Free Malware Removal Forum

by **miguelvillafana** » February 24th, 2009, 1:13 pm

Hi Carolyn,

Would popping the memory card, ipod and another cheapo mp3 player wipe their memories?

Miguel V.

by **Carolyn** » February 24th, 2009, 1:19 pm

miguelvillafana wrote:Hi Carolyn,

Would popping the memory card, ipod and another cheapo mp3 player wipe their memories?

Miguel V.

Nope, it will not delete anything legit. It will add a special folder to them which will make them a little more difficult to infect.

by **miguelvillafana** » February 24th, 2009, 4:48 pm

Hi Carolyn,

Ok, the first file you highlighted, the qoobox file, I couldn't find. Is that a good thing or a bad thing?

I uploaded the second file, the atmarpc.sys file, and submitted it through virustotal. The results did NOT pop in a secondary window; I had to copy/paste the results onto a notepad page (and I hope it posts correctly). I ain't a virus guy, but based on the results I don't think we're quite done...

The last scan results will come up shortly--

Miguel V.

**********

File rdl171.tmp.7FFFFFC3 received on 02.17.2009 00:20:42 (CET)
Current status: finished
Result: 33/39 (84.62%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.16 Trojan-Mailfinder!IK
AhnLab-V3 5.0.0.2 2009.02.16 Win-Trojan/Agent.6656.IG
AntiVir 7.9.0.79 2009.02.16 Worm/Autorun.tca
Authentium 5.1.0.4 2009.02.16 -
Avast 4.8.1335.0 2009.02.16 Win32:Rootkit-gen
AVG 8.0.0.237 2009.02.16 Agent.AVTR
BitDefender 7.2 2009.02.16 Rootkit.Agent.AIUL
CAT-QuickHeal 10.00 2009.02.16 Worm.AutoRun.tca
ClamAV 0.94.1 2009.02.16 -
Comodo 980 2009.02.16 Worm.Win32.AutoRun.~LP
DrWeb 4.44.0.09170 2009.02.16 Trojan.NtRootKit.2387
eSafe 7.0.17.0 2009.02.15 -
eTrust-Vet 31.6.6360 2009.02.16 Win32/Clstealth.H
F-Prot 4.4.4.56 2009.02.16 -
F-Secure 8.0.14470.0 2009.02.16 Trojan-Mailfinder.Win32.Agent.wd
Fortinet 3.117.0.0 2009.02.16 W32/AutoRun.SEH!tr.rkit
GData 19 2009.02.16 Rootkit.Agent.AIUL
Ikarus T3.1.1.45.0 2009.02.16 Trojan-Mailfinder
K7AntiVirus 7.10.630 2009.02.14 Worm.Win32.AutoRun.tca
Kaspersky 7.0.0.125 2009.02.16 Trojan-Mailfinder.Win32.Agent.wd
McAfee 5528 2009.02.16 W32/Autorun.worm.gen
McAfee+Artemis 5528 2009.02.16 W32/Autorun.worm.gen
Microsoft 1.4306 2009.02.16 VirTool:WinNT/Emold.gen!A
NOD32 3858 2009.02.16 Win32/AutoRun.FakeAlert.M
Norman 6.00.06 2009.02.16 W32/Rootkit.AEJW
nProtect 2009.1.8.0 2009.02.16 Trojan/W32.Agent.6656.BI
Panda 10.0.0.10 2009.02.16 W32/AutoRun.DJ.worm
PCTools 4.4.2.0 2009.02.16 Worm.AutoRun.GEN
Prevx1 V2 2009.02.17 -
Rising 21.17.02.00 2009.02.16 -
SecureWeb-Gateway 6.7.6 2009.02.16 Worm.Autorun.tca
Sophos 4.38.0 2009.02.16 W32/AutoRun-QQ
Sunbelt 3.2.1851.2 2009.02.12 Rootkit.Agent.AIUL
Symantec 10 2009.02.17 Hacktool.Rootkit
TheHacker 6.3.2.2.258 2009.02.16 W32/AutoRun.tca
TrendMicro 8.700.0.1004 2009.02.16 WORM_AUTORUN.CYC
VBA32 3.12.8.12 2009.02.16 Worm.Win32.AutoRun.tca
ViRobot 2009.2.16.1609 2009.02.16 Spyware.MailFinder.Agent.6656.B
VirusBuster 4.5.11.0 2009.02.16 Rootkit.Autorun.Gen.10
Additional information
File size: 6656 bytes
MD5...: a240958fe9d5acbe71a2b3c3a11e1102
SHA1..: b9413646979bb90da854a8509aa3594fb5e2a79b
SHA256: 6118af8a4e3c776f412e026bbaac204714d787036eeafb0406685d1f65ce7be3
SHA512: 09667b4fda6b8276b428fcbe57f66acb317b7e21b1e22d55ecb354e54b1352e6
97dcb5e2d9d9be890f694d6e1deaadda86ebca008c25eca084c2ea89678c1944
ssdeep: 96:oMapzKeuD3GOn4XsCQEvprii1pGAph1u2O/:jjes+oG1M/
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1349
timedatestamp.....: 0x492d8e78 (Wed Nov 26 17:59:20 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x60a 0x800 5.24 50ebfdec85b957a1179848c688cb028d
.rdata 0x2000 0xca 0x200 1.91 aa912aaeecd80831d6bb1a320a9d1bfe
.data 0x3000 0x4c8 0x600 3.76 be552fa7080141c4df88bbca55cb7af8
INIT 0x4000 0x20e 0x400 3.10 1f34220e3339bcf1751d72f77b04287e
.reloc 0x5000 0x94 0x200 1.14 2ec659237092c5715e523113da863886

( 1 imports )
> ntoskrnl.exe: NtCreateFile, RtlInitUnicodeString, ZwQueryInformationFile, memcpy, memset, ExAllocatePool, ZwMapViewOfSection, ZwClose, ZwCreateSection, _stricmp, ExAllocatePoolWithTag, ExFreePoolWithTag, ZwUnmapViewOfSection, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, strcat, strrchr, strcpy, ZwQuerySystemInformation, NtBuildNumber

( 0 exports )
CWSandbox info: http://research.sunbelt-software.com/pa ... c3a11e1102

by **miguelvillafana** » February 24th, 2009, 4:53 pm

Hi Carolyn,

Here's the third report, run by virustotal. Semi-interestingly, 33/39 (apparently 84%) reported a hit. Does that mean that this file (and the previous) might not necessarily be infected?

Miguel V.

**********

File rdl171.tmp.7FFFFFC3 received on 02.17.2009 00:20:42 (CET)
Current status: finished
Result: 33/39 (84.62%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.16 Trojan-Mailfinder!IK
AhnLab-V3 5.0.0.2 2009.02.16 Win-Trojan/Agent.6656.IG
AntiVir 7.9.0.79 2009.02.16 Worm/Autorun.tca
Authentium 5.1.0.4 2009.02.16 -
Avast 4.8.1335.0 2009.02.16 Win32:Rootkit-gen
AVG 8.0.0.237 2009.02.16 Agent.AVTR
BitDefender 7.2 2009.02.16 Rootkit.Agent.AIUL
CAT-QuickHeal 10.00 2009.02.16 Worm.AutoRun.tca
ClamAV 0.94.1 2009.02.16 -
Comodo 980 2009.02.16 Worm.Win32.AutoRun.~LP
DrWeb 4.44.0.09170 2009.02.16 Trojan.NtRootKit.2387
eSafe 7.0.17.0 2009.02.15 -
eTrust-Vet 31.6.6360 2009.02.16 Win32/Clstealth.H
F-Prot 4.4.4.56 2009.02.16 -
F-Secure 8.0.14470.0 2009.02.16 Trojan-Mailfinder.Win32.Agent.wd
Fortinet 3.117.0.0 2009.02.16 W32/AutoRun.SEH!tr.rkit
GData 19 2009.02.16 Rootkit.Agent.AIUL
Ikarus T3.1.1.45.0 2009.02.16 Trojan-Mailfinder
K7AntiVirus 7.10.630 2009.02.14 Worm.Win32.AutoRun.tca
Kaspersky 7.0.0.125 2009.02.16 Trojan-Mailfinder.Win32.Agent.wd
McAfee 5528 2009.02.16 W32/Autorun.worm.gen
McAfee+Artemis 5528 2009.02.16 W32/Autorun.worm.gen
Microsoft 1.4306 2009.02.16 VirTool:WinNT/Emold.gen!A
NOD32 3858 2009.02.16 Win32/AutoRun.FakeAlert.M
Norman 6.00.06 2009.02.16 W32/Rootkit.AEJW
nProtect 2009.1.8.0 2009.02.16 Trojan/W32.Agent.6656.BI
Panda 10.0.0.10 2009.02.16 W32/AutoRun.DJ.worm
PCTools 4.4.2.0 2009.02.16 Worm.AutoRun.GEN
Prevx1 V2 2009.02.17 -
Rising 21.17.02.00 2009.02.16 -
SecureWeb-Gateway 6.7.6 2009.02.16 Worm.Autorun.tca
Sophos 4.38.0 2009.02.16 W32/AutoRun-QQ
Sunbelt 3.2.1851.2 2009.02.12 Rootkit.Agent.AIUL
Symantec 10 2009.02.17 Hacktool.Rootkit
TheHacker 6.3.2.2.258 2009.02.16 W32/AutoRun.tca
TrendMicro 8.700.0.1004 2009.02.16 WORM_AUTORUN.CYC
VBA32 3.12.8.12 2009.02.16 Worm.Win32.AutoRun.tca
ViRobot 2009.2.16.1609 2009.02.16 Spyware.MailFinder.Agent.6656.B
VirusBuster 4.5.11.0 2009.02.16 Rootkit.Autorun.Gen.10
Additional information
File size: 6656 bytes
MD5...: a240958fe9d5acbe71a2b3c3a11e1102
SHA1..: b9413646979bb90da854a8509aa3594fb5e2a79b
SHA256: 6118af8a4e3c776f412e026bbaac204714d787036eeafb0406685d1f65ce7be3
SHA512: 09667b4fda6b8276b428fcbe57f66acb317b7e21b1e22d55ecb354e54b1352e6
97dcb5e2d9d9be890f694d6e1deaadda86ebca008c25eca084c2ea89678c1944
ssdeep: 96:oMapzKeuD3GOn4XsCQEvprii1pGAph1u2O/:jjes+oG1M/
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1349
timedatestamp.....: 0x492d8e78 (Wed Nov 26 17:59:20 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x60a 0x800 5.24 50ebfdec85b957a1179848c688cb028d
.rdata 0x2000 0xca 0x200 1.91 aa912aaeecd80831d6bb1a320a9d1bfe
.data 0x3000 0x4c8 0x600 3.76 be552fa7080141c4df88bbca55cb7af8
INIT 0x4000 0x20e 0x400 3.10 1f34220e3339bcf1751d72f77b04287e
.reloc 0x5000 0x94 0x200 1.14 2ec659237092c5715e523113da863886

( 1 imports )
> ntoskrnl.exe: NtCreateFile, RtlInitUnicodeString, ZwQueryInformationFile, memcpy, memset, ExAllocatePool, ZwMapViewOfSection, ZwClose, ZwCreateSection, _stricmp, ExAllocatePoolWithTag, ExFreePoolWithTag, ZwUnmapViewOfSection, RtlFreeUnicodeString, RtlAnsiStringToUnicodeString, RtlInitAnsiString, strcat, strrchr, strcpy, ZwQuerySystemInformation, NtBuildNumber

( 0 exports )
CWSandbox info: http://research.sunbelt-software.com/pa ... c3a11e1102

by **Carolyn** » February 24th, 2009, 5:06 pm

Hi Miguel,

I hate to give you bad news but one or more of the identified infections is a backdoor trojan.

Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
In addition to the backdoor Trojan that has been identified, your computer is afflicted with multiple other infections. Although we can make an attempt to clean this machine, we cannot guarantee that it will be secure afterwards. Your best and safest course of action is a reformat and reinstallation of the Windows operating system.

If you do decide to attempt cleaning rather than a reformat, do understand that although we may be able to remove all known visible malware, we cannot guarantee that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damages it may possibly have caused to vital system files.

Please note that even if we should be successful in removing these infections from your system, it is quite possible that the changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you have any questions, please feel free to ask.
Please let us know what you have decided to do in your next post.

by **miguelvillafana** » February 24th, 2009, 5:22 pm

There were two "flash" drives, an sd memory card, and a 2 gb gpx mp3 player. This desktop has a hell of a time detecting memory cards/mp3 players (I've used an hp printer w/a usb and memory card reader hooked up to the desktop). On a whim, I popped the sd card onto my laptop--it has an sd reader--and almost immediately an avg warning came up re: a .vob file. (how the hell did a virus get on the sd card?!?) Good Lord, I hope it didn't actually install... I quickly took it out... Did I just infect my laptop?

Anyway, I ran the flash disinfect on both that card and the gpx player on this desktop. I want to make sure that both drives are now clean, but am obviously reluctant to connect either drives to my laptop (as it can quickly detect either) to make sure that the drives were actually cleaned... Am I justified in my paranoia re: my laptop?

Seriously re: the sd card, did I just infect my computer? Should I run the 100 tests I just did on this desktop on my laptop? Good god I'm now worried.

Miguel V.

by **miguelvillafana** » February 24th, 2009, 5:32 pm

Thanks for the help. I would rather know than not know. My folks (I think) might have logins, but not pws memorized re: ie. My folks were thinking about getting a new pc. I think it might be a good time.

Ok, I will VERY soon never be using this desktop again, but we have something like 500 invaluable pics on the memory card (to hell with the ghetto mp3 player). I'm going to disconnect the pc from online, then move the photos ontop the my docments folder. Seriously, we have HUNDREDS of valuable documents et al on this machine, and the best way (I think) to move them is to swing them to the memory card (it's 8 gb), and then somehow move them to my laptop, which may/may not now be infected. The thing is, if this machine is now (politely speaking) shot to hell, I'm freaked out at the possibilty of the bugs somehow illicitly moving to the memory card.

Ok, that's nonsense. Is there a way to somehow safely move the photos et al to the sd card/anywhere else, and then safely move them onto a non-infected pc?

Miguel V.

ps--I'll correspond via a public library or somewhere else for the time being.

by **Carolyn** » February 24th, 2009, 5:36 pm

Why don't you post an OTViewIt log from your laptop in this topic as well as results from a Kaspersky online scan. Better safe than sorry.

by **miguelvillafana** » February 24th, 2009, 11:38 pm

Hi Carolyn,

My parents and myself went on ahead and contacted our respective banking institutions. I'm piss mad, because it'll take a while to rework the bank account #s and that beautiful thing called direct deopsit.

I'll post the logs from this laptop shortly, but a rather personal question:

Is there ANY way that I can somehow safely transfer the my documents folder from my parents' pc to my pc?

If they're gone, so be it. But if it's possible, please let me know, but if not, again, I'd rather know than not know.

Miguel V.

by **miguelvillafana** » February 25th, 2009, 12:29 am

Kaspersky's gonna take a while, but here's the OTViewit--

Miguel V.

ps--I use this laptop to sync my bb curve w/email accounts, etc. I also have a mild addiction to my ipod. If (god forbid) my system were to be infected, would beloved curve and ipod be infected?

by **miguelvillafana** » February 25th, 2009, 12:31 am

oops, here's otviewit. Kaspersky coming up soon--

Miguel V.

ps--I'm sorry, I'm now so paranoid about my beloved laptop... I need to take more of my medication!

**********

OTViewIt logfile created on: 2/24/2009 11:28:48 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Customer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.42 Mb Total Physical Memory | 371.41 Mb Available Physical Memory | 36.58% Memory free
2.39 Gb Paging File | 1.80 Gb Available in Paging File | 75.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 31.40 Gb Free Space | 42.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Customer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2004/10/15 13:22:14 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2004/10/15 13:24:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2009/01/30 18:16:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2005/01/17 18:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
[2004/08/28 02:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
[2008/10/20 22:59:27 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2009/02/15 14:46:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
[2004/10/15 13:21:38 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2009/01/30 18:16:58 | 00,484,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2005/07/12 19:14:42 | 00,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
[2005/08/10 12:15:50 | 00,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe
[2004/10/15 13:27:38 | 00,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2004/10/15 13:23:12 | 00,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
[2005/04/05 18:25:34 | 00,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
[2005/08/10 13:23:02 | 00,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
[2005/04/12 18:17:58 | 00,088,358 | ---- | M] (Agere Systems) -- C:\WINDOWS\agrsmmsg.exe
[2004/10/14 17:28:02 | 00,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2004/10/14 17:26:40 | 00,688,218 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2004/10/25 17:23:10 | 00,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
[2004/09/07 16:03:20 | 01,077,301 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
[2005/04/26 18:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
[2005/03/17 19:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\IVP\ISM\pinger.exe
[2004/10/15 13:27:56 | 00,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2005/05/31 22:59:58 | 00,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
[2009/02/15 14:46:51 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/08/24 07:00:48 | 00,033,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[2009/01/30 18:16:52 | 01,601,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2007/01/13 08:47:04 | 00,131,072 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
[2007/01/13 08:47:04 | 00,163,840 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2007/01/13 08:46:36 | 00,135,168 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/12/21 22:25:41 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
[2008/10/05 21:44:39 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Customer\Local Settings\Application

Data\Google\Update\GoogleUpdate.exe
[2006/09/11 04:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2009/01/30 18:09:27 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2004/08/28 02:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
[2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2008/12/10 22:32:46 | 00,098,816 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
[2009/02/24 22:41:06 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe --

(Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state

[On_Demand | Stopped])
[2009/01/30 18:16:55 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2005/01/17 18:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe --

(clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2004/08/28 02:33:00 | 00,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service [Auto |

Running])
[2004/10/15 13:22:14 | 00,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2007/10/09 12:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe --

(FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/21 22:17:18 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-

081103 [On_Demand | Stopped])
[2008/10/20 22:59:27 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe --

(IDriverT [On_Demand | Stopped])
[2007/10/11 09:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2009/02/15 14:46:51 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto |

Running])
[2008/12/16 21:59:50 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
[2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft

Office Groove Audit Service [On_Demand | Stopped])
[2007/10/11 09:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv

[On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose

[On_Demand | Stopped])
[2004/10/15 13:21:38 | 00,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9

[On_Demand | Stopped])
[2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto

| Stopped])
[2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe --

(RoxLiveShare9 [Auto | Stopped])
[2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9

[On_Demand | Stopped])
[2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto

| Stopped])
[2004/10/15 13:24:48 | 00,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2002/09/20 17:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service

(default) [Auto | Running])
[2008/10/15 12:02:34 | 00,111,872 | ---- | M] (PCTEL) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc [On_Demand | Stopped])
[2005/07/12 19:14:42 | 00,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr [Auto | Running])
[2005/08/10 12:15:50 | 00,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV [Auto | Running])
[2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand |

Stopped])
[2008/05/26 21:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\searchindexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/04/13 13:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2004/10/06 10:29:50 | 00,129,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2007/04/17 15:17:00 | 00,017,119 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2005/02/23 13:58:56 | 00,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc [On_Demand | Running])
[2005/04/12 18:19:42 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
[2008/04/13 13:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2009/01/30 18:16:58 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
[2009/01/30 18:16:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2008/12/17 01:02:06 | 00,023,832 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
[2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2007/01/13 09:33:18 | 05,672,032 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running])
[2004/08/12 10:44:04 | 00,234,496 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA [On_Demand | Running])
[2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Stopped])
[2005/01/11 12:05:00 | 00,204,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N [Boot | Running])
[2008/12/16 21:58:54 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
[2008/12/17 01:00:12 | 00,768,024 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS [On_Demand | Stopped])
[2008/12/17 01:01:20 | 00,041,752 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
[2008/12/17 01:01:42 | 06,364,440 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
[2005/06/02 05:33:00 | 00,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf [System |

Running])
[2008/04/13 13:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2003/01/29 16:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio [Auto | Running])
[2008/10/15 11:58:18 | 00,038,680 | ---- | M] (PCTEL Inc.) -- C:\WINDOWS\system32\drivers\pctnullport.sys -- (Nmea [On_Demand | Running])
[2005/01/04 04:43:08 | 00,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2 [System | Running])
[2007/01/15 16:18:30 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr [On_Demand | Running])
[2008/10/15 11:58:26 | 00,222,720 | ---- | M] (Novatel Wireless Inc) -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI [On_Demand | Running])
[2008/10/15 11:58:32 | 00,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50

[On_Demand | Stopped])
[2008/10/15 11:56:10 | 00,032,408 | ---- | M] (PCTEL Inc.) -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5 [On_Demand | Stopped])
[2003/09/19 17:45:48 | 00,021,248 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running])
[2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2007/05/31 13:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2004/08/04 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2004/10/15 13:20:04 | 00,011,354 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) --

C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/13 13:40:47 | 00,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys -- (sffdisk [On_Demand | Stopped])
[2008/04/13 13:40:47 | 00,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys -- (sffp_sd [On_Demand | Stopped])
[2004/06/16 13:19:58 | 00,046,080 | ---- | M] (SMSC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Stopped])
[2004/09/01 14:17:46 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/10/15 11:58:34 | 00,024,840 | ---- | M] () -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt [On_Demand | Running])
[2004/10/14 17:14:04 | 00,185,728 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2003/06/11 10:53:22 | 00,006,867 | ---- | M] () -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv [Auto | Running])
[2005/11/30 10:12:36 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
[2002/10/16 15:55:48 | 00,002,851 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt [On_Demand | Stopped])
[2005/03/30 14:42:54 | 00,047,230 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte [On_Demand | Running])
[2005/07/04 17:54:08 | 00,098,176 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd [On_Demand | Stopped])
[2005/05/27 13:39:40 | 00,034,176 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp [On_Demand | Stopped])
[2004/10/04 12:33:02 | 00,062,799 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
[2005/05/30 20:28:38 | 00,008,576 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec [On_Demand | Stopped])
[2005/06/27 20:48:08 | 00,053,504 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid [On_Demand | Stopped])
[2005/01/06 15:42:42 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds [On_Demand | Stopped])
[2004/12/15 19:30:14 | 00,050,048 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd [On_Demand | Stopped])
[2004/12/21 13:38:12 | 00,034,816 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb [On_Demand | Stopped])
[2005/03/02 10:45:24 | 00,004,864 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD [On_Demand | Running])
[2005/05/10 19:50:00 | 00,029,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs [On_Demand | Running])
[2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio [On_Demand | Stopped])
[2004/10/29 21:48:10 | 03,222,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51 [On_Demand | Running])
[2006/11/02 06:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2005/04/12 18:21:28 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
[2005/04/12 18:21:32 | 00,022,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
[2005/04/12 18:21:28 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
[2005/04/12 18:21:26 | 00,045,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
[2005/03/30 19:18:40 | 00,230,400 | ---- | M] (Marvell) -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://www.uta.edu/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 1
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4efb-9B51-7695ECA05670} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3049C3E9-B461-4BC5-8870-4C09146192CA} (HKLM) -- C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5A263CF7-56A6-4D68-A8CF-345BE45BC911} (HKLM) -- C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (HKCU) -- C:\Program Files\Nitro PDF\PDF Download\NitroPDF.dll (Nitro PDF)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{BA52B914-B692-46c4-B683-905236F6F655}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{C7768536-96F8-4001-B1A2-90EE21279187}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AGRSMMSG"=AGRSMMSG.exe (Agere Systems)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless (Intel Corporation)
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide ()
"Notebook Maximizer"=C:\Program Files\Notebook Maximizer\maximizer_startup.exe ()
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"Pinger"=C:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"SmoothView"=C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray (Analog Devices, Inc.)
"Sprint SmartView"="C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a (Sprint)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"TFncKy"=TFncKy.exe File not found
"THotkey"=C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe (TOSHIBA)
"TPSMain"=TPSMain.exe (TOSHIBA Corporation)
"Tvs"=C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
"Google Update"="C:\Documents and Settings\Customer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"Start WingMan Profiler"= File not found

========== (O4) Startup Folders ==========

[2009/01/30 18:09:27 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop

Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[2004/08/28 02:37:00 | 00,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Documents and Settings\All Users\Start

Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
[2008/05/26 21:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk =

C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[2008/11/07 14:56:10 | 00,517,384 | ---- | M] (Leader Technologies/Logitech) -- C:\Documents and Settings\Customer\Start Menu\Programs\Startup\Logitech .

Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
[2007/12/07 19:44:36 | 00,101,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Customer\Start Menu\Programs\Startup\OneNote 2007 Screen

Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[2008/01/21 15:42:18 | 00,122,880 | ---- | M] () -- C:\Documents and Settings\Customer\Start Menu\Programs\Startup\StarOffice 8.lnk = C:\Program

Files\Sun\StarOffice 8\program\quickstart.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Add to EverNote: C:\Program Files\EverNote\EverNote\enbar.dll [2007/11/07 13:44:18 | 00,186,816 | ---- | M] (EverNote Corporation)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2008/10/18 18:30:22 | 17,931,616 | ---- | M] (Microsoft Corporation)
Lookup on CD: c:\AHD4withThesaurus\AHD.htm [2003/10/19 19:20:36 | 00,000,633 | ---- | M] ()
Save Page As PDF ...: File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 |

---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2007/12/13 01:20:58 | 00,606,288 |

---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- |

M] (Microsoft Corporation)
{A5ABA0BB-F195-40d8-A5E9-0801153E6597}: Button: Add to EverNote -- %ProgramFiles%\EverNote\EverNote\enbar.dll [2007/11/07 13:44:18 | 00,186,816 | ---- | M]

(EverNote Corporation)
{A5ABA0BB-F195-40d8-A5E9-0801153E6597}: Menu: Add to EverNote -- %ProgramFiles%\EverNote\EverNote\enbar.dll [2007/11/07 13:44:18 | 00,186,816 | ---- | M]

(EverNote Corporation)
{AD9E6088-E00B-42f9-9F0C-8480525D234E}: Menu: PDF Download - Options -- Reg Error: Key does not exist or could not be opened. File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 13:53:32 | 00,558,080 | ----

| M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft

Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 19:12:28 | 01,695,232 | ---- | M]

(Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521}\\contexts [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{CB9CDC2D-0AB4-4031-A1F7-E9B4070CE521}\\Script [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ClsidExtension [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.spop: -- C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 15:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies

Corporation, Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/ ... ontrol.cab -- Office Genuine

Advantage Validation Tool
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://www2.snapfish.com/SnapfishActivia.cab -- Snapfish Activia
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftup ... 7130874483 -- MUWebControl

Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdat ... /opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab -- Java Plug-in 1.5.0_02
{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_01
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_02
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_03
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_04
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{CD995117-98E5-4169-9920-6C12D4C0B548}: http://gamedownload.ijjimax.com/gamedow ... in9USA.cab -- HGPlugin9USA Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/get/sh ... wflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1E9691F1-5376-4700-9C3E-2A7810FDF527} (Servers: | Description: Intel(R) PRO/Wireless 2200BG Network Connection)
{7888397D-660B-4031-A5AD-8D863CB5FCE2} (Servers: | Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller)
{A0B5BF85-6ADA-4386-9B70-35E239064B71} (Servers: | Description: )
{B7E478E3-9D41-4027-B5FB-6F87191CF8E5} (Servers: | Description: )
{F062C929-2F0F-4501-BF02-F15F23D75419} (Servers: | Description: 1394 Net Adapter)
{FF7BDBCC-08A4-41BE-8EBF-0986C48DFF84} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
>[2009/01/30 18:11:19 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
>[2008/10/21 22:17:31 | 00,113,664 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
avgrsstarter: "DllName" = avgrsstx.dll -- C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
IntelWireless: "DllName" = C:\Program Files\Intel\Wireless\Bin\LgNotify.dll -- C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" (HKLM) -- C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2005/07/28 15:12:01 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ddc8773-e309-11dd-b409-0013ce9162ed}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ddc8773-e309-11dd-b409-0013ce9162ed}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ddc8773-e309-11dd-b409-0013ce9162ed}\Shell\Explore\command]
""=E:\system.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ddc8773-e309-11dd-b409-0013ce9162ed}\Shell\Open\command]
""=E:\system.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ddc8778-e309-11dd-b409-0013ce9162ed}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ddc8778-e309-11dd-b409-0013ce9162ed}\Shell\AutoRun\command]
""=C:\WINDOWS\system32\shell32.dll -- [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ddc8778-e309-11dd-b409-0013ce9162ed}\Shell\Explore\command]
""=E:\system.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ddc8778-e309-11dd-b409-0013ce9162ed}\Shell\Open\command]
""=E:\system.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77a77d08-1ac1-11dc-b3af-0013ce9162ed}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77a77d08-1ac1-11dc-b3af-0013ce9162ed}\Shell\AutoRun]
""=Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{77a77d08-1ac1-11dc-b3af-0013ce9162ed}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/02/24 22:41:00 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\OTViewIt.exe
[2009/02/24 22:17:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/02/11 22:40:50 | 01,931,134 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\sprint_nav_ug_21_blackberry.pdf
[2009/02/11 21:56:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Roxio
[2009/02/11 21:34:25 | 00,746,373 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\LoaderBackup-(2009-02-11).ipd
[2009/02/10 20:57:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Blackberry Desktop
[2009/02/10 00:10:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Sprint
[2009/02/09 23:32:40 | 00,027,072 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\PCASp50.sys
[2009/02/09 23:32:08 | 00,017,920 | ---- | C] (Sierra Wireless America, Inc.) -- C:\WINDOWS\System32\apintfnt.dll
[2009/02/09 23:29:17 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless
[2009/02/09 23:28:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2009/02/09 23:28:46 | 00,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
[2009/02/09 23:28:42 | 00,000,000 | ---D | C] -- C:\Program Files\Sprint
[2009/02/09 23:28:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sprint
[2009/02/09 23:24:56 | 00,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/02/09 23:24:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Research In Motion
[2009/02/09 22:54:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2009/02/09 22:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2009/02/09 22:49:36 | 00,000,000 | ---D | C] -- C:\Program Files\Roxio
[2009/02/09 22:49:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2009/02/09 22:49:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2009/02/09 22:43:18 | 00,026,496 | R--- | C] (Research in Motion Ltd) -- C:\WINDOWS\System32\drivers\RimSerial.sys
[2009/02/09 22:41:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2009/02/09 22:41:21 | 00,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2009/02/09 22:30:36 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2009/02/08 17:52:45 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Customer\My Documents\~$beration.doc
[2009/02/08 08:05:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Customer\My Documents\~$ History Fellowship.doc
[2009/02/08 08:05:18 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\MA History Fellowship.doc
[2009/02/07 19:58:05 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Customer\My Documents\~$adadmission.doc
[2009/02/07 19:58:00 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Customer\My Documents\~$adhistoryadmission.doc
[2009/02/06 23:49:53 | 00,712,819 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\8330_curve_ug.pdf
[2009/02/06 20:36:11 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\gradhistoryadmission.doc
[2009/02/06 20:35:09 | 00,028,672 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\gradadmission.doc
[2009/02/01 03:00:22 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/01/31 02:20:42 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\Liberation.doc
[2009/01/30 18:31:18 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/30 18:31:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\skypePM
[2009/01/30 18:29:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Customer\Application Data\Skype
[2009/01/30 18:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2009/01/30 18:28:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/01/30 18:28:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/01/30 18:16:58 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.prepare
[2009/01/30 18:13:21 | 00,029,562 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2009/01/30 18:13:20 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/01/30 18:13:20 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/01/30 18:13:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/01/30 18:13:08 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/30 18:13:07 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/01/30 18:13:07 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/01/30 18:13:03 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/01/30 18:13:01 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/01/30 18:13:01 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/01/30 18:09:35 | 00,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/01/30 18:09:15 | 00,127,034 | R--- | C] (BackWeb Technologies Inc. ) -- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
[2009/01/30 18:08:41 | 00,000,845 | ---- | C] () -- C:\Documents and Settings\Customer\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/01/30 18:05:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logishrd
[2009/01/30 18:05:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2009/01/30 18:04:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2009/01/30 09:03:24 | 00,000,428 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6AFD7730-34C2-457B-96E8-B56EDACA0C02}.job
[2009/01/30 08:53:19 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/01/30 08:49:47 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/01/29 22:40:09 | 00,040,915 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\TaxReturn.pdf
[2009/01/29 21:40:11 | 00,013,411 | ---- | C] () -- C:\Documents and Settings\Customer\My Documents\2008_Federal_FAFSA.pdf

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Customer\My Documents\*.tmp files]
[2009/02/24 23:16:15 | 00,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6AFD7730-34C2-457B-96E8-B56EDACA0C02}.job
[2009/02/24 22:41:06 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Customer\Desktop\OTViewIt.exe
[2009/02/24 22:17:08 | 33,477,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/02/23 22:43:50 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2009/02/23 15:51:19 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\Customer\Desktop\Notebook Maximizer.LNK
[2009/02/23 15:50:41 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/02/23 15:50:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/02/23 15:49:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/02/23 15:49:55 | 10,648,12544 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/23 03:19:05 | 00,008,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/02/19 14:21:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/19 03:20:54 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/16 17:38:11 | 00,006,395 | ---- | M] () -- C:\WINDOWS\machine.ver
[2009/02/16 14:45:05 | 00,046,080 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\Liberation.doc
[2009/02/15 00:13:34 | 00,000,972 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/02/11 22:41:34 | 01,931,134 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\sprint_nav_ug_21_blackberry.pdf
[2009/02/11 21:34:25 | 00,746,373 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\LoaderBackup-(2009-02-11).ipd
[2009/02/10 02:04:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/02/10 00:05:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/02/09 23:31:31 | 00,558,006 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/02/09 23:31:31 | 00,467,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/02/09 23:31:31 | 00,080,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/02/09 22:59:47 | 00,357,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/08 17:52:45 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Customer\My Documents\~$beration.doc
[2009/02/08 08:05:20 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\MA History Fellowship.doc
[2009/02/08 08:05:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Customer\My Documents\~$ History Fellowship.doc
[2009/02/07 19:58:05 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Customer\My Documents\~$adadmission.doc
[2009/02/07 19:58:00 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Customer\My Documents\~$adhistoryadmission.doc
[2009/02/06 23:49:53 | 00,712,819 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\8330_curve_ug.pdf
[2009/02/06 23:18:32 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\gradhistoryadmission.doc
[2009/02/06 22:24:31 | 00,028,672 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\gradadmission.doc
[2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/31 23:31:02 | 00,145,408 | ---- | M] () -- C:\Documents and Settings\Customer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-

E0D61DEA3FDF.ini
[2009/01/30 18:31:18 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/30 18:16:58 | 00,325,128 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/01/30 18:16:58 | 00,027,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/01/30 18:16:58 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.prepare
[2009/01/30 18:11:19 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/01/30 18:09:35 | 00,002,076 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2009/01/30 18:09:14 | 00,127,034 | R--- | M] (BackWeb Technologies Inc. ) -- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
[2009/01/30 18:08:41 | 00,000,845 | ---- | M] () -- C:\Documents and Settings\Customer\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2009/01/30 08:58:48 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\Customer\My Documents\desktop.ini
[2009/01/30 08:56:34 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/29 22:40:09 | 00,040,915 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\TaxReturn.pdf
[2009/01/29 21:40:11 | 00,013,411 | ---- | M] () -- C:\Documents and Settings\Customer\My Documents\2008_Federal_FAFSA.pdf
< End of report >

by **miguelvillafana** » February 25th, 2009, 12:32 am

and extras.txt

--Miguel V.

OTViewIt Extras logfile created on: 2/24/2009 11:28:48 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and

Settings\Customer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type =

NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.42 Mb Total Physical Memory | 371.41 Mb Available Physical Memory | 36.58%

Memory free
2.39 Gb Paging File | 1.80 Gb Available in Paging File | 75.36% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program

Files
Drive C: | 74.53 Gb Total Space | 31.40 Gb Free Space | 42.13% Space Free |

Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOSHIBA-USER
Current User Name: Customer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=1
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security

Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fire

wallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir

ewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir

ewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir

ewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %

windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
[2005/02/07 15:05:08 | 00,259,184 | ---- | M] (America Online, Inc.) --

C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %

windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/01/30 18:09:27 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir

ewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %

windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2004/11/03 17:06:34 | 00,462,848 | ---- | M] (TOSHIBA Corporation) --

C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine
[2005/03/17 19:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation) --

C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger
[2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %

windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG7

\avgamsvr.exe:*:Enabled:avgamsvr.exe
File not found -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe
[2007/06/11 19:16:12 | 04,670,968 | ---- | M] (Yahoo! Inc.) -- C:\Program

Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/06/11 19:16:14 | 00,091,640 | ---- | M] (Yahoo! Inc.) -- C:\Program

Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2009/01/15 02:17:22 | 00,636,264 | ---- | M] (Microsoft Corporation) --

C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/05/21 03:37:24 | 12,844,576 | ---- | M] (Microsoft Corporation) --

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office

Outlook
[2007/08/29 00:23:36 | 00,340,856 | ---- | M] (Microsoft Corporation) --

C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office

Groove
[2008/05/21 04:54:40 | 01,022,496 | ---- | M] (Microsoft Corporation) --

C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office

OneNote
File not found -- C:\ijji\ENGLISH\Golf\DangGol.exe:*:Disabled:DangGol
File not found -- C:\ijji\ENGLISH\u_sf\soldierfront.exe:*:Disabled:soldierfront
File not found -- C:\Documents and

Settings\Customer\Desktop\utorrent.exe:*:Enabled:µTorrent
File not found -- C:\Program Files\Kuma Games\KumaClient.exe:*:Enabled:KumaClient
File not found -- C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
[2008/12/06 09:57:20 | 00,114,840 | ---- | M] () -- C:\Program

Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player
[2008/06/09 11:47:58 | 00,214,560 | ---- | M] (RealNetworks, Inc.) -- C:\Program

Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
[2009/01/30 18:05:25 | 01,032,984 | ---- | M] (AVG Technologies CZ, s.r.o.) --

C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
[2008/12/21 22:25:41 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program

Files\DNA\btdna.exe:*:Enabled:DNA
[2008/04/29 12:51:26 | 00,587,568 | ---- | M] () -- C:\Program

Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2009/02/05 00:59:16 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program

Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program

Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program

Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/01/30 18:09:27 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program

Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2007/08/16 08:56:08 | 00,662,000 | ---- | M] (Sonic Solutions) -- C:\Program

Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) --

C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program

Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/30 18:09:27 | 00,028,711 | ---- | M] (Logitech Inc.) C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

(bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} (HKLM) [BackWeb GA

Pluggable Protocol])
[2007/08/24 07:01:46 | 00,224,128 | ---- | M] (Microsoft Corporation) C:\Program

Files\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:

{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services

Protocol])
ipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program

Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-

9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2009/01/30 18:16:57 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.)

C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-

FBDDE494F8D1} (HKLM) [XPLPPFilter Class])
msdaipp: [HKLM - No CLSID value]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program

Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-

11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program

Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-

9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2006/10/26 14:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program

Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-

bbca-00c04f8ec294} (HKLM) [HxProtocol Class])
[2001/06/19 19:26:46 | 00,221,184 | ---- | M] (Microsoft Corporation) C:\Program

Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:

{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage

Protocol for IE 4.0])
[2008/11/07 14:31:38 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program

Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 22:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program

Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-

5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}"=TOSHIBA Speech System SR Engine(U.S.)

Version1.0
"{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}"=EverNote
"{0B59A227-CAC2-4688-8759-580B4DC5F220}"=BlackBerry Device Software v4.5.0 for

the BlackBerry 8330 smartphone
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}"=BlackBerry Desktop Software 4.3
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{0FFD55FA-40CE-4B7F-9001-A06930C63FA2}"=Sprint SmartView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}"=TOSHIBA Assist
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{25EEC359-8639-4528-83F4-A5AC2DAD3B35}"=BiblePro
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1"=ConvertHelper 2.1
"{2BA00471-0328-3743-93BD-FA813353A783}"=Microsoft .NET Framework 3.0 Service

Pack 1
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}"=Opera 9.63
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}"=InterVideo WinDVD Creator 2
"{318AB667-3230-41B5-A617-CB3BF748D371}"=iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150020}"=J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160000}"=Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}"=Java(TM) SE Runtime Environment 6 Update

1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}"=Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}"=Java(TM) 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3E8C2BA2-F4CA-4A1D-A690-6B9A411DAF8B}"=ArcSoft PhotoImpression 5
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}"=TOSHIBA Speech System TTS Engine(U.S.)

Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}"=Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}"=TOSHIBA Software Upgrades
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}"=TOSHIBA SD Memory Card Format
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}"=Safari
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}"=Logitech Gaming Software
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}"=Touch and Launch
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}"=Roxio Media Manager
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}"=TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}"=TOSHIBA Hotkey Utility
"{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}"=Microsoft Office Word 2007 Get Started

Tab
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}"=TOSHIBA TouchPad ON/Off Utility
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}"=mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}"=mIWCA
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005

Redistributable
"{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}"=Learning Essentials for Microsoft Office
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}"=TOSHIBA Utilities
"{7A2B077D-D7AC-4215-B0FB-5EA581E549E6}"=Windows Vista Upgrade Advisor
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}"=Sansa Media Converter
"{7ED0C3C2-6A3B-4FD1-97C8-20613D7D9ACF}"=TIxx21/x515
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}"=TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}"=mHelp
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}"=Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web

Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English)

2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English)

2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI

(English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English)

2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English)

2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-

C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-

72C095BAB72C}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-

5EC9B91D7BF1}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office

system
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English)

2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English)

2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-

A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (English)

2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0409-0000-0000000FF1CE}"=Microsoft Save as PDF or XPS Add-in for

2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}"=Microsoft Office Groove MUI (English)

2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00D1-0409-0000-0000000FF1CE}"=Microsoft Office Access database engine

2007 (English)
"{90120000-0114-0409-0000-0000000FF1CE}"=Microsoft Office Groove Setup Metadata

MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata

MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-

A35948034D85}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata

MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-

AA12AD2D3E59}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{91120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-

609E6538D419}"=2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD for TOSHIBA
"{937B232D-9776-471E-92BD-D424E514EF14}"=Logitech QuickCam
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}"=mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}"=DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}"=CD/DVD Drive Acoustic Silencer
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}"=TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}"=Spelling Dictionaries Support For Adobe

Reader 8
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B43A3C5D-7F74-4493-840E-D7B74520BC19}"=PDF Download for Internet Explorer
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service

Pack 1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser
"{B6828215-1469-43A2-8BEE-F5A970F98161}"=Microsoft Office 2003 International

Character Toolbar
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}"=TOSHIBA ConfigFree
"{C45F4811-31D5-4786-801D-F79CD06EDD85}"=SD Secure Module
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}"=Bluetooth Stack for Windows by Toshiba
"{CEEA65D4-E9F8-4B2C-B512-8872343403F3}"=BibleMax
"{D050D7362D214723AD585B541FFB6C11}"=DivX Content Uploader
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1"=Orban/Coding Technologies

AAC/aacPlus Player Plugin™ 1.0
"{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}"=Live Search Maps Add-In for Microsoft

Office Outlook
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}"=Apple Mobile Device Support
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}"=TOSHIBA Speech System Applications
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}"=SMSC IrCC V5.1.3600.5 SP2
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}"=Toshiba Registration
"{F958CA02-BB40-4007-894B-258729456EE4}"=QuickTime
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}"= Sansa Media Converter
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"{FD42253B-9B4B-4150-998A-26B16E370EA9}"=StarOffice 8
"{Technology in the Class_8B2E6736-24F1-4272-B94D-A423E6DE8813}"=Technology in

the Class for Learning Essentials
"Adobe Acrobat 5.0"=Adobe Acrobat 5.0
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player
"America Online us"=America Online (Choose which version to remove)
"AVG8Uninstall"=AVG Free 8.0
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}"=BlackBerry Desktop Software

4.3
"Combined Community Codec Pack_is1"=Combined Community Codec Pack 2007-02-22
"Eden K9 Group Conferences Screen Saver"=Eden K9 Group Conferences Screen Saver
"ENTERPRISER"=Microsoft Office Enterprise 2007
"ExtractNow_is1"=ExtractNow
"FairUse Wizard 2"=FairUse Wizard 2
"FLV Player"=FLV Player 2.0 (build 25)
"Foxit Reader"=Foxit Reader
"FoxyTunesForFirefox"=FoxyTunes for Firefox
"Google Desktop"=Google Desktop
"Google Updater"=Google Updater
"HDMI"=Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"iDump"=iDump Build: 22
"ie7"=Windows Internet Explorer 7
"ie8"=Windows Internet Explorer 8 Release Candidate 1
"InstallShield_{7ED0C3C2-6A3B-4FD1-97C8-20613D7D9ACF}"=Texas Instruments

PCIxx21/x515 drivers.
"KandaInst_EREFCD_1_0"=American Heritage® Dictionary, 4th Ed.
"LE_CDK"=
"lvdrivers_11.90"=Logitech QuickCam Driver Package
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mihov Image Resizer"=Mihov Image Resizer 1.1 (remove only)
"Mozilla Firefox (3.0.6)"=Mozilla Firefox (3.0.6)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"My Journal_is1"=My Journal 1.0
"MySpaceIM"=MySpaceIM
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"Notebook_Maximizer"=Notebook Maximizer
"PC Diagnostic Tool"=TOSHIBA PC Diagnostic Tool
"Picasa2"=Picasa 2
"Power Saver"=TOSHIBA Power Saver
"ProInst"=Intel(R) PROSet/Wireless Software
"RealPlayer 6.0"=RealPlayer
"Riva FLV Player_is1"=Riva FLV Player
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Toshiba Q4 Retail Demo.scr"=Toshiba Q4 Retail Demo ScreenSaver
"TOSHIBA Software Modem"=TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver"=Toshiba Tbiosdrv Driver
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VLC media player 0.9.8a
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC"=Windows Imaging Component
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0
"Yahoo! Extras"=Yahoo! Browser Services
"Yahoo! Internet Mail"=Yahoo! Internet Mail
"Yahoo! Messenger"=Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent"=BitTorrent
"BitTorrent DNA"=DNA
"Google Chrome"=Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/24/2009 12:23:36 AM | Computer Name = TOSHIBA-USER | Source = Windows

Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CUSTOMER\MY

DOCUMENTS\AUDREY_JAYMES_FREE_STREAMING_PORN-5.FLV>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 2/24/2009 12:23:48 AM | Computer Name = TOSHIBA-USER | Source = Windows

Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CUSTOMER\MY

DOCUMENTS\AUDREY_JAYMES_FREE_STREAMING_PORN-6.FLV>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 2/24/2009 12:23:48 AM | Computer Name = TOSHIBA-USER | Source = Windows

Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\CUSTOMER\MY

DOCUMENTS\AUDREY_JAYMES_FREE_STREAMING_PORN-6.FLV>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog

Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 2/24/2009 5:01:25 PM | Computer Name = TOSHIBA-USER | Source = Google

Update | ID = 20
Description =

Error - 2/24/2009 6:01:02 PM | Computer Name = TOSHIBA-USER | Source = Google

Update | ID = 20
Description =

Error - 2/24/2009 7:01:02 PM | Computer Name = TOSHIBA-USER | Source = Google

Update | ID = 20
Description =

Error - 2/24/2009 8:01:02 PM | Computer Name = TOSHIBA-USER | Source = Google

Update | ID = 20
Description =

Error - 2/24/2009 9:01:02 PM | Computer Name = TOSHIBA-USER | Source = Google

Update | ID = 20
Description =

Error - 2/24/2009 10:01:02 PM | Computer Name = TOSHIBA-USER | Source = Google

Update | ID = 20
Description =

Error - 2/24/2009 11:01:02 PM | Computer Name = TOSHIBA-USER | Source = Google

Update | ID = 20
Description =

[ OSession Events ]
Error - 6/11/2007 3:14:46 PM | Computer Name = TOSHIBA-USER | Source = Microsoft

Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application

Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted

1039520
seconds with 7800 seconds of active time. This session ended with a crash.

Error - 7/21/2007 5:18:53 PM | Computer Name = TOSHIBA-USER | Source = Microsoft

Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application

Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted

89107
seconds with 960 seconds of active time. This session ended with a crash.

Error - 8/8/2007 1:14:49 PM | Computer Name = TOSHIBA-USER | Source = Microsoft

Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application

Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted

172691
seconds with 1140 seconds of active time. This session ended with a crash.

Error - 9/19/2007 12:46:56 PM | Computer Name = TOSHIBA-USER | Source = Microsoft

Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application

Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted

84352
seconds with 180 seconds of active time. This session ended with a crash.

Error - 11/10/2007 12:36:38 PM | Computer Name = TOSHIBA-USER | Source =

Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application

Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/19/2007 11:47:21 AM | Computer Name = TOSHIBA-USER | Source =

Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application

Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted

124176
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 12/3/2007 12:21:55 PM | Computer Name = TOSHIBA-USER | Source = Microsoft

Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application

Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted

84589
seconds with 120 seconds of active time. This session ended with a crash.

Error - 12/6/2007 8:52:25 PM | Computer Name = TOSHIBA-USER | Source = Microsoft

Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application

Version:
12.0.6023.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted

9920
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/11/2009 4:03:09 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID

= 10010
Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register
with DCOM within the required timeout.

Error - 2/12/2009 1:58:01 AM | Computer Name = TOSHIBA-USER | Source = Service

Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response

from
the wscsvc service.

Error - 2/12/2009 1:59:27 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID

= 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 2/12/2009 1:59:58 AM | Computer Name = TOSHIBA-USER | Source = DCOM | ID

= 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 2/12/2009 2:04:02 AM | Computer Name = TOSHIBA-USER | Source = Service

Control Manager | ID = 7034
Description = The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It
has done this 1 time(s).

Error - 2/12/2009 2:04:02 AM | Computer Name = TOSHIBA-USER | Source = Service

Control Manager | ID = 7034
Description = The RoxMediaDB9 service terminated unexpectedly. It has done this
1 time(s).

Error - 2/23/2009 4:40:50 PM | Computer Name = TOSHIBA-USER | Source = Disk | ID

= 262155
Description = The driver detected a controller error on \Device\Harddisk3\D.

Error - 2/23/2009 4:41:31 PM | Computer Name = TOSHIBA-USER | Source = Cdrom | ID

= 262155
Description = The driver detected a controller error on \Device\CdRom6.

Error - 2/23/2009 4:55:05 PM | Computer Name = TOSHIBA-USER | Source = Disk | ID

= 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 2/23/2009 4:55:25 PM | Computer Name = TOSHIBA-USER | Source = Cdrom | ID

= 262155
Description = The driver detected a controller error on \Device\CdRom1.

< End of report >

by **miguelvillafana** » February 25th, 2009, 9:27 am

uh oh... I (think) I see one infected file, possibly w/a trojan... In no way am I being sarcastic, but is this $2,000 laptop also now borderline junk and/or time for a reformat/reinstallation?

Forgive my pessimism. I obviously've had some very bad news for my folks, and even though it wasn't me who initially downloaded the bugs, my folks put a lot in me.

And I let them down.

Miguel V.

**********

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, February 25, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, February 25, 2009 04:19:06
Records in database: 1841605
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 117380
Threat name: 1
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 03:16:27

File name / Threat name / Threats count
C:\Documents and Settings\Customer\Application Data\Sun\Java\Deployment\cache\6.0\27\4e1c045b-6e36d320 Infected: Trojan.Java.ClassLoader.as 3

The selected area was scanned.

by **miguelvillafana** » February 25th, 2009, 2:48 pm

Hi Carolyn,

Something tells me I gave you (and others, it would appear by the number of folks visiting this post) plenty of work!

Based on the fact that I (initially) found only one bug (w/3 infect files) I hope that this time we'll be able to at least safeguard my beloved Toshiba Satellite. Thanks so much, Carolyn. I pulled an all-out blitz on you yesterday w/questions galore.

My family's more or less resigned to losing whatever pics/videos we had on the desktop (unless there's a miracle--my fingers are crossed), but it's all about playing it safe... And we've hopefully took a giant step forward.

Take care, more later,

Miguel V.

by **Carolyn** » February 25th, 2009, 3:10 pm

Hi Miguel,

I am at work right now, so I am not able to review your logs or answer all of your questions at the moment.

As for your families pictures and videos, they are probably safe. You can back everything except for applications/installers and Do NOT backup any .exe/.scr/.htm/.html/.xml/.zip/.rar files. Everything else is probably not infected. Copy them to removable media, then do an online scan of the files before transferring them to another computer. That will be safe.

Don't panic about your laptop... there is no reason to assume the worst.

I would like to see a ComboFix log from your laptop.

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please post the ComboFix log along with the contents of C:\QooBox\Add-Remove Programs.txt and a HijackThis log

Free Malware Removal Forum

windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Re: windows explorer hijack?

Who is online