\Classes\JavaPlugin.160_02

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_01.b06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_01

Found and removed: Software\JavaSoft\Java2D\1.6.0_02

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_01

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_02

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Sun Sep 28 14:38:46 2008

------------------------------------

Finished reporting.


I have removed the four requested items from control panel...however, it seems the internet speed thing is still active.

5
Tech Clinic / wife's laptop got bit
« on: September 28, 2008, 01:27:49 PM »
here is the info.txt

info.txt logfile of random's system information tool 1.02 2008-09-28 13:55:02

======Uninstall list======

-->C:\WINDOWS\system32\RunDll32.Exe C:\WINDOWS\system32\SetupAPI.Dll,InstallHinfSection DefaultUninstall.NTx86 4 C:\WINDOWS\INF\tdudf.Inf
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee-->C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CD/DVD Drive Acoustic Silencer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0x9
Chuzzle Deluxe-->"C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DVD-RAM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
FATE-->"C:\Program Files\Toshiba Games\FATE\Uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photo Imaging Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\hpiunCX.dll
HP Photo Printing Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\Uninstall.isu" -c"C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Printing\hpiunPC.dll
HP Photosmart and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{A9F5421F-DA70-4C77-BB97-8D77EC33ED5E}\setup\hpzscr01.exe -datfile hposcr09.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internet Speed Monitor-->C:\Program Files\iCheck\Uninstall.exe
InterVideo WinDVD Creator 2-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD for TOSHIBA-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(tm) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(tm) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(tm) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(tm) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Mah Jong Quest-->"C:\Program Files\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motorola Driver Installation-->MsiExec.exe /I{8F4507EF-C5F3-46CE-9718-9D3698821333}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Outerinfo-->"C:\Program Files\Common Files\Yazzle1554OinUninstaller.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe" -l0x9  -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly
Samsung ML-1710 Series-->C:\WINDOWS\Samsung\ML1710\Setup.exe /l9
SD Secure Module-->MsiExec.exe /X{C45F4811-31D5-4786-801D-F79CD06EDD85}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TOSHIBA ConfigFree-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0x9 UNINSTALL
TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Direct Disc Writer-->MsiExec.exe /X{400830CA-F056-4BBE-80A3-9DF9CA4FB889}
TOSHIBA Disc Creator-->MsiExec.exe /X{529DDE6B-4F31-438B-B218-F36266ABD8C0}
TOSHIBA Hotkey Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{64DD71BC-3109-4C88-9AD3-D5422644B722}\setup.exe" -l0x9
Toshiba Media Center Game Console-->MsiExec.exe /I{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA}
TOSHIBA PC Diagnostic Tool-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2C38F661-26B7-445D-B87D-B53FE2D3BD42} /l1033
TOSHIBA Power Saver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\system32\TPSDel.dll"
TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
Toshiba Registration-->MsiExec.exe /X{F6C405D2-C50D-4D10-B89E-73A233A14D74}
TOSHIBA SD Memory Card Format-->MsiExec.exe /X{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}
TOSHIBA Software Modem-->Tosmreg -U
TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe"
TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA TouchPad ON/Off Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69BE47C2-36FE-4397-8199-85D8EAE69982}\setup.exe" -l0x9
TOSHIBA Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}\setup.exe" -l0x9
TOSHIBA Virtual Sound-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B12BA86-ADAC-4BA6-B441-FFC591087252}\setup.exe" -l0x9  -removeonly
Touch and Launch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D96E2B1-D9AC-46E0-9073-425C5F63E338}\Setup.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB894553-->C:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic (outdated)
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic
AV: Avira AntiVir PersonalEdition Classic

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

6
Tech Clinic / wife's laptop got bit
« on: September 28, 2008, 01:26:23 PM »
here is the log.txt

Logfile of random's system information tool 1.02 (written by random/random)
Run by Faith Moran at 2008-09-28 13:54:56
Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (78%) free of 76 GB
Total RAM: 1526 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:57 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\s?stem\n?pdb.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\msiexec.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\VnrBlock\VnrBlock21.exe
C:\Program Files\GetPack\GetPack21.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Faith Moran\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Faith Moran.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: {05c91e0d-ea84-b388-2c54-0ca9dd7a8341} - {1438a7dd-9ac0-45c2-883b-48aed0e19c50} - C:\WINDOWS\system32\kiwzma.dll
O2 - BHO: (no name) - {453F51E8-FEF5-4C54-B136-944BF434360C} - C:\WINDOWS\system32\ddcdApPg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {83F106A9-7221-454C-AE71-C89637150151} - C:\WINDOWS\system32\awttsPfD.dll
O2 - BHO: (no name) - {B4409BA2-2933-2A94-1872-2F10E97B27C7} - C:\WINDOWS\system32\pzcbjjup.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [c4ac0cde] rundll32.exe "C:\WINDOWS\system32\hkgasden.dll",b
O4 - HKLM\..\Run: [BMc79f3f42] Rundll32.exe "C:\WINDOWS\system32\kpuhbxfr.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pqksvydj] C:\WINDOWS\system32\s?stem\n?pdb.exe
O4 - HKCU\..\Run: [Dmos] "C:\PROGRA~1\COMMON~1\SMANTE~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: kiwzma.dll
O20 - Winlogon Notify: ddcdApPg - C:\WINDOWS\SYSTEM32\ddcdApPg.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 11331 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1438a7dd-9ac0-45c2-883b-48aed0e19c50}]
C:\WINDOWS\system32\kiwzma.dll [2008-09-28 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{453F51E8-FEF5-4C54-B136-944BF434360C}]
C:\WINDOWS\system32\ddcdApPg.dll [2008-09-28 29184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F106A9-7221-454C-AE71-C89637150151}]
C:\WINDOWS\system32\awttsPfD.dll [2008-09-28 317440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4409BA2-2933-2A94-1872-2F10E97B27C7}]
C:\WINDOWS\system32\pzcbjjup.dll [2008-09-26 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [2006-08-02 364544]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NDSTray.exe"=NDSTray.exe []
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [2006-04-25 299008]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-08-23 16050688]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-22 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-22 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-22 118784]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-02 761948]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-03-18 89541]
"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2005-05-31 282624]
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe [2005-12-06 1077322]
"TFncKy"=TFncKy.exe []
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe [2006-02-02 73728]
"Pinger"=c:\toshiba\ivp\ism\pinger.exe [2005-03-17 151552]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-07-03 802816]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-07-02 700416]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""=C:\WINDOWS\system32\
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-07-19 98304]
"CXMon"=C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe [2001-08-27 45056]
"c4ac0cde"=C:\WINDOWS\system32\hkgasden.dll [2008-09-28 71168]
"BMc79f3f42"=C:\WINDOWS\system32\kpuhbxfr.dll [2008-09-28 105984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe [2004-12-30 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"Pqksvydj"=C:\WINDOWS\system32\s?stem\n?pdb.exe [2008-09-26 618496]
"Dmos"=C:\PROGRA~1\COMMON~1\SMANTE~1\msiexec.exe [2008-09-28 184320]
"GetModule23"=C:\Program Files\GetModule\GetModule23.exe [2008-09-09 364032]
"VnrBlock21"=C:\Program Files\VnrBlock\VnrBlock21.exe [2008-09-18 364032]
"GetPack21"=C:\Program Files\GetPack\GetPack21.exe [2008-09-12 350208]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="kiwzma.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ddcdApPg]
C:\WINDOWS\system32\ddcdApPg.dll [2008-09-28 29184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-22 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{453F51E8-FEF5-4C54-B136-944BF434360C}"=C:\WINDOWS\system32\ddcdApPg.dll [2008-09-28 29184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\awttsPfD

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\TOSHIBA\ivp\NetInt\Netint.exe"="C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine"
"C:\TOSHIBA\Ivp\ISM\pinger.exe"="C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\wEmail Removedexe"="C:\Program Files\America Online 9.0\wEmail Removedexe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-09-28 13:54:56 ----D---- C:\rsit
2008-09-28 12:53:22 ----D---- C:\Program Files\Trend Micro
2008-09-28 10:37:01 ----D---- C:\WINDOWS\pss
2008-09-28 10:34:32 ----SH---- C:\WINDOWS\system32\nedsagkh.ini
2008-09-28 10:34:27 ----A---- C:\WINDOWS\system32\hkgasden.dll
2008-09-28 10:31:13 ----A---- C:\WINDOWS\system32\kiwzma.dll
2008-09-28 10:31:10 ----A---- C:\WINDOWS\system32\kscyuauq.dll
2008-09-28 10:29:45 ----A---- C:\WINDOWS\pskt.ini
2008-09-28 10:29:45 ----A---- C:\WINDOWS\BMc79f3f42.txt
2008-09-28 10:29:43 ----A---- C:\WINDOWS\system32\kpuhbxfr.dll
2008-09-28 10:29:14 ----A---- C:\WINDOWS\system32\cf8fc8a0-.txt
2008-09-28 10:28:10 ----ASH---- C:\WINDOWS\system32\DfPsttwa.ini2
2008-09-28 10:28:09 ----ASH---- C:\WINDOWS\system32\DfPsttwa.ini
2008-09-28 10:28:00 ----A---- C:\WINDOWS\system32\awttsPfD.dll
2008-09-28 10:23:48 ----D---- C:\Program Files\GetPack
2008-09-28 10:23:45 ----D---- C:\Program Files\VnrBlock
2008-09-28 10:23:32 ----D---- C:\Program Files\iCheck
2008-09-28 10:23:32 ----D---- C:\Program Files\GetModule
2008-09-28 10:23:30 ----D---- C:\Program Files\Common Files\S?mantec
2008-09-28 10:23:30 ----A---- C:\Program Files\Common Files\Yazzle1554OinUninstaller.exe
2008-09-28 10:23:29 ----D---- C:\WINDOWS\system32\s?stem
2008-09-28 10:23:29 ----D---- C:\Program Files\Outerinfo
2008-09-28 10:23:27 ----A---- C:\WINDOWS\system32\pzcbjjup.dll
2008-09-28 10:22:57 ----A---- C:\WINDOWS\system32\qoMExXOG.dll
2008-09-28 10:22:56 ----A---- C:\WINDOWS\system32\ddcdApPg.dll
2008-09-19 22:17:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-18 06:23:56 ----D---- C:\WINDOWS\Prefetch
2008-09-18 06:21:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-18 06:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-18 06:21:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-18 06:21:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-18 06:21:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-18 06:20:52 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-18 06:20:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-18 06:20:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-18 06:20:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-18 06:20:17 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-18 06:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-18 06:14:57 ----D---- C:\WINDOWS\system32\scripting
2008-09-18 06:14:57 ----D---- C:\WINDOWS\l2schemas
2008-09-18 06:14:56 ----D---- C:\WINDOWS\system32\en
2008-09-18 06:14:56 ----D---- C:\WINDOWS\system32\bits
2008-09-18 06:12:01 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-18 06:03:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-16 05:49:33 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-16 05:49:14 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-16 05:48:55 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-09-16 05:48:52 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-09-16 05:48:50 ----N---- C:\WINDOWS\system32\slserv.exe
2008-09-16 05:48:50 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-09-16 05:48:50 ----N---- C:\WINDOWS\slrundll.exe
2008-09-16 05:48:49 ----N---- C:\WINDOWS\system32\slgen.dll
2008-09-16 05:48:49 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-09-16 05:48:49 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-09-16 05:48:46 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-16 05:48:44 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-09-16 05:48:40 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-16 05:48:39 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-16 05:48:37 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-16 05:48:37 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-16 05:48:37 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-16 05:48:32 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-16 05:48:29 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-09-16 05:48:25 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-16 05:48:25 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-16 05:48:25 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-16 05:48:24 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-09-16 05:48:23 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-16 05:48:23 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-16 05:48:10 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-16 05:48:10 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-16 05:48:10 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-16 05:48:10 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-16 05:48:09 ----N---- C:\WINDOWS\system32\mdmxsdk.dll
2008-09-16 05:48:02 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-16 05:48:02 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-16 05:48:01 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-16 05:48:01 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-16 05:48:01 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-16 05:48:01 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-16 05:47:57 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-09-16 05:47:56 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-09-16 05:47:54 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-09-16 05:47:53 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-09-16 05:47:50 ----A---- C:\WINDOWS\003373_.tmp
2008-09-16 05:47:49 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-09-16 05:47:49 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-16 05:47:49 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-16 05:47:48 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-16 05:47:48 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-16 05:47:48 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-16 05:47:48 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-16 05:47:48 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-16 05:47:48 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-16 05:47:47 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-16 05:47:47 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-16 05:47:47 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-16 05:47:47 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-16 05:47:47 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-16 05:47:47 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-16 05:47:47 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-16 05:47:46 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-16 05:47:46 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-16 05:47:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-16 05:47:44 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-16 05:47:41 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-16 05:47:40 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-16 05:47:40 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-09-16 05:47:40 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-09-16 05:47:39 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-09-16 05:47:39 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-09-16 05:47:39 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-09-16 05:47:39 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-09-16 05:47:39 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-09-09 21:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-09 21:56:37 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

======List of files/folders modified in the last 1 months======

2008-09-28 12:53:22 ----D---- C:\Program Files
2008-09-28 12:48:12 ----AD---- C:\WINDOWS\system32
2008-09-28 12:42:27 ----D---- C:\WINDOWS\Registration
2008-09-28 12:42:20 ----A---- C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
2008-09-28 12:41:41 ----D---- C:\WINDOWS\Temp
2008-09-28 12:41:37 ----D---- C:\WINDOWS
2008-09-28 10:23:30 ----D---- C:\Program Files\Common Files
2008-09-27 22:08:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-27 19:01:36 ----D---- C:\Program Files\AntiVir PersonalEdition Classic
2008-09-27 19:01:33 ----D---- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-09-26 20:44:56 ----D---- C:\WINDOWS\system32\CatRoot2
2008-09-19 22:18:06 ----HD---- C:\WINDOWS\inf
2008-09-19 22:17:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-09-19 04:45:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-18 06:28:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-18 06:27:54 ----SHD---- C:\WINDOWS\Installer
2008-09-18 06:27:54 ----HD---- C:\Config.Msi
2008-09-18 06:27:47 ----D---- C:\Program Files\MSN Messenger
2008-09-18 06:25:22 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-18 06:24:07 ----A---- C:\WINDOWS\setuplog.txt
2008-09-18 06:23:22 ----D---- C:\WINDOWS\system32\Setup
2008-09-18 06:23:22 ----D---- C:\WINDOWS\AppPatch
2008-09-18 06:23:20 ----D---- C:\WINDOWS\system32\wbem
2008-09-18 06:23:19 ----RSD---- C:\WINDOWS\Fonts
2008-09-18 06:23:11 ----AD---- C:\WINDOWS\system32\drivers
2008-09-18 06:22:36 ----D---- C:\WINDOWS\security
2008-09-18 06:22:13 ----D---- C:\WINDOWS\system32\CatRoot
2008-09-18 06:21:41 ----A---- C:\WINDOWS\imsins.BAK
2008-09-18 06:20:20 ----D---- C:\Program Files\Messenger
2008-09-18 06:18:13 ----RSD---- C:\WINDOWS\assembly
2008-09-18 06:15:31 ----D---- C:\WINDOWS\WinSxS
2008-09-18 06:15:12 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-18 06:15:11 ----D---- C:\WINDOWS\network diagnostic
2008-09-18 06:15:11 ----D---- C:\WINDOWS\ime
2008-09-18 06:15:11 ----D---- C:\WINDOWS\Help
2008-09-18 06:14:58 ----D---- C:\WINDOWS\system32\usmt
2008-09-18 06:14:58 ----D---- C:\WINDOWS\system32\en-us
2008-09-18 06:14:56 ----D---- C:\WINDOWS\PeerNet
2008-09-18 06:14:56 ----D---- C:\Program Files\Movie Maker
2008-09-18 06:11:44 ----D---- C:\WINDOWS\system32\Restore
2008-09-18 06:11:44 ----D---- C:\WINDOWS\system32\npp
2008-09-18 06:11:44 ----D---- C:\WINDOWS\mui
2008-09-18 06:11:42 ----D---- C:\WINDOWS\msagent
2008-09-18 06:11:40 ----D---- C:\WINDOWS\srchasst
2008-09-18 06:11:36 ----D---- C:\Program Files\NetMeeting
2008-09-18 06:11:29 ----D---- C:\WINDOWS\system32\Com
2008-09-18 06:11:23 ----D---- C:\Program Files\Windows NT
2008-09-18 06:11:22 ----D---- C:\Program Files\Outlook Express
2008-09-18 06:11:10 ----D---- C:\Program Files\Common Files\System
2008-09-18 06:10:45 ----AD---- C:\WINDOWS\system32\oobe
2008-09-18 06:10:43 ----D---- C:\WINDOWS\system
2008-09-18 06:07:25 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-18 06:03:48 ----D---- C:\WINDOWS\ehome
2008-09-16 05:23:54 ----D---- C:\WINDOWS\Debug
2008-09-12 09:37:59 ----SD---- C:\WINDOWS\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2005-06-02 102384]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-10-04 21419]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-07-19 8552]
R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\netdevio.sys [2003-01-29 12032]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-07-03 12544]
R2 tdudf;TOSHIBA UDF File System Driver; C:\WINDOWS\system32\DRIVERS\tdudf.sys [2006-06-28 98816]
R3 AgereSoftModem;TOSHIBA V92 Software Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-03-18 1155584]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2006-08-25 61824]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2006-08-22 40064]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2006-07-13 74752]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-22 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-08-23 4374016]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-02 1706752]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2006-06-28 81920]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-02 191968]
R3 tbiosdrv;Toshiba Logical Tbios Device; C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys [2005-08-24 9472]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys [2006-03-02 15360]
R3 TVALD;Toshiba Mobile PC Service; C:\WINDOWS\system32\DRIVERS\NBSMI.sys [2005-10-20 6144]
R3 Tvs;TOSHIBA Virtual Sound with SRS technologies; C:\WINDOWS\system32\DRIVERS\Tvs.sys [2006-05-30 45696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-01-31 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-01-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-01-31 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 SVRPEDRV;SVRPEDRV; \??\C:\SYSPREP\PEDrv.sys []
S3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2006-05-05 28800]
S3 tosrfec;Bluetooth ACPI from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 9344]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-07-17 68865]
R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-08-14 149761]
R2 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2005-01-17 40960]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2004-08-28 110592]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-07-02 434176]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-07-02 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-07-02 937984]
R2 Swupdtmr;Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [2005-07-12 40960]
R2 TAPPSRV;TOSHIBA Application Service; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [2006-02-07 35840]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\WINDOWS\system32\TODDSrv.exe [2006-05-25 114688]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-10-05 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

7
Tech Clinic / wife's laptop got bit
« on: September 28, 2008, 12:29:21 PM »
Hey all, haven't been here in a long time. I had some problems that the members here helped me with quite some time ago. I took guestolo's advice and started using Firefox. Today, my wife opened an email from her aunt titled something about popcorn...now she has mucho popups. Here is a Hijack This log...hope to get her some help. When her computer is clean, I am loading Firefox on it.

Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:41 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\s?stem\n?pdb.exe
C:\PROGRA~1\COMMON~1\SMANTE~1\msiexec.exe
C:\Program Files\GetModule\GetModule23.exe
C:\Program Files\VnrBlock\VnrBlock21.exe
C:\Program Files\GetPack\GetPack21.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [c4ac0cde] rundll32.exe "C:\WINDOWS\system32\hkgasden.dll",b
O4 - HKLM\..\Run: [BMc79f3f42] Rundll32.exe "C:\WINDOWS\system32\kpuhbxfr.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Pqksvydj] C:\WINDOWS\system32\s?stem\n?pdb.exe
O4 - HKCU\..\Run: [Dmos] "C:\PROGRA~1\COMMON~1\SMANTE~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [GetModule23] "C:\Program Files\GetModule\GetModule23.exe"
O4 - HKCU\..\Run: [VnrBlock21] "C:\Program Files\VnrBlock\VnrBlock21.exe"
O4 - HKCU\..\Run: [GetPack21] "C:\Program Files\GetPack\GetPack21.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - AppInit_DLLs: kiwzma.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 10676 bytes

8
Tech Clinic / redirected links
« on: October 09, 2007, 06:12:49 AM »
Guestolo,

Everything is done per your request and is up to date. The computer seems to be just fine now. Thanks for all of your help.

Nunya

9
Tech Clinic / redirected links
« on: October 08, 2007, 04:57:56 PM »
Everything seems to be working just fine....here is the last Hijackthis log.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:55:38 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system\CmFlywav.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system\CMAS2DS.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/term...,2007,0726,1518
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://securera.edwardjones.com/policy/dow...,2007,0223,0322
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10762 bytes

10
Tech Clinic / redirected links
« on: October 08, 2007, 02:50:45 PM »
here are the results of the spybot scan....I have run it within the past couple of weeks, but there were four updates.  As far as setting the other items you asked about, I didn't intentionally make those settings....--- Search result list ---Congratulations!: No immediate threats were found. ()  --- Spybot - Search & Destroy version: 1.4  (build: 20050523) ---2005-05-31 blindman.exe (1.0.0.1)2005-05-31 SpybotSD.exe (1.4.0.3)2005-05-31 TeaTimer.exe (1.4.0.2)2007-09-01 unins000.exe (51.41.0.0)2005-05-31 Update.exe (1.4.0.0)2007-05-23 advcheck.dll (1.5.3.0)2005-05-31 aports.dll (2.1.0.0)2005-05-31 borlndmm.dll (7.0.4.453)2005-05-31 delphimm.dll (7.0.4.453)2005-05-31 SDHelper.dll (1.4.0.0)2007-07-31 Tools.dll (2.1.2.0)2005-05-31 UnzDll.dll (1.73.1.1)2005-05-31 ZipDll.dll (1.73.2.0)2007-10-04 Includes\Cookies.sbi (*)2007-07-25 Includes\Dialer.sbi (*)2007-10-04 Includes\DialerC.sbi (*)2007-08-29 Includes\Hijackers.sbi (*)2007-10-04 Includes\HijackersC.sbi (*)2007-10-04 Includes\Keyloggers.sbi (*)2007-10-04 Includes\KeyloggersC.sbi (*)2007-10-04 Includes\Malware.sbi (*)2007-10-04 Includes\MalwareC.sbi (*)2007-09-05 Includes\PUPS.sbi (*)2007-10-04 Includes\PUPSC.sbi (*)2007-10-04 Includes\Revision.sbi (*)2007-05-30 Includes\Security.sbi (*)2007-10-04 Includes\SecurityC.sbi (*)2007-09-12 Includes\Spybots.sbi (*)2007-10-04 Includes\SpybotsC.sbi (*)2007-08-21 Includes\Tracks.uti2007-10-04 Includes\Trojans.sbi (*)2007-10-04 Includes\TrojansC.sbi (*)2007-06-06 Plugins\TCPIPAddress.dll--- System information ---Windows XP (Build: 2600) Service Pack 2 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \nIf you later install a more recent service pack, this Security Update will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/917283 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \nIf you later install a more recent service pack, this Security Update will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/922770 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \nIf you later install a more recent service pack, this Security Update will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/928365 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181) / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB923723) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399) / Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782) / Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683) / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398) / Windows Media Player 9: Security Update for Windows Media Player 9 (KB936782) / Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. \nIf you later install a more recent service pack, this Hotfix will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/932471 / Windows XP: Security Update for Windows XP (KB923689) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB937143) / Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB938127) / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP / Windows XP / SP3: Windows XP Hotfix - KB873339 / Windows XP / SP3: Windows XP Hotfix - KB885835 / Windows XP / SP3: Windows XP Hotfix - KB885836 / Windows XP / SP3: Windows XP Hotfix - KB886185 / Windows XP / SP3: Windows XP Hotfix - KB887472 / Windows XP / SP3: Windows XP Hotfix - KB888302 / Windows XP / SP3: Security Update for Windows XP (KB890046) / Windows XP / SP3: Windows XP Hotfix - KB890859 / Windows XP / SP3: Windows XP Hotfix - KB891781 / Windows XP / SP3: Security Update for Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Update for Windows XP (KB894391) / Windows XP / SP3: Hotfix for Windows XP (KB896344) / Windows XP / SP3: Security Update for Windows XP (KB896358) / Windows XP / SP3: Security Update for Windows XP (KB896423) / Windows XP / SP3: Security Update for Windows XP (KB896428) / Windows XP / SP3: Update for Windows XP (KB898461) / Windows XP / SP3: Security Update for Windows XP (KB899587) / Windows XP / SP3: Security Update for Windows XP (KB899591) / Windows XP / SP3: Update for Windows XP (KB900485) / Windows XP / SP3: Security Update for Windows XP (KB900725) / Windows XP / SP3: Security Update for Windows XP (KB901017) / Windows XP / SP3: Security Update for Windows XP (KB901214) / Windows XP / SP3: Security Update for Windows XP (KB902400) / Windows XP / SP3: Security Update for Windows XP (KB904706) / Windows XP / SP3: Update for Windows XP (KB904942) / Windows XP / SP3: Security Update for Windows XP (KB905414) / Windows XP / SP3: Security Update for Windows XP (KB905749) / Windows XP / SP3: Security Update for Windows XP (KB908519) / Windows XP / SP3: Update for Windows XP (KB908531) / Windows XP / SP3: Update for Windows XP (KB910437) / Windows XP / SP3: Update for Windows XP (KB911280) / Windows XP / SP3: Security Update for Windows XP (KB911562) / Windows XP / SP3: Security Update for Windows XP (KB911927) / Windows XP / SP3: Security Update for Windows XP (KB913580) / Windows XP / SP3: Security Update for Windows XP (KB914388) / Windows XP / SP3: Security Update for Windows XP (KB914389) / Windows XP / SP3: Hotfix for Windows XP (KB914440) / Windows XP / SP3: Hotfix for Windows XP (KB915800) / Windows XP / SP3: Hotfix for Windows XP (KB915865) / Windows XP / SP3: Update for Windows XP (KB916595) / Windows XP / SP3: Security Update for Windows XP (KB917344) / Windows XP / SP3: Security Update for Windows XP (KB917953) / Windows XP / SP3: Security Update for Windows XP (KB918118) / Windows XP / SP3: Security Update for Windows XP (KB918439) / Windows XP / SP3: Security Update for Windows XP (KB919007) / Windows XP / SP3: Security Update for Windows XP (KB920213) / Windows XP / SP3: Update for Windows XP (KB920342) / Windows XP / SP3: Security Update for Windows XP (KB920670) / Windows XP / SP3: Security Update for Windows XP (KB920683) / Windows XP / SP3: Security Update for Windows XP (KB920685) / Windows XP / SP3: Update for Windows XP (KB920872) / Windows XP / SP3: Security Update for Windows XP (KB921503) / Windows XP / SP3: Update for Windows XP (KB922582) / Windows XP / SP3: Security Update for Windows XP (KB922819) / Windows XP / SP3: Security Update for Windows XP (KB923191) / Windows XP / SP3: Security Update for Windows XP (KB923414) / Windows XP / SP3: Security Update for Windows XP (KB923980) / Windows XP / SP3: Security Update for Windows XP (KB924270) / Windows XP / SP3: Security Update for Windows XP (KB924496) / Windows XP / SP3: Security Update for Windows XP (KB924667) / Windows XP / SP3: Update for Windows XP (KB925720) / Windows XP / SP3: Update for Windows XP (KB925876) / Windows XP / SP3: Security Update for Windows XP (KB925902) / Windows XP / SP3: Hotfix for Windows XP (KB926239) / Windows XP / SP3: Security Update for Windows XP (KB926255) / Windows XP / SP3: Security Update for Windows XP (KB926436) / Windows XP / SP3: Security Update for Windows XP (KB927779) / Windows XP / SP3: Security Update for Windows XP (KB927802) / Windows XP / SP3: Update for Windows XP (KB927891) / Windows XP / SP3: Security Update for Windows XP (KB928255) / Windows XP / SP3: Security Update for Windows XP (KB928843) / Windows XP / SP3: Security Update for Windows XP (KB929123) / Windows XP / SP3: Security Update for Windows XP (KB930178) / Windows XP / SP3: Update for Windows XP (KB930916) / Windows XP / SP3: Security Update for Windows XP (KB931261) / Windows XP / SP3: Security Update for Windows XP (KB931784) / Windows XP / SP3: Security Update for Windows XP (KB932168) / Windows XP / SP3: Update for Windows XP (KB933360) / Windows XP / SP3: Security Update for Windows XP (KB935839) / Windows XP / SP3: Security Update for Windows XP (KB935840) / Windows XP / SP3: Security Update for Windows XP (KB936021) / Windows XP / SP3: Update for Windows XP (KB936357) / Windows XP / SP3: Security Update for Windows XP (KB937143) / Windows XP / SP3: Security Update for Windows XP (KB938127) / Windows XP / SP3: Update for Windows XP (KB938828) / Windows XP / SP3: Security Update for Windows XP (KB938829) / XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0--- Startup entries list ---Located: HK_LM:Run, Acrobat Assistant 7.0command: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"   file: C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe   size: 483328    MD5: 78ff388fd58ce0bae1f7c9670f5473c1Located: HK_LM:Run, AGRSMMSGcommand: AGRSMMSG.exe   file: C:\WINDOWS\AGRSMMSG.exe   size: 88363    MD5: 32f801e868bd2006911d49128cdd6312Located: HK_LM:Run, Apointcommand: C:\Program Files\Apoint2K\Apoint.exe   file: C:\Program Files\Apoint2K\Apoint.exe   size: 192512    MD5: e6899986d6fe0c793b3df5bae7d18b40Located: HK_LM:Run, ATIPTAcommand: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe   file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe   size: 335872    MD5: 024f4f23ccee31a9994109d7a41ab78fLocated: HK_LM:Run, avgntcommand: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min   file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe   size: 249896    MD5: ba5e0a9b7ccde337b22ccc00971aae1cLocated: HK_LM:Run, CeEKEYcommand: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe   file: C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe   size: 638976    MD5: a7f0ed12494a00ec5e2ef94b82ab5d6fLocated: HK_LM:Run, CeEPOWERcommand: C:\Program Files\TOSHIBA\Power Management\CePMTray.exe   file: C:\Program Files\TOSHIBA\Power Management\CePMTray.exe   size: 135168    MD5: 8f7e3434b0b6aec36e4dd9d42be66d43Located: HK_LM:Run, CmFlywavcommand: C:\WINDOWS\system\CmFlywav.exe   file: C:\WINDOWS\system\CmFlywav.exe   size: 176377    MD5: 3523403dfad2682747212b578681e9aeLocated: HK_LM:Run, dlacommand: C:\WINDOWS\system32\dla\tfswctrl.exe   file: C:\WINDOWS\system32\dla\tfswctrl.exe   size: 122939    MD5: 0df3275fd096bacec54e01657d8745d8Located: HK_LM:Run, EzButtoncommand: C:\Program Files\EzButton\EzButton.EXE   file: C:\Program Files\EzButton\EzButton.EXE   size: 712704    MD5: 0787e45175a5b7138bbab94ce8561d19Located: HK_LM:Run, GrooveMonitorcommand: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"   file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe   size: 31016    MD5: 38d198a2dd54a67120040566a38103baLocated: HK_LM:Run, HP Software Updatecommand: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe   file: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe   size: 49152    MD5: 926a397334fe426a6c7657096fe681dbLocated: HK_LM:Run, iTunesHelpercommand: "C:\Program Files\iTunes\iTunesHelper.exe"   file: C:\Program Files\iTunes\iTunesHelper.exe   size: 271672    MD5: 75e7851ce99ea8f9b74361f284666fe0Located: HK_LM:Run, LtMohcommand: C:\Program Files\ltmoh\Ltmoh.exe   file: C:\Program Files\ltmoh\Ltmoh.exe   size: 184320    MD5: cae4adee7be5c6ad35c84d10a866977eLocated: HK_LM:Run, NDSTray.execommand: NDSTray.exe   file: Located: HK_LM:Run, PadTouchcommand: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe   file: C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe   size: 1089589    MD5: 062d0e5bbf64d78d90502f7d0bdc3d6fLocated: HK_LM:Run, QuickTime Taskcommand: "C:\Program Files\QuickTime\QTTask.exe" -atboottime   file: C:\Program Files\QuickTime\QTTask.exe   size: 286720    MD5: 49ccfbe5d5225b9d3cc78c09dee147d0Located: HK_LM:Run, SunJavaUpdateSchedcommand: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"   file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe   size: 132496    MD5: d4f0f7437327dbaa264338baafb5e5afLocated: HK_LM:Run, TPNFcommand: C:\Program Files\TOSHIBA\TouchPad\TPTray.exe   file: C:\Program Files\TOSHIBA\TouchPad\TPTray.exe   size: 53248    MD5: 98046adfa5ef9c3fa746bf6090154e78Located: HK_CU:Run, ctfmon.execommand: C:\WINDOWS\system32\ctfmon.exe   file: C:\WINDOWS\system32\ctfmon.exe   size: 15360    MD5: 24232996a38c0b0cf151c2140ae29fc8Located: HK_CU:Run, MsnMsgrcommand: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background   file: C:\Program Files\MSN Messenger\MsnMsgr.Exe   size: 5674352    MD5: c4281ad865739e71fd1e4dac19a68d60Located: HK_CU:Run, TOSCDSPDcommand: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe   file: C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe   size: 65536    MD5: 383b71dcb691ccaeea445acb9150ddd3Located: Startup (common), Adobe Acrobat Speed Launcher.lnkcommand: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe   file: C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe   size: 25214    MD5: d6294d59171ac375cd142003566aa89eLocated: Startup (common), HP Digital Imaging Monitor.lnkcommand: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe   file: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe   size: 288472    MD5: 4543367e50bd35e7d1269d42841b156eLocated: Startup (common), RAMASST.lnkcommand: C:\WINDOWS\system32\RAMASST.exe   file: C:\WINDOWS\system32\RAMASST.exe   size: 155648    MD5: 7c86a098d2a2e5d0cc8ec60f90637e9eLocated: System.ini, crypt32chaincommand: crypt32.dll   file: crypt32.dllLocated: System.ini, cryptnetcommand: cryptnet.dll   file: cryptnet.dllLocated: System.ini, cscdllcommand: cscdll.dll   file: cscdll.dllLocated: System.ini, ScCertPropcommand: wlnotify.dll   file: wlnotify.dllLocated: System.ini, Schedulecommand: wlnotify.dll   file: wlnotify.dllLocated: System.ini, sclgntfycommand: sclgntfy.dll   file: sclgntfy.dllLocated: System.ini, SensLogncommand: WlNotify.dll   file: WlNotify.dllLocated: System.ini, termsrvcommand: wlnotify.dll   file: wlnotify.dllLocated: System.ini, WBSrvcommand: C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll   file: C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll   size: 221184    MD5: 9240a64cb49eb380617865719ea92281Located: System.ini, wlballooncommand: wlnotify.dll   file: wlnotify.dll--- Browser helper object list ---{5CA3D70E-1895-11CF-8E15-001234567890} (DriveLetterAccess)          BHO name:         CLSID name: DriveLetterAccess       description: Hewlett-Packard's DLA software    classification: Unknown    known filename: tfswshx.dll         info link:        info source: TonyKlein              Path: C:\WINDOWS\system32\dla\         Long name:        tfswshx.dll        Short name:                       Date (created): 8/26/2007 3:13:42 PMDate (last access): 10/8/2007 2:21:40 PM Date (last write): 7/20/2004 3:04:00 AM          Filesize:             118842        Attributes:           archive                MD5: D5CBFE902E7598281FC47037DC8A5DCC             CRC32:           E91B1ACE           Version:            1.4.8.0{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)          BHO name:         CLSID name: Groove GFS Browser Helper              Path: C:\PROGRA~1\MICROS~2\Office12\         Long name: GrooveShellExtensions.dll        Short name:       GRA8E1~1.DLL    Date (created): 10/27/2006 2:48:42 AMDate (last access): 10/8/2007 2:11:26 PM Date (last write): 10/27/2006 2:48:42 AM          Filesize:            2210608        Attributes:           archive                MD5: 786DD1892B553EFE5A004AC39775C851             CRC32:           AAD965C9           Version:     12.0.4518.1014{7E853D72-626A-48EC-A868-BA8D5E23E045} ()          BHO name:         CLSID name: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)          BHO name:         CLSID name: Windows Live Sign-in Helper              Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\         Long name: WindowsLiveLogin.dll        Short name:       WINDOW~1.DLL    Date (created): 8/31/2006 8:33:06 PMDate (last access): 10/8/2007 2:21:40 PM Date (last write): 8/31/2006 8:33:06 PM          Filesize:             322368        Attributes:           archive                MD5: E43F7CFDEE2B00A22C96C168147B20D3             CRC32:           2AEACC43           Version:        4.100.313.1--- ActiveX list ---{57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class)          DPF name:         CLSID name: F5 Networks Policy Agent Host Class         Installer: C:\WINDOWS\Downloaded Program Files\f5InspectionHost.inf          Codebase: https://securera.edwardjones.com/vdesk/term...,2007,0726,1518              Path: C:\WINDOWS\Downloaded Program Files\         Long name: f5InspectionHost.dll        Short name:       F5INSP~1.DLL    Date (created): 9/19/2007 8:10:06 PMDate (last access): 10/8/2007 2:33:14 PM Date (last write): 7/26/2007 8:18:28 AM          Filesize:             311936        Attributes:           archive                MD5: BF15E194ACFE4790C78C8E98359CD98B             CRC32:           58689EB4           Version: 6010.2007.726.1518{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()          DPF name:         CLSID name:          Installer: C:\WINDOWS\Downloaded Program Files\erma.inf          Codebase: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab       description:     classification: Open for discussion    known filename:          info link:        info source: Safer Networking Ltd.{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)          DPF name: Java Runtime Environment 1.6.0        CLSID name: Java Plug-in 1.6.0_03         Installer:           Codebase: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab              Path: C:\Program Files\Java\jre1.6.0_03\bin\         Long name:    npjpi160_03.dll        Short name:       NPJPI1~1.DLL    Date (created): 9/24/2007 11:31:44 PMDate (last access): 10/8/2007 2:30:52 PM Date (last write): 9/25/2007 1:11:34 AM          Filesize:             132496        Attributes:           archive                MD5: D6A4682A6FF41832A3F1A7AB9AE08199             CRC32:           9080B537           Version:           6.0.30.5{E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent)          DPF name:         CLSID name: F5 Networks OS Policy Agent         Installer: C:\WINDOWS\Downloaded Program Files\f5syschk.inf          Codebase: https://securera.edwardjones.com/policy/dow...,2007,0223,0322              Path: C:\WINDOWS\Downloaded Program Files\         Long name: Win32SystemCheck.dll        Short name:       WIN32S~1.DLL    Date (created): 9/19/2007 8:10:08 PMDate (last access): 10/8/2007 2:33:14 PM Date (last write): 2/22/2007 7:23:02 PM          Filesize:             234368        Attributes:           archive                MD5: 86069C3BA6BB6EF65AEFF5A7679C2E35             CRC32:           945D7D6C           Version:  6010.2007.223.322--- Process list ---PID:    0 (   0) [System]PID:  512 (   4) \SystemRoot\System32\smss.exePID:  568 ( 512) \??\C:\WINDOWS\system32\csrss.exePID:  592 ( 512) \??\C:\WINDOWS\system32\winlogon.exePID:  636 ( 592) C:\WINDOWS\system32\services.exe size: 108032  MD5: C6CE6EEC82F187615D1002BB3BB50ED4PID:  648 ( 592) C:\WINDOWS\system32\lsass.exe size: 13312  MD5: 84885F9B82F4D55C6146EBF6065D75D2PID:  828 ( 636) C:\WINDOWS\system32\Ati2evxx.exe size: 397312  MD5: 174C7EE63011017CA12E31CED195581DPID:  844 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336  MD5: 8F078AE4ED187AAABC0A305146DE6716PID:  928 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336  MD5: 8F078AE4ED187AAABC0A305146DE6716PID:  968 ( 636) C:\WINDOWS\System32\svchost.exe size: 14336  MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1020 ( 636) C:\WINDOWS\system32\ACS.exe size: 36864  MD5: 84F21F6572D0AFE02074291F6CEABBDBPID: 1104 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336  MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1188 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336  MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1452 ( 636) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe size: 574808  MD5: 377F0FE06DCD6BB3669F3E0FC4DF2511PID: 1496 (1480) C:\WINDOWS\Explorer.EXE size: 1033216  MD5: 97BD6515465659FF8F3B7BE375B2EA87PID: 1600 (1496) C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe size: 638976  MD5: A7F0ED12494A00EC5E2EF94B82AB5D6FPID: 1608 (1496) C:\Program Files\TOSHIBA\Power Management\CePMTray.exe size: 135168  MD5: 8F7E3434B0B6AEC36E4DD9D42BE66D43PID: 1616 (1496) C:\Program Files\TOSHIBA\TouchPad\TPTray.exe size: 53248  MD5: 98046ADFA5EF9C3FA746BF6090154E78PID: 1624 (1496) C:\WINDOWS\system32\dla\tfswctrl.exe size: 122939  MD5: 0DF3275FD096BACEC54E01657D8745D8PID: 1632 (1496) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe size: 335872  MD5: 024F4F23CCEE31A9994109D7A41AB78FPID: 1644 (1496) C:\Program Files\ltmoh\Ltmoh.exe size: 184320  MD5: CAE4ADEE7BE5C6AD35C84D10A866977EPID: 1656 (1496) C:\WINDOWS\AGRSMMSG.exe size: 88363  MD5: 32F801E868BD2006911D49128CDD6312PID: 1688 (1496) C:\Program Files\Apoint2K\Apoint.exe size: 192512  MD5: E6899986D6FE0C793B3DF5BAE7D18B40PID: 1700 (1496) C:\Program Files\EzButton\EzButton.EXE size: 712704  MD5: 0787E45175A5B7138BBAB94CE8561D19PID: 1708 (1496) C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe size: 1089589  MD5: 062D0E5BBF64D78D90502F7D0BDC3D6FPID: 1720 (1496) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe size: 892928  MD5: 65E0D99F87F0B5963019BC91083E75CEPID: 1740 (1496) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe size: 49152  MD5: 926A397334FE426A6C7657096FE681DBPID: 1768 (1496) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31016  MD5: 38D198A2DD54A67120040566A38103BAPID: 1784 (1496) C:\Program Files\QuickTime\QTTask.exe size: 286720  MD5: 49CCFBE5D5225B9D3CC78C09DEE147D0PID: 1828 (1496) C:\Program Files\iTunes\iTunesHelper.exe size: 271672  MD5: 75E7851CE99EA8F9B74361F284666FE0PID: 1860 (1496) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe size: 249896  MD5: BA5E0A9B7CCDE337B22CCC00971AAE1CPID: 1892 (1496) C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe size: 483328  MD5: 78FF388FD58CE0BAE1F7C9670F5473C1PID: 1912 (1496) C:\WINDOWS\system\CmFlywav.exe size: 176377  MD5: 3523403DFAD2682747212B578681E9AEPID: 1960 (1496) C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe size: 65536  MD5: 383B71DCB691CCAEEA445ACB9150DDD3PID: 1984 (1496) C:\WINDOWS\system32\ctfmon.exe size: 15360  MD5: 24232996A38C0B0CF151C2140AE29FC8PID: 2016 ( 636) C:\WINDOWS\system32\spoolsv.exe size: 57856  MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9FPID: 2024 (1496) C:\Program Files\MSN Messenger\MsnMsgr.Exe size: 5674352  MD5: C4281AD865739E71FD1E4DAC19A68D60PID:  244 ( 636) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe size: 214056  MD5: 58B3B75B49FF3EDFA71A2141F934629BPID:  400 ( 388) C:\Program Files\Apoint2K\Apntex.exe size: 45056  MD5: CCA1B81492B40890E44B2B20A780EE1FPID:  528 (1496) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe size: 288472  MD5: 4543367E50BD35E7D1269D42841B156EPID:  544 (1496) C:\WINDOWS\system32\RAMASST.exe size: 155648  MD5: 7C86A098D2A2E5D0CC8EC60F90637E9EPID: 1316 ( 636) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe size: 63016  MD5: A6FA9C14E649B2F3DE15390A1840774DPID: 1340 ( 636) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe size: 106496  MD5: E4E3A862FEE8061ADC922A73B15800F3PID: 1368 ( 636) C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe size: 36960  MD5: 003F755C884B6C61FAFD371E01609976PID: 1384 ( 636) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe size: 36864  MD5: 527235C8109BF5D4DBDA7D1948648C46PID: 1428 ( 636) C:\WINDOWS\system32\DVDRAMSV.exe size: 106496  MD5: 77C4901986FC7A83E853B300E80D234BPID: 1492 ( 636) C:\WINDOWS\system32\HPZipm12.exe size: 69632  MD5: 45E333C6B7197ED61C70736472F3703BPID: 1672 ( 636) C:\WINDOWS\system32\svchost.exe size: 14336  MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1948 ( 636) C:\WINDOWS\system32\SearchIndexer.exe size: 300032  MD5: 2EC497AA4B728D1B1A368ACF2E309E8BPID: 2656 ( 528) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe size: 239320  MD5: 88029974B1C9995CFA3BD9560BBA2EEFPID: 2756 ( 636) C:\Program Files\iPod\bin\iPodService.exe size: 501048  MD5: D462588D99310A87F758A2AF4A82D98FPID: 3060 ( 636) C:\WINDOWS\System32\alg.exe size: 44544  MD5: F1958FBF86D5C004CF19A5951A9514B7PID: 3600 (1912) C:\WINDOWS\system\CMAS2DS.EXE size: 94284  MD5: E6BCECD9D7533F3AC57465FE61CCC174PID: 3848 ( 636) C:\Program Files\MSN Messenger\usnsvc.exe size: 97136  MD5: C5B70A6AA947667CE0E5FC84A05EC8B6PID: 4032 (1912) C:\Program Files\Linksys\WMB54G\WMB54G.EXE size: 1077327  MD5: 0AAA34F4FBDE79759B4D497326E60B21PID: 1968 (1496) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096  MD5: 09CA174A605B480318731E691DC98539PID: 3956 (1496) C:\Program Files\Mozilla Firefox\firefox.exe size: 7644520  MD5: 1464FC5BC1DC30D56054E443642D42B1PID:    4 (   0) System--- Browser start & search pages list ---Spybot - Search & Destroy browser pages report, 10/8/2007 2:47:28 PMHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page  C:\WINDOWS\system32\blank.htmHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page  http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page  http://www.msn.com/HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page  %SystemRoot%\system32\blank.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page  http://go.microsoft.com/fwlink/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page  http://go.microsoft.com/fwlink/?LinkId=69157HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL  http://go.microsoft.com/fwlink/?LinkId=69157HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL  http://go.microsoft.com/fwlink/?LinkId=54896HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch  http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ------ Uninstall list ---  (AddressBook)Adobe Acrobat 7.0.9 Professional 7.0.9 (Adobe Acrobat 7.0 Professional) version (major): 7 version (minor): 5    install date: 10/6/2007install location: C:\Program Files\Adobe\Acrobat 7.0\   uninstall cmd: msiexec /I {AC76BA86-1033-0000-7760-000000000002}       publisher: Adobe Systems         contact: Customer Support       help link: http://www.adobe.com/support/main.html  help telephone:              readme: C:\Program Files\Adobe\Acrobat 7.0\Readme.htmAdobe Flash Player ActiveX 9.0.47.0 (Adobe Flash Player ActiveX)   uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe       publisher: Adobe Systems Incorporated       help link: http://www.adobe.com/go/flashplayer_support/ATI - Software Uninstall Utility 6.14.10.1008 (All ATI Software)   uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exeAvira AntiVir PersonalEdition Classic  (AntiVir PersonalEdition Classic)   uninstall cmd: C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE       publisher: Avira GmbH       help link: http://www.avira.com/classic-supportATI Display Driver 8.01-040421a-015460C-Toshiba (ATI Display Driver)   uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanBitComet 0.70 0.70 (BitComet)   uninstall cmd: C:\Program Files\BitComet\uninst.exe       publisher: ~RnySmile~Linksys Wireless-G Music Bridge Driver  (C-Media Wi-Sonic Wireless Audio Driver)   uninstall cmd: C:\WINDOWS\system32\cmrmdrvw.exe  (Connection Manager)  (DirectAnimation)  (DirectDrawEx)  (dlatray.exe)   uninstall cmd: C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}DVD Decrypter (Remove Only)  (DVD Decrypter)   uninstall cmd: "C:\Program Files\DVD Decrypter\uninstall.exe"DVD Shrink 3.2  (DVD Shrink_is1)install location: C:\Program Files\DVD Shrink\   uninstall cmd: "C:\Program Files\DVD Shrink\unins000.exe"       publisher: DVD Shrink       help link: http://www.dvdshrink.org  (DXM_Runtime)Microsoft Office Enterprise 2007 12.0.4518.1014 (ENTERPRISE)install location: C:\Program Files\Microsoft Office   uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL       publisher: Microsoft CorporationEasy Button  (EzButton)   uninstall cmd: C:\WINDOWS\UnInst32.exe EzButton.UNI  (Fontcore)HijackThis 2.0.2 2.0.2 (HijackThis)   uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall       publisher: TrendMicroHP Imaging Device Functions 7.0 7.0 (HP Imaging Device Functions)   uninstall cmd: C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat       publisher: HP       help link: http://www.hp.com/supportHP Solution Center 7.0 7.0 (HP Solution Center & Imaging Support Tools)   uninstall cmd: C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat       publisher: HP       help link: http://www.hp.com/supportOCR Software by I.R.I.S 7.0 7.0 (HPOCR)   uninstall cmd: C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat       publisher: HP       help link: http://www.hp.com/support  (ICW)Microsoft Internationalized Domain Names Mitigation APIs  (IDNMitigationAPIs)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"       publisher: Microsoft Corporation  (IE40)  (IE4Data)  (IE5BAKEX)Windows Internet Explorer 7 20061107.210142 (ie7)    install date: 20070826   uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://www.microsoft.com/ie  (IEData)  (InstallShield Uninstall Information)TouchPad On/Off Utility 1.23.0.2 (InstallShield_{49188E15-9B2E-4913-9107-A5D01821AC68})         version: 18284544 version (major): 1 version (minor): 23  estimated size: 231    install date: 20040902  install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is44\   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{49188E15-9B2E-4913-9107-A5D01821AC68} /l1033 SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2 1.0.2.0 (InstallShield_{68D368EE-F5AC-4402-BD45-B454B5453FE1})         version: 16777218 version (major): 1  estimated size: 3080    install date: 20040810install location: C:\Program Files\srslabs\wowxt plug-in\  install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is4\   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{68D368EE-F5AC-4402-BD45-B454B5453FE1} /l1033        publisher: SRS Labs, Inc.       help link: http://www.srslabs..com  help telephone: 1-949-442-1070TOSHIBA Hotkey Utility 1.23.1.3 (InstallShield_{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19})         version: 18284545 version (major): 1 version (minor): 23  estimated size: 917    install date: 20040902  install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is2\   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D2A03D7A-5803-48DD-BA43-AAE5DED2CB19} /l1033 TOSHIBA Power Management Utility 1.23.2.5 (InstallShield_{F16086C2-21CD-42CE-9EC8-2E5302D010B2})         version: 18284546 version (major): 1 version (minor): 23  estimated size: 1539    install date: 20040902  install source: C:\DOCUME~1\Owner\LOCALS~1\Temp\_is1F\   uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F16086C2-21CD-42CE-9EC8-2E5302D010B2} /l1033 Windows XP Hotfix - KB873339 20041117.092459 (KB873339)   uninstall cmd: C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=873339  (KB884016)  (KB884267)  (KB885353)Windows XP Hotfix - KB885835 20041027.181713 (KB885835)   uninstall cmd: C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=885835Windows XP Hotfix - KB885836 20041028.173203 (KB885836)   uninstall cmd: C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=885836Windows XP Hotfix - KB886185 20041021.090540 (KB886185)   uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=886185  (KB886612)  (KB887078)Windows XP Hotfix - KB887472 20041014.162858 (KB887472)   uninstall cmd: C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=887472  (KB887626)Windows XP Hotfix - KB888302 20041207.111426 (KB888302)   uninstall cmd: C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=888302  (KB888656)  (KB889858)Security Update for Windows XP (KB890046) 1 (KB890046)   uninstall cmd: "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=890046Windows XP Hotfix - KB890859 1 (KB890859)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=890859Windows Media Format SDK Hotfix - KB891122  (KB891122)   uninstall cmd: "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=891122Windows XP Hotfix - KB891781 20050110.165439 (KB891781)   uninstall cmd: C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=891781Windows Genuine Advantage Validation Tool (KB892130)  (KB892130)    install date: 20070826       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=892130  (KB892313)  (KB893240)  (KB893241)Security Update for Windows XP (KB893756) 1 (KB893756)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=893756  (KB893803)Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)   uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://go.microsoft.com/fwlink/?LinkId=42467Update for Windows XP (KB894391) 1 (KB894391)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=894391  (KB895181)  (KB895316)  (KB895572)Hotfix for Windows XP (KB896344) 2 (KB896344)   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=896344Security Update for Windows XP (KB896358) 1 (KB896358)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=896358Security Update for Windows XP (KB896423) 1 (KB896423)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=896423Security Update for Windows XP (KB896428) 1 (KB896428)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=896428  (KB897586)Update for Windows XP (KB898461) 1 (KB898461)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=898461  (KB898549)Security Update for Windows XP (KB899587) 1 (KB899587)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=899587Security Update for Windows XP (KB899591) 1 (KB899591)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=899591  (KB900399)Update for Windows XP (KB900485) 2 (KB900485)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=900485Security Update for Windows XP (KB900725) 1 (KB900725)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=900725Security Update for Windows XP (KB901017) 1 (KB901017)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=901017Security Update for Windows XP (KB901214) 1 (KB901214)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=901214  (KB902344)Security Update for Windows XP (KB902400) 1 (KB902400)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=902400Security Update for Windows XP (KB904706) 2 (KB904706)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=904706Update for Windows XP (KB904942) 2 (KB904942)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=904942Security Update for Windows XP (KB905414) 1 (KB905414)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=905414Security Update for Windows XP (KB905749) 1 (KB905749)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=905749  (KB907658)Security Update for Windows XP (KB908519) 1 (KB908519)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=908519Update for Windows XP (KB908531) 2 (KB908531)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=908531Microsoft Base Smart Card Cryptographic Service Provider Package  (KB909520)   uninstall cmd: "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"       publisher: Microsoft CorporationUpdate for Windows XP (KB910437) 1 (KB910437)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=910437Update for Windows XP (KB911280) 2 (KB911280)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=911280Security Update for Windows XP (KB911562) 1 (KB911562)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=911562Security Update for Windows Media Player (KB911564)  (KB911564)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com/?kbid=911564  (KB911565)  (KB911854)Security Update for Windows XP (KB911927) 1 (KB911927)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=911927Security Update for Windows XP (KB913580) 1 (KB913580)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=913580Security Update for Windows XP (KB914388) 1 (KB914388)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=914388Security Update for Windows XP (KB914389) 1 (KB914389)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=914389Hotfix for Windows XP (KB914440) 12 (KB914440)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=914440Hotfix for Windows XP (KB915800) 1 (KB915800)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB915800$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=915800Hotfix for Windows XP (KB915865) 10 (KB915865)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=915865Update for Windows XP (KB916595) 1 (KB916595)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=916595Windows Desktop Search 3.01 03.01.6000.72 (KB917013)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=917013Security Update for Windows XP (KB917344) 1 (KB917344)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=917344Security Update for Windows XP (KB917953) 1 (KB917953)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=917953Security Update for Windows XP (KB918118) 1 (KB918118)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=918118Security Update for Windows XP (KB918439) 1 (KB918439)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=918439Security Update for Windows XP (KB919007) 1 (KB919007)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=919007Security Update for Windows XP (KB920213) 1 (KB920213)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=920213Update for Windows XP (KB920342) 1 (KB920342)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=920342Security Update for Windows XP (KB920670) 1 (KB920670)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=920670Security Update for Windows XP (KB920683) 1 (KB920683)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=920683Security Update for Windows XP (KB920685) 1 (KB920685)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=920685Update for Windows XP (KB920872) 1 (KB920872)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=920872Security Update for Windows XP (KB921503) 1 (KB921503)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=921503Update for Windows XP (KB922582) 1 (KB922582)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=922582Security Update for Windows XP (KB922819) 1 (KB922819)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=922819Security Update for Windows XP (KB923191) 1 (KB923191)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=923191Security Update for Windows XP (KB923414) 1 (KB923414)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=923414Security Update for Windows XP (KB923689)  (KB923689)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=923689Security Update for Step By Step Interactive Training (KB923723) 20050502.101010 (KB923723)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com/kb/923723Security Update for Windows XP (KB923980) 1 (KB923980)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=923980Security Update for Windows XP (KB924270) 1 (KB924270)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=924270Security Update for Windows XP (KB924496) 1 (KB924496)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=924496Security Update for Windows XP (KB924667) 1 (KB924667)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=924667Security Update for Windows Media Player 6.4 (KB925398)  (KB925398_WMP64)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com/?kbid=925398Update for Windows XP (KB925720) 1 (KB925720)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=925720Update for Windows XP (KB925876) 1 (KB925876)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=925876Security Update for Windows XP (KB925902) 1 (KB925902)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=925902Hotfix for Windows XP (KB926239) 2 (KB926239)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=926239Security Update for Windows XP (KB926255) 1 (KB926255)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=926255Security Update for Windows XP (KB926436) 1 (KB926436)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=926436Security Update for Windows XP (KB927779) 1 (KB927779)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=927779Security Update for Windows XP (KB927802) 1 (KB927802)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://support.microsoft.com?kbid=927802Update for Windows XP (KB927891) 3 (KB927891)    install date: 20070826   uninstall cmd: "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"       publisher: Microsoft Corporation       help link: http://s

11
Tech Clinic / redirected links
« on: October 08, 2007, 12:36:03 PM »
...and finally, the Fixwareout report....

Username "Jerry Rathke" - 10/08/2007 11:57:14 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{95ED3546-EB6B-4DAF-932E-6B91403C9384}
"DhcpNameServer"="85.255.116.165,85.255.112.220" <Value cleared.

Successfully flushed the DNS Resolver Cache.
System was rebooted successfully.
 
~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"CeEPOWER"="C:\\Program Files\\TOSHIBA\\Power Management\\CePMTray.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"EzButton"="C:\\Program Files\\EzButton\\EzButton.EXE"
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"NDSTray.exe"="NDSTray.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"CmFlywav"="C:\\WINDOWS\\system\\CmFlywav.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

12
Tech Clinic / redirected links
« on: October 08, 2007, 12:33:55 PM »
...and here is the Hijackthis log.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:13 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system\CmFlywav.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system\CMAS2DS.EXE
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/term...,2007,0726,1518
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://securera.edwardjones.com/policy/dow...,2007,0223,0322
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10708 bytes

13
Tech Clinic / redirected links
« on: October 08, 2007, 12:32:00 PM »
Thanks....

Here is the combofix log....

ComboFix 07-10-07.2 - Jerry Rathke 2007-10-08 12:14:16.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.484 [GMT -5:00]
Running from: C:\Documents and Settings\Jerry Rathke\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-09-08 to 2007-10-08  )))))))))))))))))))))))))))))))
.

2007-10-08 12:13   51,200   --a------   C:\WINDOWS\NirCmd.exe
2007-10-08 10:33   <DIR>   d--------   C:\Program Files\Trend Micro
2007-10-01 14:55   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-01 14:54   <DIR>   d--------   C:\Program Files\Common Files\Wise Installation Wizard
2007-09-27 14:08   <DIR>   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\WinRAR
2007-09-20 18:33   81,920   --a------   C:\Documents and Settings\Jerry Rathke\Application Data\ezpinst.exe
2007-09-20 18:33   47,360   --a------   C:\WINDOWS\system32\drivers\pcouffin.sys
2007-09-20 18:33   47,360   --a------   C:\Documents and Settings\Jerry Rathke\Application Data\pcouffin.sys
2007-09-20 18:33   14   --a------   C:\WINDOWS\system32\systeminfo3.dll
2007-09-20 18:33   <DIR>   d--------   C:\Program Files\CloneDVD
2007-09-20 18:33   <DIR>   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Vso
2007-09-20 18:33   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\DVDXStudio
2007-09-19 20:10   <DIR>   d--------   C:\Program Files\F5
2007-09-15 09:44   <DIR>   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Printer Info Cache
2007-09-15 09:44   <DIR>   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Image Zone Express

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 16:35   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\AdobeUM
2007-10-05 14:39   ---------   d--------   C:\Program Files\SpywareBlaster
2007-10-01 14:56   ---------   d--------   C:\Program Files\Lavasoft
2007-10-01 14:55   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Lavasoft
2007-09-30 09:54   43520   --a------   C:\WINDOWS\system32\CmdLineExt03.dll
2007-09-29 14:44   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\HP
2007-09-22 07:49   ---------   d--------   C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-09-19 06:31   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-09-14 19:04   ---------   d--------   C:\Program Files\Common Files\HP
2007-09-05 21:09   ---------   d--------   C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2007-09-05 10:34   ---------   d--------   C:\Program Files\QuickTime
2007-09-05 10:18   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\DivX
2007-09-05 10:15   ---------   d--------   C:\Program Files\DivX
2007-09-02 14:52   ---------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-09-02 14:52   ---------   d--------   C:\Program Files\Linksys
2007-09-02 09:01   ---------   d--------   C:\Program Files\BitComet
2007-09-01 18:50   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Atari
2007-09-01 18:49   ---------   d--------   C:\Program Files\Common Files\PocketSoft
2007-09-01 18:49   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Leadertech
2007-09-01 18:44   ---------   d--------   C:\Program Files\Atari
2007-09-01 12:22   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-01 09:09   359808   --a------   C:\WINDOWS\system32\drivers\tcpip.sys
2007-09-01 09:06   ---------   d--------   C:\Program Files\Google
2007-08-29 07:23   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Google
2007-08-29 07:20   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Google
2007-08-27 19:57   ---------   d--------   C:\Program Files\MSN Messenger
2007-08-27 17:24   ---------   d--------   C:\Program Files\HP
2007-08-26 18:21   ---------   d--------   C:\Program Files\Common Files\Adobe Systems Shared
2007-08-26 18:21   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-08-26 17:21   ---------   d--------   C:\Program Files\iTunes
2007-08-26 17:21   ---------   d--------   C:\Program Files\iPod
2007-08-26 17:21   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Apple Computer
2007-08-26 17:21   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-26 17:19   ---------   d--------   C:\Program Files\Apple Software Update
2007-08-26 17:18   ---------   d--------   C:\Program Files\Common Files\Apple
2007-08-26 17:18   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Apple
2007-08-26 16:54   ---------   d--------   C:\Program Files\Stardock
2007-08-26 16:26   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\Windows Desktop Search
2007-08-26 16:25   ---------   d--------   C:\Program Files\Windows Desktop Search
2007-08-26 16:12   ---------   d--------   C:\Program Files\MSBuild
2007-08-26 16:12   ---------   d--------   C:\Program Files\Microsoft Works
2007-08-26 16:10   ---------   d--------   C:\Program Files\Microsoft.NET
2007-08-26 16:08   ---------   d--------   C:\Program Files\Microsoft Visual Studio 8
2007-08-26 15:59   ---------   d--------   C:\Program Files\Linksys Wireless-G Music Bridge
2007-08-26 15:50   ---------   d--------   C:\Program Files\Sonic
2007-08-26 15:49   ---------   d--------   C:\Program Files\Napster
2007-08-26 15:49   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Napster
2007-08-26 15:48   ---------   d--------   C:\Program Files\Quicken
2007-08-26 15:47   ---------   d--------   C:\Program Files\Notebook Maximizer
2007-08-26 15:46   ---------   d--------   C:\Program Files\Symantec
2007-08-26 15:46   ---------   d--------   C:\Documents and Settings\All Users\Application Data\Symantec
2007-08-26 15:35   ---------   d--------   C:\Program Files\Pure Networks
2007-08-26 15:33   ---------   d--------   C:\Program Files\Common Files\AOL
2007-08-26 15:31   ---------   d--------   C:\Program Files\DVD Shrink
2007-08-26 15:31   ---------   d--------   C:\Program Files\DVD Decrypter
2007-08-26 15:28   ---------   d--------   C:\Documents and Settings\All Users\Application Data\AOL
2007-08-26 15:27   ---------   d--------   C:\Documents and Settings\Jerry Rathke\Application Data\AOL
2007-08-26 15:25   ---------   d--------   C:\Program Files\MSXML 4.0
2007-08-26 15:23   ---------   d--------   C:\Program Files\MSXML 6.0
2007-08-26 15:17   ---------   d--------   C:\Program Files\Reference Assemblies
2007-08-26 15:16   ---------   d--------   C:\Program Files\Windows Media Connect 2
2007-08-26 15:10   ---------   d--------   C:\Program Files\ArcSoft
2007-08-26 14:37   ---------   d--------   C:\Documents and Settings\All Users\Application Data\HP
2007-08-26 14:32   ---------   d--------   C:\Program Files\Hewlett-Packard
2007-08-26 14:32   ---------   d--------   C:\Program Files\Common Files\Hewlett-Packard
2007-07-30 21:19   92504   --a------   C:\WINDOWS\system32\cdm.dll
2007-07-30 21:19   549720   --a------   C:\WINDOWS\system32\wuapi.dll
2007-07-30 21:19   53080   --a------   C:\WINDOWS\system32\wuauclt.exe
2007-07-30 21:19   43352   --a------   C:\WINDOWS\system32\wups2.dll
2007-07-30 21:19   325976   --a------   C:\WINDOWS\system32\wucltui.dll
2007-07-30 21:19   271224   --a------   C:\WINDOWS\system32\mucltui.dll
2007-07-30 21:19   207736   --a------   C:\WINDOWS\system32\muweb.dll
2007-07-30 21:19   203096   --a------   C:\WINDOWS\system32\wuweb.dll
2007-07-30 21:19   1712984   --a------   C:\WINDOWS\system32\wuaueng.dll
2007-07-30 21:18   33624   --a------   C:\WINDOWS\system32\wups.dll
2007-07-26 18:06   524288   --a------   C:\WINDOWS\system32\DivXsm.exe
2007-07-26 18:06   3596288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 18:06   200704   --a------   C:\WINDOWS\system32\ssldivx.dll
2007-07-26 18:06   144704   --a------   C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 18:06   129784   ---------   C:\WINDOWS\system32\pxafs.dll
2007-07-26 18:06   120056   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 18:06   118520   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 18:06   1044480   --a------   C:\WINDOWS\system32\libdivx.dll
2007-07-26 18:03   823296   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 18:03   823296   --a------   C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 18:03   81920   --a------   C:\WINDOWS\system32\dpl100.dll
2007-07-26 18:03   802816   --a------   C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 18:03   740442   --a------   C:\WINDOWS\system32\DivX.dll
2007-07-26 18:03   593920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 18:03   57344   --a------   C:\WINDOWS\system32\dpv11.dll
2007-07-26 18:03   53248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 18:03   344064   --a------   C:\WINDOWS\system32\dpus11.dll
2007-07-26 18:03   294912   --a------   C:\WINDOWS\system32\dpu11.dll
2007-07-26 18:03   294912   --a------   C:\WINDOWS\system32\dpu10.dll
2007-07-26 18:03   196608   --a------   C:\WINDOWS\system32\dtu100.dll
2007-07-26 18:03   12288   --a------   C:\WINDOWS\system32\DivXWMPExtType.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2004-06-14 07:00]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2004-08-19 20:14]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2004-03-14 22:17]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-07-20 03:04]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 23:10]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-26 17:43]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 17:00 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 18:46]
"EzButton"="C:\Program Files\EzButton\EzButton.EXE" [2004-05-14 12:29]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 16:47]
"NDSTray.exe"="NDSTray.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 04:41]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 02:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 08:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-08-15 22:15]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-09-05 18:46]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52]
"CmFlywav"="C:\WINDOWS\system\CmFlywav.exe" [2006-05-19 15:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 05:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-08-26 18:21:18]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 06:21:22]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2004-08-10 16:15:20]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 17:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-13 12:57 221184 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

R1 SrvcEKIOMngr;SrvcEKIOMngr;C:\WINDOWS\system32\Drivers\EKIoMngr.sys
R1 SrvcEPECioctl;SrvcEPECioctl;C:\WINDOWS\system32\Drivers\ECioctl.sys
R1 SrvcEPIOMngr;SrvcEPIOMngr;C:\WINDOWS\system32\Drivers\EPIoMngr.sys
R1 SrvcSSIOMngr;SrvcSSIOMngr;C:\WINDOWS\system32\Drivers\SSIoMngr.sys
R1 SrvcTPIOMngr;SrvcTPIOMngr;C:\WINDOWS\system32\Drivers\TPIoMngr.sys
R2 DgiVecp;Team MFP Comm Driver;C:\WINDOWS\system32\Drivers\DgiVecp.sys
R3 cmvad;Linksys Wireless-G Music Bridge Interface;C:\WINDOWS\system32\drivers\cmudaxv.sys
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver;C:\WINDOWS\system32\Drivers\DKbFltr.sys
R3 EPOWER;Compal E-POWER Driver;C:\WINDOWS\system32\Drivers\hkdrv.sys
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys
S3 EMSCR;EMSCR;C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
S3 ESDCR;ESDCR;C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
S3 ESMCR;ESMCR;C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-08-26 22:19:24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 12:16:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-08 12:17:23
.
   --- E O F ---

14
Tech Clinic / redirected links
« on: October 08, 2007, 10:38:48 AM »
I've had problems lately of links being redirected. My kids use the computer more and more lately, so who knows the stuff they allow.  Anyway, here is a Hijack This log...hopefully there is something there......thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:50 AM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system\CmFlywav.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Linksys\WMB54G\WMB54G.EXE
C:\WINDOWS\system\CMAS2DS.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [CmFlywav] C:\WINDOWS\system\CmFlywav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - C:\DOCUME~1\JERRYR~1\LOCALS~1\Temp\IXP000.TMP\InstallerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/term...,2007,0726,1518
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://securera.edwardjones.com/policy/dow...,2007,0223,0322
O17 - HKLM\System\CCS\Services\Tcpip\..\{071C03DB-3447-4932-A0FF-56F75E596334}: NameServer = 85.255.116.165,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{512E836A-7D26-4AAF-9CBA-9E2A7320C6B1}: NameServer = 85.255.116.165,85.255.112.220
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{071C03DB-3447-4932-A0FF-56F75E596334}: NameServer = 85.255.116.165,85.255.112.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11299 bytes

15
Tech Clinic / Do I have something...???
« on: June 29, 2007, 06:22:51 PM »
[quote name=\'guestolo\' post=\'346061\' date=\'Jun 26 2007, 03:24 PM\']Sorry for the delay, Not much bad in that first log you posted
If you still need a hand can you post a fresh hijackthis log and see if it looks the same[/quote]

Thanks for taking a look, Guestolo.

I didn't think I had much of anything, but I guess it is time to think about an upgrade.

Jerry

16
Tech Clinic / Do I have something...???
« on: June 24, 2007, 10:21:15 AM »
Guestolo et al,

First let me say I appreciate everything you do to help people out. I've taken much of your advice and suggestions to heart and have had a much better experience avoiding the pitfalls of the internet.  Lately, I have been noticing that my computer isn't as fast as it used to be.  Now it may be because my computer is getting older everyday and the new programs and apps are geared for more powerful computers, or it could be that I am picking up clutter and tracking apps from the internet.  In either case, here is a hijackthis log...any analysis is appreciated.....Jerry


Logfile of HijackThis v1.99.1
Scan saved at 10:14:00 AM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System\CmFlywav.exe
C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
F:\Download\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CmFlywaveName] C:\WINDOWS\System\CmFlywav.exe
O4 - HKLM\..\Run: [Linksys WMB54G Utility] C:\Program Files\Linksys Wireless-G Music Bridge\WMB54G.exe -R
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBInstall32.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://securera.edwardjones.com/vdesk/term...llerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://securera.edwardjones.com/vdesk/term...00,0,61017,0700
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154055173375
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://securera.edwardjones.com/vdesk/term...00,0,61229,1858
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://securera.edwardjones.com/policy/dow...00,0,61017,0706
O18 - Protocol: bw+0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {66EE65A2-3669-4CB7-A7C3-64ABB1E78B5F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

17
Tech Clinic / Search Pages redirected
« on: November 01, 2006, 10:05:22 PM »
Everything is running good and all problems resolved.

Thanks Guestolo

Jerry

18
Tech Clinic / Search Pages redirected
« on: November 01, 2006, 08:15:05 PM »
Thanks for the help.  I have my computer up to date now.  I reinstalled my computer a month or two back and was lazy getting the protection back on.  Here is a log after putting everything back on.

Jerry



Logfile of HijackThis v1.99.1
Scan saved at 7:11:48 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ACS.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\EzButton\EzButton.EXE
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
E:\Download\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.0\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\PROGRA~1\FLASHS~1\save.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1\save.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) -

http://dlmanager.akamaitools.com.edgesuite...vex-2.0.6.0.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...b?1154055173375
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition

Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition

Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\Toshiba\Power Management\CeEPwrSvc.exe
O23 - Service: DVD-RAM_Service - Matsu[censored]a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe

19
Tech Clinic / Search Pages redirected
« on: October 30, 2006, 09:35:46 PM »
Thanks for the help.  I am swamped right now, but I will do this tomorrow and post the appropriate logs.

Thanks,

Jerry

20
Tech Clinic / Search Pages redirected
« on: October 28, 2006, 12:53:49 PM »
[quote name=\'guestolo\' post=\'228326\' date=\'Oct 28 2006, 12:41 PM\']What do you use for antispyware scanners and AntiVirus protection??
Do you need free tools?
I can supply links

How is everything now?

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents[/quote]

I have been using Adaware SE, but it was locking up this morning when I tried to run it so I uninstalled it.  I've been happy with adaware, but I'm open to suggestions.  Search results seem to be working properly.  Here is the other list requested.  Again, if you have any spyware scanners you think are best, let me know.


Adobe Acrobat 7.0 Professional
Adobe Flash Player 9 ActiveX
ALPS Touch Pad Driver
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
BitComet 0.70
CD/DVD Drive Acoustic Silencer
Cypress USB Mass Storage Driver Installation
DirectShow Dump
DivX
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD-RAM Driver
Easy Button
Flash Saver
Google Earth
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB890927)
Hotfix for Windows XP (KB896344)
ICS Viewer 6.0
Intel A/V Codecs V2.0
InterVideo WinDVD for TOSHIBA
Java 2 Runtime Environment, SE v1.4.2_05
Magic ISO Maker v5.0 (build 0166)
Magic ISO Maker v5.3 (build 0221)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Professional Edition 2003
Mozilla Firefox (1.5.0.7)
MSN
MSXML 6.0 Parser (KB925673)
Napster Burn Engine
Nero Media Player
Nero OEM
Nero PhotoShow Express
NeroVision Express 2
oggcodecs 0.71.0946
Quick and Easy FJK 6.5.5
Quicken 2004
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
Roxio Burn Engine
Samsung ML-1710 Series
Samsung ML-1710 Seriess
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SmartSound Quicktracks Plugin
SMSC IrCC V5.1.3600.3 SP1
SRS WOW XT Plug-In for Windows Media Player for Toshiba version 1.0.2
TOSHIBA Access
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Management Utility
TOSHIBA Software Modem
Toshiba Tbiosdrv Driver
Touch and Launch
TouchPad On/Off Utility
tunebite 1.4.1.0
TVUPlayer 2.2.0
Ulead VideoStudio 10
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB Storage Adapter FX (SM1)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
XviD 1.1 final uninstall

Pages: [1] 2 3