Sorry it took me so long to complete all this -- life! I've posted the logs you requested below. However, I did mess up & on the AVG log I accidentally clicked "APPLY ALL ACTIONS" with the "DELETE" option instead of the "QUARANTINE" option. Is this a crisis?? THank you again for your help!
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:03:41 PM 2/7/2007
+ Scan result:
C:\Documents and Settings\Cindy McCarthy\Cookies\cindy_mccarthy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Cookies\cindy_mccarthy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob
mccarthy@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Cookies\cindy_mccarthy@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Cookies\cindy_mccarthy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob mccarthy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Mitch McCarthy\Cookies\mitch_mccarthy@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temp\Cookies\cindy
mccarthy@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Cookies\cindy_mccarthy@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob mccarthy@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@ehg-legonewyorkinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temp\Cookies\cindy
mccarthy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Cookies\cindy_mccarthy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temp\Cookies\cindy mccarthy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob_mccarthy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Cookies\cindy_mccarthy@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jacob McCarthy\Cookies\jacob mccarthy@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temp\Cookies\cindy
mccarthy@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
**PLEASE NOTE: I ACCIDENTALLY CLICKED "APPLY ALL ACTIONS" WITH THE "DELETE" OPTION IN INSTEAD OF THE "QUARANTINE" OPTION. IS THIS A CRISIS?
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 08, 2007 9:16:39 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/02/2007
Kaspersky Anti-Virus database records: 265931
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 63878
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:33:40
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01312007-212724.log Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{B7CE8228-AB2A-4207-AC8B-B466FB39825B} Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temp\~DF3073.tmp Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temp\~DF37D6.tmp Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Cindy McCarthy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacob McCarthy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jacob McCarthy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mitch McCarthy\My Documents\My Videos\Thumbs.db Object is locked skipped
C:\Documents and Settings\Mitch McCarthy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mitch McCarthy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46E98557-65C7-4066-9D61-A12588985258}\RP164\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
StartupList report, 2/8/2007, 9:30:38 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Cindy McCarthy\My Documents\HiJackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5730.0011)
* Using default options
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Cindy McCarthy\My Documents\HiJackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Cindy McCarthy\Start Menu\Programs\Startup]
HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
igfxtray = C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd = C:\WINDOWS\system32\hkcmd.exe
igfxpers = C:\WINDOWS\system32\igfxpers.exe
PSQLLauncher = "C:\Program Files\Protector Suite QL\launcher.exe" /startup
IntelZeroConfig = "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
IntelWireless = "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
DLA = C:\WINDOWS\System32\DLA\DLACTRLW.EXE
Apoint = C:\Program Files\Apoint2K\Apoint.exe
LtMoh = C:\Program Files\ltmoh\Ltmoh.exe
AGRSMMSG = AGRSMMSG.exe
NDSTray.exe = NDSTray.exe
HWSetup = C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
SVPWUTIL = C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
Tvs = C:\Program Files\Toshiba\Tvs\TvsTray.exe
CeEKEY = C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
TPSMain = TPSMain.exe
PadTouch = C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
ZoomingHook = ZoomingHook.exe
SmoothView = C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
TPNF = C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
TCtryIOHook = TCtrlIOHook.exe
TFncKy = TFncKy.exe
TDispVol = TDispVol.exe
Pinger = c:\toshiba\ivp\ism\pinger.exe /run
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
CXMon = "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
WD Button Manager = WDBtnMgr.exe
CFSServ.exe = CFSServ.exe -NoClient
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
IVPServiceMgr = C:\toshiba\ivp\ism\ivpsvmgr.exe
Windows Defender = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
SiteAdvisor = C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
mghtml.exe = c:\PROGRA~1\mcafee.com\shared\mghtml.exe -regserver
!mcagntps.dll = regsvr32.exe /s c:\PROGRA~1\mcafee.com\agent\mcagntps.dll
mcagent.exe = c:\PROGRA~1\mcafee.com\agent\mcagent.exe -regserver
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
H/PC Connection Agent = "C:\PROGRA~1\MICROS~4\wcescomm.exe"
Spyware Doctor = "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
updateMgr = "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
Skype = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ssmypics.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll - {089FD14D-132B-48FC-8861-0048AE113215}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\WINDOWS\System32\DLA\DLASHX_W.DLL - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Java\jre1.6.0\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
scriptproxy - c:\program files\mcafee\virusscan\scriptcl.dll - {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
(no name) - c:\program files\google\googletoolbar4.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC}
--------------------------------------------------
Enumerating Task Scheduler jobs:
McDefragTask.job
McQcTask.job
MP Scheduled Scan.job
--------------------------------------------------
Enumerating Download Program Files:
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE =
http://www.kaspersky.com/kos/english/ka ... nicode.cab
[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE =
http://download.microsoft.com/download/ ... ontrol.cab
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE =
http://update.microsoft.com/microsoftup ... 8323400046
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE =
http://download.macromedia.com/pub/shoc ... wflash.cab
[CTAdjust Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\clearadjust.dll
CODEBASE =
http://download.microsoft.com/download/ ... earadj.cab
--------------------------------------------------
Enumerating Windows NT/2000/XP services
McAfee Application Installer Cleanup (0055901170901222): C:\DOCUME~1\CINDYM~1\LOCALS~1\Temp\005590~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service (autostart)
AEGIS Protocol (IEEE 802.1x) v3.4.9.0: system32\DRIVERS\AegisP.sys (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ConfigFree Service: C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DLABOIOM: System32\DLA\DLABOIOM.SYS (autostart)
DLADResN: System32\DLA\DLADResN.SYS (autostart)
DLAIFS_M: System32\DLA\DLAIFS_M.SYS (autostart)
DLAOPIOM: System32\DLA\DLAOPIOM.SYS (autostart)
DLAPoolM: System32\DLA\DLAPoolM.SYS (autostart)
DLAUDFAM: System32\DLA\DLAUDFAM.SYS (autostart)
DLAUDF_M: System32\DLA\DLAUDF_M.SYS (autostart)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
DRVNDDM: System32\Drivers\DRVNDDM.SYS (autostart)
DVD-RAM_Service: C:\WINDOWS\system32\DVDRAMSV.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
Intel(R) PROSet/Wireless Event Log: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (autostart)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
FdRedir: \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (autostart)
FileDisk Protector Kernel Driver: \??\C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (autostart)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
McAfee HackerWatch Service: "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" (autostart)
McAfee Services: C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (autostart)
McAfee Network Agent: "c:\program files\common files\mcafee\mna\mcnasvc.exe" (autostart)
McAfee Scanner: C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (autostart)
McAfee Protection Manager: C:\PROGRA~1\McAfee\MSC\mcpromgr.exe (autostart)
McAfee Redirector Service: c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (autostart)
McAfee Real-time Scanner: C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (autostart)
McAfee SystemGuards: C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
McAfee Personal Firewall Service: "C:\Program Files\McAfee\MPF\MPFSrv.exe" (autostart)
TOSHIBA Network Device Usermode I/O Protocol: system32\DRIVERS\netdevio.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Intel(R) PROSet/Wireless Registry Service: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (autostart)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Retrospect WD Service: C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
Intel(R) PROSet/Wireless Service: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (autostart)
WLAN Transport: system32\DRIVERS\s24trans.sys (autostart)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
PC Tools Spyware Doctor: C:\Program Files\Spyware Doctor\sdhelp.exe (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiteAdvisor Service: C:\Program Files\SiteAdvisor\6021\SAService.exe (autostart)
SMI helper driver: \??\C:\Program Files\Protector Suite QL\smihlp.sys (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Swupdtmr: c:\Toshiba\IVP\swupdate\swupdtmr.exe (autostart)
TBiosDrv: \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys (autostart)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender: "C:\Program Files\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll
--------------------------------------------------
End of report, 19,590 bytes
Report generated in 0.203 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Logfile of HijackThis v1.99.1
Scan saved at 9:32:06 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\TPSBattM.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MICROS~4\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6021\SAService.exe
C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Cindy McCarthy\My Documents\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://online.wsj.com/home/us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IVPServiceMgr] C:\toshiba\ivp\ism\ivpsvmgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6021\SiteAdv.exe
O4 - HKLM\..\RunOnce: [mghtml.exe] c:\PROGRA~1\mcafee.com\shared\mghtml.exe -regserver
O4 - HKLM\..\RunOnce: [!mcagntps.dll] regsvr32.exe /s c:\PROGRA~1\mcafee.com\agent\mcagntps.dll
O4 - HKLM\..\RunOnce: [mcagent.exe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe -regserver
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Metamail Trust Manager.lnk = C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 8323400046
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6021\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0055901170901222) (0055901170901222mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\CINDYM~1\LOCALS~1\Temp\005590~1.EXE
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6021\SAService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe