Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT LOG. Please help!


  • Please log in to reply
2 replies to this topic

#1 Amador

Amador

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 14 December 2008 - 05:49 PM

Hi There, Before I start, let me apologize. I am not very computer savy, so I am not sure if this is the proper information. Please let me know if additional info is needed.

Here is the logfile from HJT- THere are many viruses that McAfee is detecting the the one the keeps comming up the most is Generic!Artemis

Thank you so much!

Chris

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:22 PM, on 12/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\Q2hyaXN0b3BoZXIgTWF1bg\command.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE
C:\WINDOWS\RTHDCPL.EXE
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RAMASST.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Bar] C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\mirasnet.tmp
O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: McAfee Wi-FiScan - http://download.mcafee.com/molbin/iss-loc/...ScannerCtrl.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: karna.dat tduzmz.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXN0b3BoZXIgTWF1bg\command.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 10292 bytes

BC AdBot (Login to Remove)

 


#2 Amador

Amador
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 14 December 2008 - 06:34 PM

OTScanit Log-


OTScanIt2 logfile created on: 12/14/2008 3:21:46 PM - Run 2
OTScanIt2 by OldTimer - Version 1.0.3.1 Folder = C:\Documents and Settings\Christopher Maun\Desktop\OTScanIt2
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 80.41% Memory free
3.08 Gb Paging File | 2.19 Gb Available in Paging File | 71.07% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 9.17 Gb Free Space | 12.35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAUNSTERS
Current User Name: Christopher Maun
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

[Processes - Safe List]
acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe -> [2004/12/14 03:44:30 | 00,065,536 | ---- | M] (Adobe Systems Incorporated)
agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> [2006/03/18 07:22:26 | 00,089,541 | ---- | M] (Agere Systems)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.)
brss01a.exe -> %SystemRoot%\system32\brss01a.exe -> [2001/12/12 23:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd)
brsvc01a.exe -> %SystemRoot%\system32\brsvc01a.exe -> [2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
cfsserv.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSServ.exe -> [2006/05/19 11:13:38 | 00,798,720 | ---- | M] (TOSHIBA CORPORATION)
cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> [2005/01/17 15:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
command.exe -> %SystemRoot%\Q2hyaXN0b3BoZXIgTWF1bg\command.exe -> [2005/08/02 16:58:38 | 00,293,888 | RHS- | M] ()
ddwmon.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe -> [2006/04/25 16:57:00 | 00,299,008 | ---- | M] (TOSHIBA Corporation)
devdetect.exe -> %CommonProgramFiles%\ACD Systems\EN\DevDetect.exe -> [2007/11/01 16:19:52 | 00,439,632 | ---- | M] (ACD Systems, Ltd.)
dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> [2006/07/03 00:57:04 | 00,479,232 | ---- | M] (Intel Corporation)
dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> [2004/08/27 23:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.)
e_s4i2r1.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE -> [2003/11/25 03:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION)
ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 12:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation)
ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/04/09 20:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation)
ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/08/05 12:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2006/07/02 21:57:12 | 00,434,176 | ---- | M] (Intel Corporation)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/11 15:13:20 | 00,068,856 | ---- | M] (Google Inc.)
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/11 10:37:27 | 00,168,432 | ---- | M] (Google)
hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> [2006/03/22 20:13:40 | 00,077,824 | ---- | M] (Intel Corporation)
iexplore.exe -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/10 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> [2006/07/02 21:50:32 | 00,700,416 | ---- | M] (Intel Corporation)
igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> [2006/03/22 20:17:50 | 00,118,784 | ---- | M] (Intel Corporation)
igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> [2006/03/22 20:17:04 | 00,094,208 | ---- | M] (Intel Corporation)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.)
ivpsvmgr.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\Ivpsvmgr.exe -> [2003/10/20 08:37:58 | 00,475,136 | ---- | M] (TOSHIBA Corporation)
ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> [2005/12/16 01:41:28 | 00,188,416 | ---- | M] (Agere Systems)
mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> [2008/07/11 16:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)
mcpvtray.exe -> %ProgramFiles%\McAfee\Anti-Theft\McPvTray.exe -> [2008/05/28 09:33:10 | 00,655,360 | ---- | M] (McAfee)
mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
mcsacore.exe -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/11/20 08:45:06 | 00,206,096 | ---- | M] ()
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)
mcvsshld.exe -> %ProgramFiles%\McAfee\VirusScan\mcvsshld.exe -> [2008/06/20 13:10:24 | 00,259,912 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)
msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.)
msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
ndstray.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\NDSTray.exe -> [2006/03/16 12:58:50 | 00,974,848 | ---- | M] (TOSHIBA CORPORATION)
notepad.exe -> %SystemRoot%\NOTEPAD.EXE -> [2004/08/10 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/12 09:24:20 | 00,477,184 | ---- | M] (OldTimer Tools)
padexe.exe -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe -> [2005/12/05 21:06:10 | 01,077,322 | ---- | M] (TOSHIBA)
psiservice.exe -> %SystemRoot%\system32\PSIService.exe -> [2007/06/05 12:20:32 | 00,177,704 | ---- | M] ()
ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> [2004/08/27 23:37:00 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.)
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2006/07/02 21:42:14 | 00,327,680 | ---- | M] (Intel Corporation)
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> [2007/08/20 14:38:02 | 16,384,512 | ---- | M] (Realtek Semiconductor Corp.)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004/08/10 04:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2004/08/10 04:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation)
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2006/07/02 21:49:10 | 00,937,984 | ---- | M] (Intel Corporation )
smoothview.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> [2005/04/26 15:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation)
swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [2005/07/12 16:14:42 | 00,040,960 | ---- | M] ()
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2006/03/02 15:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.)
tappsrv.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> [2006/02/07 15:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.)
tfncky.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Controls\TFncKy.exe -> [2005/08/16 10:23:12 | 00,188,416 | ---- | M] (TOSHIBA Corporation)
thotkey.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe -> [2006/08/02 15:52:46 | 00,364,544 | ---- | M] (TOSHIBA)
toddsrv.exe -> %SystemRoot%\system32\TODDSrv.exe -> [2006/05/25 17:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation)
toscdspd.exe -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> [2004/12/29 23:32:20 | 00,065,536 | ---- | M] (TOSHIBA)
toshiba.exe -> %ProgramFiles%\Synaptics\SynTP\Toshiba.exe -> [2006/03/02 14:50:52 | 00,151,552 | ---- | M] (Synaptics, Inc.)
tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> [2005/05/31 19:59:58 | 00,045,056 | ---- | M] (TOSHIBA Corporation)
tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> [2005/05/31 20:00:12 | 00,282,624 | ---- | M] (TOSHIBA Corporation)
tvstray.exe -> %ProgramFiles%\TOSHIBA\Tvs\TvsTray.exe -> [2006/02/02 11:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation)
wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2004/08/10 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation)
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> [2006/07/03 01:07:28 | 00,802,816 | ---- | M] (Intel Corporation)

[Win32 Services - Safe List]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation)
(Brother XP spl Service) BrSplService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\brsvc01a.exe -> [2002/04/11 23:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd)
(CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> [2005/01/17 15:38:38 | 00,040,960 | ---- | M] (TOSHIBA CORPORATION)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation)
(cmdService) Command Service [Win32_Own | Auto | Running] -> %SystemRoot%\Q2hyaXN0b3BoZXIgTWF1bg\command.exe -> [2005/08/02 16:58:38 | 00,293,888 | RHS- | M] ()
(DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> [2004/08/27 23:33:00 | 00,110,592 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.)
(ehRecvr) Media Center Receiver Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/04/09 20:24:28 | 00,237,568 | ---- | M] (Microsoft Corporation)
(ehSched) Media Center Scheduler Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 12:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation)
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2006/07/02 21:57:12 | 00,434,176 | ---- | M] (Intel Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2008/02/03 13:19:40 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/10/11 10:37:27 | 00,168,432 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2004/08/10 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/10/01 17:57:00 | 00,536,872 | ---- | M] (Apple Inc.)
(MBackMonitor) MBackMonitor [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> [2008/07/10 14:42:56 | 00,066,848 | ---- | M] (McAfee)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\SiteAdvisor\McSACore.exe -> [2008/11/20 08:45:06 | 00,206,096 | ---- | M] ()
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> [2008/10/10 16:16:00 | 00,792,696 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> [2008/06/20 13:10:22 | 00,361,800 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> [2008/07/09 14:49:10 | 00,358,736 | ---- | M] (McAfee, Inc.)
(McrdSvc) Media Center Extender Service [Win32_Own | Auto | Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 12:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation)
(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> [2008/06/20 05:41:04 | 00,144,704 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> [2008/09/16 10:04:12 | 00,605,512 | ---- | M] (McAfee, Inc.)
(MHN) MHN [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\mhn.dll -> [2004/08/10 03:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation)
(MpfService) McAfee Personal Firewall Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> [2008/07/09 17:36:30 | 00,884,360 | ---- | M] (McAfee, Inc.)
(MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> [2008/07/09 13:35:34 | 00,025,416 | ---- | M] (McAfee, Inc.)
(Network Monitor) Network Monitor [Win32_Own | Auto | Stopped] -> -> File not found
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PSIService.exe -> [2007/06/05 12:20:32 | 00,177,704 | ---- | M] ()
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2006/07/02 21:42:14 | 00,327,680 | ---- | M] (Intel Corporation)
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2006/07/02 21:49:10 | 00,937,984 | ---- | M] (Intel Corporation )
(Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [2005/07/12 16:14:42 | 00,040,960 | ---- | M] ()
(TAPPSRV) TOSHIBA Application Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> [2006/02/07 15:30:40 | 00,035,840 | ---- | M] (TOSHIBA Corp.)
(TODDSrv) TOSHIBA Optical Disc Drive Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TODDSrv.exe -> [2006/05/25 17:30:16 | 00,114,688 | ---- | M] (TOSHIBA Corporation)
(UMWdf) Windows User Mode Driver Framework [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/08/03 17:29:52 | 00,038,912 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.5.3.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2006/12/21 10:58:44 | 00,021,419 | ---- | M] (Meetinghouse Data Communications)
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> [2006/03/18 06:36:42 | 01,155,584 | ---- | M] (Agere Systems)
(ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2006/07/19 18:40:20 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider)
(BrScnUsb) Brother USB Still Image driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrScnUsb.sys -> [2004/10/15 18:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.)
(BrSerIf) Brother MFC Serial Port Interface WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrSerIf.sys -> [2006/01/19 04:44:46 | 00,053,248 | ---- | M] (Brother Industries Ltd.)
(BrUsbSer) Brother MFC USB Serial WDM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\BrUsbSer.sys -> [2006/01/19 09:17:38 | 00,011,904 | ---- | M] (Brother Industries Ltd.)
(EMSCR) EMSCR [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\EMS7SK.sys -> [2006/08/25 15:33:50 | 00,061,824 | ---- | M] (ENE Technology Inc.)
(ESDCR) ESDCR [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ESD7SK.sys -> [2006/08/22 09:11:30 | 00,040,064 | ---- | M] (ENE Technology Inc.)
(ESMCR) ESMCR [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ESM7SK.sys -> [2006/07/13 09:33:10 | 00,074,752 | ---- | M] (ENE Technology Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> [2005/01/07 16:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider)
(ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> [2006/03/22 20:47:06 | 01,166,972 | ---- | M] (Intel Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2007/08/28 15:55:10 | 04,609,024 | ---- | M] (Realtek Semiconductor Corp.)
(McPvDrv) McPvDrv [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\McPvDrv.sys -> [2008/05/28 09:32:42 | 00,061,688 | ---- | M] (McAfee)
(meiudf) meiudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\meiudf.sys -> [2005/06/02 02:33:00 | 00,102,384 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.)
(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> [2008/06/27 06:08:40 | 00,079,240 | ---- | M] (McAfee, Inc.)
(mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> [2008/06/27 06:08:40 | 00,035,240 | ---- | M] (McAfee, Inc.)
(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> [2008/06/27 06:08:40 | 00,207,656 | ---- | M] (McAfee, Inc.)
(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mferkdk.sys -> [2008/06/20 05:41:38 | 00,034,152 | ---- | M] (McAfee, Inc.)
(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mfesmfk.sys -> [2008/06/27 06:08:40 | 00,040,488 | ---- | M] (McAfee, Inc.)
(MPFP) MPFP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\Mpfp.sys -> [2008/06/02 14:55:42 | 00,120,136 | ---- | M] (McAfee, Inc.)
(Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Netdevio.sys -> [2003/01/29 13:35:00 | 00,012,032 | ---- | M] (TOSHIBA Corporation.)
(NETw3x32) Intel® PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw3x32.sys -> [2006/07/02 04:00:46 | 01,706,752 | ---- | M] (Intel® Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2008/04/07 15:16:45 | 00,043,872 | ---- | M] (Sonic Solutions)
(RimUsb) BlackBerry Smartphone [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RimUsb.sys -> [2007/05/31 12:39:50 | 00,022,656 | ---- | M] (Research In Motion Limited)
(RimVSerPort) RIM Virtual Serial Port v2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RimSerial.sys -> [2007/01/18 09:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd)
(ROOTMODEM) Microsoft Legacy Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rootmdm.sys -> [2004/08/10 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation)
(RTLE8023xp) Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Rtenicxp.sys -> [2006/06/28 15:25:06 | 00,081,920 | ---- | M] (Realtek Semiconductor Corporation )
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> [2006/07/02 23:16:30 | 00,012,544 | ---- | M] (Intel Corporation)
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2006/01/13 03:04:21 | 00,076,544 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(Ser2pl) Prolific Serial port driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ser2pl.sys -> [2003/07/16 13:27:40 | 00,043,264 | ---- | M] (Prolific Technology Inc.)
(sffdisk) SFF Storage Class Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffdisk.sys -> [2006/01/13 03:21:46 | 00,011,136 | ---- | M] (Microsoft Corporation)
(sffp_sd) SFF Storage Protocol Driver for SDBus [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\sffp_sd.sys -> [2006/01/13 03:21:46 | 00,010,368 | ---- | M] (Microsoft Corporation)
(SMNDIS5) SMNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -> [2002/11/26 13:54:58 | 00,016,936 | ---- | M] (Smith Micro Software, Inc.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2006/03/02 14:46:54 | 00,191,968 | ---- | M] (Synaptics, Inc.)
(tbiosdrv) Toshiba Logical Tbios Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tbiosdrv.sys -> [2005/08/24 14:20:28 | 00,009,472 | ---- | M] ()
(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tcusb.sys -> [2006/05/05 02:12:54 | 00,028,800 | ---- | M] (UPEK Inc.)
(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tdcmdpst.sys -> [2006/03/02 17:49:50 | 00,015,360 | ---- | M] (TOSHIBA Corporation.)
(tdudf) TOSHIBA UDF File System Driver [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\tdudf.sys -> [2006/06/28 10:50:00 | 00,098,816 | ---- | M] (TOSHIBA Corporation)
(tosrfec) Bluetooth ACPI from TOSHIBA [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tosrfec.sys -> [2005/09/09 13:47:10 | 00,009,344 | ---- | M] (TOSHIBA Corporation)
(TVALD) Toshiba Mobile PC Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NBSMI.sys -> [2005/10/20 13:03:42 | 00,006,144 | ---- | M] (Toshiba Corporation)
(Tvs) TOSHIBA Virtual Sound with SRS technologies [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Tvs.sys -> [2006/05/30 15:42:52 | 00,045,696 | ---- | M] (TOSHIBA Corporation)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wanatw4.sys -> [2003/01/10 12:13:04 | 00,033,588 | R--- | M] (America Online, Inc.)
(wpdusbb) wpdusbb [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wpdusbb.sys -> [2008/12/09 23:40:24 | 00,086,272 | ---- | M] ()

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://search.yahoo.com/search?fr=mcafee&p=%s ->
HKEY_CURRENT_USER\: SearchURL\\"provider" -> gogl ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\.DEFAULT\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"Search Page" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\S-1-5-18\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
HKEY_USERS\S-1-5-20\: Main\\"Start Page" -> http://www.toshibadirect.com/dpdstart ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\] > -> ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\: Main\\"Default_Search_URL" -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\: Main\\"Local Page" -> C:\windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\: Main\\"Search Page" -> http://www.google.com ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\: Main\\"Start Page" -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\: SearchURL\\"" -> http://search.yahoo.com/search?fr=mcafee&p=%s ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\: SearchURL\\"provider" -> gogl ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\: "ProxyEnable" -> 0 ->
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{4161E672-84FE-48E7-A60C-BCF11607D2FB} [HKLM] -> %SystemRoot%\system32\yATlMedD.dll [Reg Error: Value does not exist or could not be read.] -> [2008/12/09 23:30:29 | 00,302,592 | ---- | M] ()
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} [HKLM] -> %SystemRoot%\system32\urqNEvVp.dll [Reg Error: Value does not exist or could not be read.] -> [2008/12/14 14:22:29 | 00,034,816 | ---- | M] ()
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/10/11 10:37:48 | 02,549,368 | R--- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/10/11 10:37:48 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/10/11 10:37:48 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\] > -> HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/10/11 10:37:48 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/10/11 10:37:48 | 02,549,368 | R--- | M] (Google Inc.)
WebBrowser\\"{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AGRSMMSG" -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> [2006/03/18 07:22:26 | 00,089,541 | ---- | M] (Agere Systems)
"Alcmtr" -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> [2005/05/03 17:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
"Bar" -> %SystemDrive%\DOCUME~1\CHRIST~1\LOCALS~1\Temp\mirasnet.tmp [C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\mirasnet.tmp] -> File not found
"CFSServ.exe" -> [CFSServ.exe -NoClient] -> File not found
"DDWMon" -> %ProgramFiles%\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe [C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe] -> [2006/04/25 16:57:00 | 00,299,008 | ---- | M] (TOSHIBA Corporation)
"Device Detector" -> [DevDetect.exe -autorun] -> File not found
"ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/05 12:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation)
"EPSON Stylus C86 Series" -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_S4I2R1.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2R1.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86"] -> [2003/11/25 03:00:00 | 00,099,840 | ---- | M] (SEIKO EPSON CORPORATION)
"igfxhkcmd" -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2006/03/22 20:13:40 | 00,077,824 | ---- | M] (Intel Corporation)
"igfxpers" -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2006/03/22 20:17:50 | 00,118,784 | ---- | M] (Intel Corporation)
"igfxtray" -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2006/03/22 20:17:04 | 00,094,208 | ---- | M] (Intel Corporation)
"IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> [2006/07/02 21:50:32 | 00,700,416 | ---- | M] (Intel Corporation)
"IntelZeroConfig" -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2006/07/03 01:07:28 | 00,802,816 | ---- | M] (Intel Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/10/01 17:57:12 | 00,289,576 | ---- | M] (Apple Inc.)
"LtMoh" -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> [2005/12/16 01:41:28 | 00,188,416 | ---- | M] (Agere Systems)
"mcagent_exe" -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2008/07/11 16:48:54 | 00,641,208 | ---- | M] (McAfee, Inc.)
"McENUI" -> %ProgramFiles%\McAfee\MHN\McENUI.exe [C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide] -> [2008/06/13 02:59:26 | 01,176,808 | ---- | M] (McAfee, Inc.)
"McPvTray" -> %ProgramFiles%\McAfee\Anti-Theft\McPvTray.exe [C:\Program Files\McAfee\Anti-Theft\McPvTray.exe] -> [2008/05/28 09:33:10 | 00,655,360 | ---- | M] (McAfee)
"MSKDetectorExe" -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> File not found
"NDSTray.exe" -> [NDSTray.exe] -> File not found
"PadTouch" -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> [2005/12/05 21:06:10 | 01,077,322 | ---- | M] (TOSHIBA)
"Pinger" -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> [2005/03/17 16:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/09/06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.)
"RTHDCPL" -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> [2007/08/20 14:38:02 | 16,384,512 | ---- | M] (Realtek Semiconductor Corp.)
"SmoothView" -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> [2005/04/26 15:13:20 | 00,122,880 | ---- | M] (TOSHIBA Corporation)
"SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/02 15:02:08 | 00,761,948 | ---- | M] (Synaptics, Inc.)
"TFncKy" -> [TFncKy.exe] -> File not found
"THotkey" -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe [C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe] -> [2006/08/02 15:52:46 | 00,364,544 | ---- | M] (TOSHIBA)
"TPSMain" -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> [2005/05/31 20:00:12 | 00,282,624 | ---- | M] (TOSHIBA Corporation)
"Tvs" -> %ProgramFiles%\TOSHIBA\Tvs\TvsTray.exe [C:\Program Files\Toshiba\Tvs\TvsTray.exe] -> [2006/02/02 11:11:38 | 00,073,728 | ---- | M] (TOSHIBA Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AdwareAlert" -> %ProgramFiles%\AdwareAlert\AdwareAlert.exe [C:\Program Files\AdwareAlert\AdwareAlert.exe -boot] -> File not found
"BitTorrent" -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized] -> File not found
"brastk" -> %SystemRoot%\system32\brastk.exe [C:\WINDOWS\system32\brastk.exe] -> File not found
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/11 15:13:20 | 00,068,856 | ---- | M] (Google Inc.)
"TOSCDSPD" -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> [2004/12/29 23:32:20 | 00,065,536 | ---- | M] (TOSHIBA)
< Run [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\] > -> HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AdwareAlert" -> %ProgramFiles%\AdwareAlert\AdwareAlert.exe [C:\Program Files\AdwareAlert\AdwareAlert.exe -boot] -> File not found
"BitTorrent" -> %ProgramFiles%\BitTorrent\bittorrent.exe ["C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized] -> File not found
"brastk" -> %SystemRoot%\system32\brastk.exe [C:\WINDOWS\system32\brastk.exe] -> File not found
"MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/11 15:13:20 | 00,068,856 | ---- | M] (Google Inc.)
"TOSCDSPD" -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> [2004/12/29 23:32:20 | 00,065,536 | ---- | M] (TOSHIBA)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> [2004/08/27 23:37:00 | 00,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.)
< Christina Maun Startup Folder > -> C:\Documents and Settings\Christina Maun\Start Menu\Programs\Startup ->
%SystemDrive%\Documents and Settings\Christina Maun\Start Menu\Programs\Startup\VZAccess Manager.lnk -> %ProgramFiles%\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe -> [2008/03/07 13:38:02 | 01,733,936 | ---- | M] (Smith Micro Software, Inc.)
< Christopher Maun Startup Folder > -> C:\Documents and Settings\Christopher Maun\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found
\\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"ForceClassicControlPanel" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005] > -> HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"ForceClassicControlPanel" -> [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005] > -> HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 12:04:25 | 02,306,113 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 12:04:25 | 02,306,113 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 12:04:25 | 02,306,113 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\] > -> HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\Software\Microsoft\Internet Explorer\MenuExt\ ->
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr [res://C:\WINDOWS\system32\GPhotos.scr/200] -> [2008/11/17 12:04:25 | 02,306,113 | ---- | M] (Google Inc.)
E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\] > -> HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found
CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find...=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\] > -> HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\] > -> HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-124482275-1178308810-4095555383-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_06] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab[Java Plug-in 1.5.0_06] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab[Shockwave Flash Object] ->
McAfee Wi-FiScan [HKLM] -> http://download.mcafee.com/molbin/iss-loc/...ScannerCtrl.cab[Reg Error: Key does not exist or could not be opened.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{4FB5356C-4326-4977-8B81-1F90A8CEDC57} -> (1394 Net Adapter) ->
{B6E29E08-A40B-493B-B7F6-6A34AD21341A} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{B8EC5DD2-704A-442F-AD2A-1359A60675F4} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
karna.dat -> -> File not found
tduzmz.dll -> %SystemRoot%\system32\tduzmz.dll -> [2008/12/14 14:13:25 | 00,129,024 | ---- | M] ()
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %SystemRoot%\system32\igfxdev.dll -> [2006/03/22 20:12:42 | 00,139,264 | ---- | M] (Intel Corporation)
kHAsrRig -> -> File not found
urqNEvVp -> %SystemRoot%\system32\urqNEvVp.dll -> [2008/12/14 14:22:29 | 00,034,816 | ---- | M] ()
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}" [HKLM] -> %SystemRoot%\system32\urqNEvVp.dll [] -> [2008/12/14 14:22:29 | 00,034,816 | ---- | M] ()
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
C:\WINDOWS\system32\yATlMedD -> %SystemRoot%\system32\yATlMedD.dll -> [2008/12/09 23:30:29 | 00,302,592 | ---- | M] ()
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/10 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2004/08/10 04:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" -> C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe [C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server] -> File not found
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe" -> C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe [C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server] -> File not found
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found
"C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe" -> C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1153363098\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> [2004/10/14 14:33:08 | 00,012,888 | ---- | M] (America Online, Inc.)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> [2008/07/18 08:02:52 | 02,482,848 | ---- | M] (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/10/01 17:57:04 | 14,258,472 | ---- | M] (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2008/09/18 10:50:21 | 00,147,456 | ---- | M] (Lime Wire, LLC)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
"C:\Program Files\SkillGround\Games\UTG\Main.exe" -> C:\Program Files\SkillGround\Games\UTG\Main.exe [C:\Program Files\SkillGround\Games\UTG\Main.exe:*:Enabled:UTG] -> File not found
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe" -> C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine] -> File not found
"C:\TOSHIBA\Ivp\ISM\pinger.exe" -> C:\TOSHIBA\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> [2005/03/17 16:37:26 | 00,151,552 | ---- | M] (TOSHIBA Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" -> C:\TOSHIBA\IVP\NetInt\netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> [2004/11/03 14:06:34 | 00,462,848 | ---- | M] (TOSHIBA Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2004/08/10 04:00:00 | 00,049,536 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2006/07/18 18:37:30 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2005/05/26 15:22:01 | 00,010,752 | ---- | M] (Microsoft Corporation)
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/10 04:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
.hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2004/08/10 04:00:00 | 00,029,184 | ---- | M] (Microsoft Corporation)
.html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\IEXPLORE.EXE -> [2004/08/10 04:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation)
.inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/10 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/10 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/10 04:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/10 04:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.pif [@ = piffile] -> "%1" %* ->
.reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2004/08/10 04:00:00 | 00,146,432 | ---- | M] (Microsoft Corporation)
.scr [@ = scrfile] -> "%1" /S ->
.txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2004/08/10 04:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation)
.vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/10 04:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/10 04:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/10 04:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
.wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2004/08/10 04:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp: [HKLM] -> No CLSID value
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
msdaipp: [HKLM] -> No CLSID value
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2003/07/11 01:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation)
sacore:{5513F07E-936B-4E52-9B00-067394E91CC5} [HKLM] -> %ProgramFiles%\McAfee\SiteAdvisor\McIEPlg.dll[McAfee SACore Protocol Handler] -> [2008/11/14 12:25:26 | 00,150,032 | ---- | M] ()
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusOverride" -> [0] -> File not found
\\"FirewallOverride" -> [0] -> File not found
\\"AntiVirusDisableNotify" -> [0] -> File not found
\\"FirewallDisableNotify" -> [0] -> File not found
\\"UpdatesDisableNotify" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
\Monitoring\McAfeeAntiVirus\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
\Monitoring\McAfeeFirewall\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"DoNotAllowExceptions" -> [0] -> File not found
\\"EnableFirewall" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{008D69EB-70FF-46AB-9C75-924620DF191A} -> TOSHIBA Speech System SR Engine(U.S.) Version1.0
{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} -> mLogView
{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} -> Google Earth
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer
{23FB368F-1399-4EAC-817C-4B83ECBE3D83} -> mProSafe
{2C38F661-26B7-445D-B87D-B53FE2D3BD42} -> TOSHIBA PC Diagnostic Tool
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{3E9D596A-61D4-4239-BD19-2DB984D2A16F} -> mIWA
{3FBF6F99-8EC6-41B4-8527-0A32241B5496} -> TOSHIBA Speech System TTS Engine(U.S.) Version1.0
{400830CA-F056-4BBE-80A3-9DF9CA4FB889} -> TOSHIBA Direct Disc Writer
{425A2BC2-AA64-4107-9C29-484245BBEA05} -> TOSHIBA Software Upgrades
{47D2103B-FD51-4017-9C20-DD408B17D726} -> Office 2003 Trial Assistant
{48AFBB60-8CF5-4605-BB04-704DD8702B80} -> VZAccess Manager for RIM
{48CF9A66-5F03-4025-ABD0-B3A3FA095A59} -> TOSHIBA SD Memory Card Format
{4AAC95F4-A30E-4EE5-A086-6F79581D0D70} -> ACDSee Pro 2
{529DDE6B-4F31-438B-B218-F36266ABD8C0} -> TOSHIBA Disc Creator
{531BC138-F1F7-496B-879C-F039ECEF438D} -> Adobe Photoshop Lightroom 2
{55937F00-A69B-4049-8D3A-1C7729742B6F} -> BUM
{5D96E2B1-D9AC-46E0-9073-425C5F63E338} -> Touch and Launch
{64212898-097F-4F3F-AECA-6D34A7EF82DF} -> TOSHIBA Zooming Utility
{64DD71BC-3109-4C88-9AD3-D5422644B722} -> TOSHIBA Hotkey Utility
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{69BE47C2-36FE-4397-8199-85D8EAE69982} -> TOSHIBA TouchPad ON/Off Utility
{7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable
{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C} -> TOSHIBA Utilities
{87441A59-5E64-4096-A170-14EFE67200C3} -> Picture Control Utility
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A708DD8-A5E6-11D4-A706-000629E95E20} -> Intel® Graphics Media Accelerator Driver
{8B12BA86-ADAC-4BA6-B441-FFC591087252} -> TOSHIBA Virtual Sound
{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} -> mPfMgr
{8C6BB412-D3A8-4AAE-A01B-35B681789D68} -> mHelp
{8DC42D05-680B-41B0-8878-6C14D24602DB} -> QuickTime
{90B0D222-8C21-4B35-9262-53B042F18AF9} -> mPfWiz
{90CC4231-94AC-45CD-991A-0253BFAC0650} -> mDrWiFi
{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} -> InterVideo WinDVD for TOSHIBA
{94658027-9F16-4509-BBD7-A59FE57C3023} -> mZConfig
{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} -> Apple Mobile Device Support
{9941F0AA-B903-4AF4-A055-83A9815CC011} -> Sonic Encoders
{9CC89556-3578-48DD-8408-04E66EBEF401} -> mXML
{9D765FA6-F2BC-40AF-8145-50808F9BDF4E} -> DVD-RAM Driver
{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D} -> CD/DVD Drive Acoustic Silencer
{A26FA58F-0AD6-4F9C-A134-FE2CFB2EAE97} -> McAfee Anti-Theft
{A394E835-C8D6-4B4B-884B-D2709059F3BE} -> Network Monitor
{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6} -> TOSHIBA Controls
{AC76BA86-7AD7-1033-7B44-A70000000000} -> Adobe Reader 7.0
{B508B3F1-A24A-32C0-B310-85786919EF28} -> Microsoft .NET Framework 2.0 Service Pack 1
{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} -> TOSHIBA Recovery Disc Creator
{BDD83DC9-BEE9-4654-A5DA-CC46C250088D} -> TOSHIBA ConfigFree
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{CEBB6BFB-D708-4F99-A633-BC2600E01EF6} -> Bluetooth Stack for Windows by Toshiba
{DA1876DD-323E-4D78-8F9F-8F4FDE25C010} -> ID_DCRaw Image Decoder Plug-In
{DBEA1034-5882-4A88-8033-81C4EF0CFA29} -> Google Toolbar for Internet Explorer
{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843} -> iTunes
{E81667C6-2856-46D6-ABEA-6A2F42166779} -> mCore
{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E} -> PL-2303 USB-to-Serial
{EE033C1F-443E-41EC-A0E2-559B539A4E4D} -> TOSHIBA Speech System Applications
{F007CBCE-D714-4C0B-8CE9-9B0D78116468} -> ViewNX
{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} -> mMHouse
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F21B28BF-8A4D-4F1A-A61B-69DD5B4A9BBA} -> Toshiba Media Center Game Console
{F6C405D2-C50D-4D10-B89E-73A233A14D74} -> Toshiba Registration
{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} -> mWlsSafe
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
EPSON Printer and Utilities -> EPSON Printer Software
GolfLogix Course Manager_is1 -> GolfLogix Course Manager 3.0
Google Updater -> Google Updater
HijackThis -> HijackThis 2.0.2
InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42} -> TOSHIBA PC Diagnostic Tool
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
MSC -> McAfee SecurityCenter
OfotoEZUpload -> KODAK EASYSHARE Gallery Upload ActiveX Control
Picasa 3 -> Picasa 3
Power Saver -> TOSHIBA Power Saver
ProInst -> Intel® PROSet/Wireless Software
RealPlayer 6.0 -> RealPlayer Basic
SynTPDeinstKey -> Synaptics Pointing Device Driver
TOSHIBA Game Console -> TOSHIBA Game Console
TOSHIBA Software Modem -> TOSHIBA Software Modem
Windows Media Format Runtime -> Windows Media Format Runtime
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 12/11/2008 5:32:00 PM Computer Name = MAUNSTERS | Source = McLogEvent | ID = 5051 -> Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 596 (0x254) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.384 / 5300.2777 Object being scanned = \Device\HarddiskVolume1\WINDOWS\Q2hyaXN0b3BoZXIgTWF1bg\asappsrv.dll by c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Application [ Error ] 12/11/2008 5:35:36 PM Computer Name = MAUNSTERS | Source = Application Hang | ID = 1002 -> Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/12/2008 4:18:13 PM Computer Name = MAUNSTERS | Source = Application Error | ID = 1000 -> Description = Faulting application rundll32.exe, version 5.1.2600.2180, faulting module mjlmtn.dll, version 0.0.0.0, fault address 0x00016366.
Application [ Error ] 12/12/2008 4:19:43 PM Computer Name = MAUNSTERS | Source = McLogEvent | ID = 5051 -> Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 2844 (0xb1c) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.384 / 5300.2777 Object being scanned = \Device\HarddiskVolume1\WINDOWS\Q2hyaXN0b3BoZXIgTWF1bg\asappsrv.dll by C:\WINDOWS\system32\dwwin.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Application [ Error ] 12/13/2008 6:07:27 PM Computer Name = MAUNSTERS | Source = McLogEvent | ID = 5051 -> Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 756 (0x2f4) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.384 / 5300.2777 Object being scanned = \Device\HarddiskVolume1\WINDOWS\Q2hyaXN0b3BoZXIgTWF1bg\asappsrv.dll by C:\Program Files\Internet Explorer\iexplore.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Application [ Error ] 12/13/2008 6:07:39 PM Computer Name = MAUNSTERS | Source = Application Hang | ID = 1002 -> Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/13/2008 6:07:40 PM Computer Name = MAUNSTERS | Source = Application Hang | ID = 1002 -> Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/13/2008 6:12:02 PM Computer Name = MAUNSTERS | Source = Application Hang | ID = 1002 -> Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Application [ Error ] 12/13/2008 6:13:38 PM Computer Name = MAUNSTERS | Source = McLogEvent | ID = 5051 -> Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took longer than 90000 ms to complete a request. The process will be terminated. Thread id : 4072 (0xfe8) Thread address : 0x7C90EB94 Thread message : Build VSCORE.14.0.0.384 / 5300.2777 Object being scanned = \Device\HarddiskVolume1\WINDOWS\Q2hyaXN0b3BoZXIgTWF1bg\asappsrv.dll by C:\WINDOWS\system32\dwwin.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)
Application [ Error ] 12/14/2008 5:54:42 PM Computer Name = MAUNSTERS | Source = Application Hang | ID = 1002 -> Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
System [ Error ] 12/12/2008 4:25:34 PM Computer Name = MAUNSTERS | Source = DCOM | ID = 10010 -> Description = The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
System [ Error ] 12/12/2008 4:25:47 PM Computer Name = MAUNSTERS | Source = DCOM | ID = 10010 -> Description = The server {76DEF3AC-2910-4234-9EE2-C81B2D45833A} did not register with DCOM within the required timeout.
System [ Error ] 12/12/2008 7:08:48 PM Computer Name = MAUNSTERS | Source = ipnathlp | ID = 32003 -> Description = The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
System [ Error ] 12/13/2008 6:03:56 PM Computer Name = MAUNSTERS | Source = Service Control Manager | ID = 7000 -> Description = The Network Monitor service failed to start due to the following error: %%2
System [ Error ] 12/13/2008 6:07:29 PM Computer Name = MAUNSTERS | Source = Service Control Manager | ID = 7031 -> Description = The McAfee Real-time Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
System [ Error ] 12/13/2008 6:13:39 PM Computer Name = MAUNSTERS | Source = Service Control Manager | ID = 7031 -> Description = The McAfee Real-time Scanner service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
System [ Error ] 12/14/2008 5:48:59 PM Computer Name = MAUNSTERS | Source = DCOM | ID = 10010 -> Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.
System [ Error ] 12/14/2008 5:49:22 PM Computer Name = MAUNSTERS | Source = Service Control Manager | ID = 7000 -> Description = The Network Monitor service failed to start due to the following error: %%2
System [ Error ] 12/14/2008 6:10:31 PM Computer Name = MAUNSTERS | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 12/14/2008 6:10:43 PM Computer Name = MAUNSTERS | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

[Files/Folders - Created Within 30 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/14 15:17:50 | 00,000,000 | ---D | C]
ToDisc.INI -> %SystemRoot%\ToDisc.INI -> [2008/12/14 14:54:40 | 00,000,000 | ---- | C] ()
hgGwUOGY.dll -> %SystemRoot%\System32\hgGwUOGY.dll -> [2008/12/14 14:31:36 | 00,034,816 | ---- | C] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/14 14:26:22 | 00,001,745 | ---- | C] ()
Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/12/14 14:26:22 | 00,000,000 | ---D | C]
urqNEvVp.dll -> %SystemRoot%\System32\urqNEvVp.dll -> [2008/12/14 14:22:29 | 00,034,816 | ---- | C] ()
bevaaaot.ini -> %SystemRoot%\System32\bevaaaot.ini -> [2008/12/14 14:16:42 | 01,647,120 | -HS- | C] ()
toaaaveb.dll -> %SystemRoot%\System32\toaaaveb.dll -> [2008/12/14 14:16:36 | 00,072,704 | ---- | C] ()
tduzmz.dll -> %SystemRoot%\System32\tduzmz.dll -> [2008/12/14 14:13:25 | 00,129,024 | ---- | C] ()
jntarhvk.dll -> %SystemRoot%\System32\jntarhvk.dll -> [2008/12/14 14:13:24 | 00,129,024 | ---- | C] ()
st_affiliate.ini -> %SystemRoot%\st_affiliate.ini -> [2008/12/14 14:10:48 | 00,000,073 | ---- | C] ()
LastGood -> %SystemRoot%\LastGood -> [2008/12/14 14:02:21 | 00,000,000 | ---D | C]
qjmthcck.ini -> %SystemRoot%\System32\qjmthcck.ini -> [2008/12/13 14:16:08 | 01,655,225 | -HS- | C] ()
kcchtmjq.dll -> %SystemRoot%\System32\kcchtmjq.dll -> [2008/12/13 14:16:07 | 00,072,704 | ---- | C] ()
xdbfpk.dll -> %SystemRoot%\System32\xdbfpk.dll -> [2008/12/13 14:11:01 | 00,129,024 | ---- | C] ()
yclchxos.dll -> %SystemRoot%\System32\yclchxos.dll -> [2008/12/13 14:10:59 | 00,129,024 | ---- | C] ()
mjlmtn.dll -> %SystemRoot%\System32\mjlmtn.dll -> [2008/12/12 12:17:05 | 00,129,024 | ---- | C] ()
axrmmalt.dll -> %SystemRoot%\System32\axrmmalt.dll -> [2008/12/12 12:17:01 | 00,129,024 | ---- | C] ()
mlavrtmq.ini -> %SystemRoot%\System32\mlavrtmq.ini -> [2008/12/11 13:35:47 | 01,649,718 | -HS- | C] ()
fqblfepe.ini -> %SystemRoot%\System32\fqblfepe.ini -> [2008/12/11 13:33:04 | 01,626,823 | -HS- | C] ()
atmtd.dll._ -> %SystemRoot%\System32\atmtd.dll._ -> [2008/12/10 21:55:35 | 00,687,592 | ---- | C] ()
atmtd.dll -> %SystemRoot%\System32\atmtd.dll -> [2008/12/10 21:55:35 | 00,687,592 | ---- | C] ()
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2008/12/10 20:28:36 | 00,007,635 | ---- | C] ()
McAfee Security Center.lnk -> %AllUsersProfile%\Desktop\McAfee Security Center.lnk -> [2008/12/10 20:28:03 | 00,000,682 | ---- | C] ()
McAfee EasyNetwork.lnk -> %AllUsersProfile%\Desktop\McAfee EasyNetwork.lnk -> [2008/12/10 20:27:09 | 00,000,677 | ---- | C] ()
mfesmfk.sys -> %SystemRoot%\System32\drivers\mfesmfk.sys -> [2008/12/10 20:19:38 | 00,040,488 | ---- | C] (McAfee, Inc.)
mfebopk.sys -> %SystemRoot%\System32\drivers\mfebopk.sys -> [2008/12/10 20:19:38 | 00,035,240 | ---- | C] (McAfee, Inc.)
mfeavfk.sys -> %SystemRoot%\System32\drivers\mfeavfk.sys -> [2008/12/10 20:19:37 | 00,079,240 | ---- | C] (McAfee, Inc.)
Mpfp.sys -> %SystemRoot%\System32\drivers\Mpfp.sys -> [2008/12/10 20:19:11 | 00,120,136 | ---- | C] (McAfee, Inc.)
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [2008/12/10 20:17:53 | 00,000,362 | ---- | C] ()
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [2008/12/10 20:17:51 | 00,000,354 | ---- | C] ()
McAfee -> %CommonProgramFiles%\McAfee -> [2008/12/10 20:16:20 | 00,000,000 | ---D | C]
McAfee.com -> %ProgramFiles%\McAfee.com -> [2008/12/10 20:16:16 | 00,000,000 | ---D | C]
mferkdk.sys -> %SystemRoot%\System32\drivers\mferkdk.sys -> [2008/12/10 20:10:40 | 00,034,152 | ---- | C] (McAfee, Inc.)
McAfee Anti-Theft -> %AllUsersProfile%\Application Data\McAfee Anti-Theft -> [2008/12/10 20:00:23 | 00,000,000 | ---D | C]
McAfee Vaults -> %UserProfile%\My Documents\McAfee Vaults -> [2008/12/10 19:54:25 | 00,000,000 | R-SD | C]
McAfee Anti-Theft.lnk -> %AllUsersProfile%\Desktop\McAfee Anti-Theft.lnk -> [2008/12/10 19:54:20 | 00,001,814 | ---- | C] ()
SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [2008/12/10 12:18:39 | 00,000,000 | ---D | C]
Q2hyaXN0b3BoZXIgTWF1bg -> %SystemRoot%\Q2hyaXN0b3BoZXIgTWF1bg -> [2008/12/09 23:40:37 | 00,000,000 | -HSD | C]
Network Monitor -> %ProgramFiles%\Network Monitor -> [2008/12/09 23:40:37 | 00,000,000 | ---D | C]
core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [2008/12/09 23:40:24 | 00,167,976 | ---- | C] ()
wpdusbb.sys -> %SystemRoot%\System32\drivers\wpdusbb.sys -> [2008/12/09 23:40:24 | 00,086,272 | ---- | C] ()
ki3 -> %SystemRoot%\System32\ki3 -> [2008/12/09 23:40:20 | 00,000,000 | ---D | C]
in -> %SystemRoot%\System32\in -> [2008/12/09 23:40:20 | 00,000,000 | ---D | C]
C -> %SystemRoot%\System32\C -> [2008/12/09 23:40:20 | 00,000,000 | ---D | C]
.# -> %UserProfile%\Local Settings\Application Data\.# -> [2008/12/09 23:40:16 | 00,000,000 | -HSD | C]
kqjmcgoj.ini -> %SystemRoot%\System32\kqjmcgoj.ini -> [2008/12/09 23:32:04 | 01,545,234 | -HS- | C] ()
DdeMlTAy.ini2 -> %SystemRoot%\System32\DdeMlTAy.ini2 -> [2008/12/09 23:30:30 | 00,911,494 | -HS- | C] ()
DdeMlTAy.ini -> %SystemRoot%\System32\DdeMlTAy.ini -> [2008/12/09 23:30:30 | 00,911,494 | -HS- | C] ()
yATlMedD.dll -> %SystemRoot%\System32\yATlMedD.dll -> [2008/12/09 23:30:25 | 00,302,592 | ---- | C] ()
gadcom -> %AppData%\gadcom -> [2008/12/09 23:25:41 | 00,000,000 | ---D | C]
lyrjbhdg.job -> %SystemRoot%\tasks\lyrjbhdg.job -> [2008/12/09 23:25:24 | 00,000,316 | ---- | C] ()
Iron Man -> %AllUsersProfile%\Desktop\Iron Man -> [2008/11/26 22:53:52 | 00,000,000 | ---D | C]
Picasa 3.lnk -> %AllUsersProfile%\Desktop\Picasa 3.lnk -> [2008/11/25 20:59:28 | 00,000,770 | ---- | C] ()
IOSUBSYS -> %SystemRoot%\System32\IOSUBSYS -> [2008/11/25 20:59:23 | 00,000,000 | ---D | C]
XPProtectionCenter.lnk -> %UserProfile%\Desktop\XPProtectionCenter.lnk -> [2008/11/20 13:17:55 | 00,001,659 | ---- | C] ()
XPProtectionCenter -> %ProgramFiles%\XPProtectionCenter -> [2008/11/20 13:17:54 | 00,000,000 | ---D | C]
Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [2008/11/20 13:17:39 | 00,000,000 | ---D | C]

[Files/Folders - Modified Within 30 Days]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2006/07/19 18:14:08 | 00,000,000 | ---D | M]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/12 12:28:37 | 00,005,380 | ---- | M] ()
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/12 12:28:37 | 00,004,232 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2008/05/10 16:38:34 | 00,000,000 | ---D | M]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2007/08/18 08:32:07 | 00,011,150 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\PI\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\PI -> [2006/07/19 18:13:07 | 00,000,000 | ---D | M]
mspi11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\PI\mspi11.dat -> [2006/07/19 18:13:07 | 00,000,004 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\POD\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\POD -> [2006/07/19 18:13:07 | 00,000,000 | ---D | M]
mspod11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\POD\mspod11.dat -> [2006/07/19 18:13:07 | 00,000,004 | ---- | M] ()
C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [2008/05/10 16:41:15 | 00,000,000 | ---D | M]
wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [2007/08/07 16:58:18 | 00,016,384 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\IASCI5ZR\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\IASCI5ZR -> [2008/06/23 19:07:39 | 00,000,000 | --SD | M]
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Dmonica+brandt%2526search_type%253D%2526aq%253D9%2526oq%253Dmonica+bran -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\IASCI5ZR\dref=http%253A%252F%252Fwww.you -> [2008/06/23 18:59:57 | 00,001,533 | ---- | M] ()
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Djodi+miller%2526search_type%253D%2526aq%253Df -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\IASCI5ZR\dref=http%253A%252F%252Fwww.you -> [2008/06/23 19:05:54 | 00,001,427 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\OVS30N8Z\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\OVS30N8Z -> [2008/06/23 19:07:39 | 00,000,000 | --SD | M]
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Djenny+lynn%2526search_type%253D%2526aq%253D1%2526oq%253Djenny+ly -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\OVS30N8Z\dref=http%253A%252F%252Fwww.you -> [2008/06/23 18:59:42 | 00,001,407 | ---- | M] ()
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Dana+tigre%2526search_type%253D%2526aq%253D0%2526oq%253Dana+tig -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\OVS30N8Z\dref=http%253A%252F%252Fwww.you -> [2008/06/23 19:03:55 | 00,001,361 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\SH6V8XMN\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\SH6V8XMN -> [2008/06/23 19:10:06 | 00,000,000 | --SD | M]
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Daida+aragon%2526search_type%253D%2526aq%253Df -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\SH6V8XMN\dref=http%253A%252F%252Fwww.you -> [2008/06/23 18:50:54 | 00,001,243 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHAJC5EB\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHAJC5EB -> [2008/06/23 19:05:52 | 00,000,000 | --SD | M]
dref=http%253A%252F%252Fwww.youtube[1].com%252Fresults%253Fsearch_query%253Dnicole+coco+austin+special%2526search_type%253D%2526aq%253D0%2526oq%253Dnicole+coco -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\SHAJC5EB\dref=http%253A%252F%252Fwww.you -> File not found
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\$CD_Viewer\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\$CD_Viewer -> [2008/06/22 20:27:34 | 00,000,000 | ---D | M]
CDVIEWER.EXE -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\$CD_Viewer\CDVIEWER.EXE -> [2005/06/27 12:24:42 | 02,732,544 | R--- | M] (Noritsu KOKI)
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Nikon\MessageCenter\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Nikon\MessageCenter -> [2007/01/07 12:17:34 | 00,000,000 | ---D | M]
mca_setup_10.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Nikon\MessageCenter\mca_setup_10.exe -> [2007/01/07 12:17:34 | 00,714,858 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp -> [2007/10/03 19:17:06 | 00,000,000 | ---D | M]
ChCfg.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\ChCfg.exe -> [2006/08/01 14:02:32 | 00,049,152 | ---- | M] ()
SetCDfmt.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\SetCDfmt.exe -> [2001/12/03 00:27:00 | 00,023,552 | ---- | M] ()
Setup.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\Setup.exe -> [2005/11/14 15:24:00 | 00,121,064 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\MSHDQFE\Win2K_XP\us\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\MSHDQFE\Win2K_XP\us -> [2007/10/03 19:17:00 | 00,000,000 | ---D | M]
kb888111w2ksp4.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\MSHDQFE\Win2K_XP\us\kb888111w2ksp4.exe -> [2005/01/07 17:18:00 | 00,742,104 | ---- | M] (Microsoft Corporation)
kb888111xpsp1.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe -> [2005/01/07 17:15:00 | 00,774,360 | ---- | M] (Microsoft Corporation)
kb888111xpsp2.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe -> [2005/01/10 10:15:00 | 00,720,088 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\MSHDQFE\Win2K3\us\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\MSHDQFE\Win2K3\us -> [2007/10/03 19:17:00 | 00,000,000 | ---D | M]
kb888111srvrtm.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\MSHDQFE\Win2K3\us\kb888111srvrtm.exe -> [2005/01/07 17:23:00 | 00,771,288 | ---- | M] (Microsoft Corporation)
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM -> [2007/10/03 19:17:06 | 00,000,000 | ---D | M]
Alcmtr.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\Alcmtr.exe -> [2005/05/03 17:43:28 | 00,069,632 | ---- | M] (Realtek Semiconductor Corp.)
AlcWzrd.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\AlcWzrd.exe -> [2006/05/04 15:26:36 | 02,808,832 | ---- | M] (RealTek Semicoductor Corp.)
CPLUtl64.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\CPLUtl64.exe -> [2006/03/30 17:58:22 | 00,037,376 | ---- | M] ()
MicCal.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\MicCal.exe -> [2007/06/28 15:44:14 | 02,165,760 | ---- | M] (Realtek Semiconductor Corp.)
RTHDCPL.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\RTHDCPL.exe -> [2007/08/20 14:38:02 | 16,384,512 | ---- | M] (Realtek Semiconductor Corp.)
RTLCPL.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\RTLCPL.exe -> [2007/03/23 18:19:10 | 09,715,200 | ---- | M] (Realtek Semiconductor Corp.)
RtlUpd.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\RtlUpd.exe -> [2007/07/26 17:06:22 | 01,191,936 | ---- | M] (Realtek Semiconductor Corp.)
RtlUpd64.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\RtlUpd64.exe -> [2007/07/26 17:06:12 | 01,363,968 | ---- | M] (Realtek Semiconductor Corp.)
SkyTel.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\SkyTel.exe -> [2007/08/03 12:22:02 | 01,826,816 | ---- | M] (Realtek Semiconductor Corp.)
SoundMan.exe -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\SoundMan.exe -> [2006/07/21 15:14:36 | 00,086,016 | ---- | M] (Realtek Semiconductor Corp.)
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\$CD_Viewer\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\$CD_Viewer -> [2008/06/22 20:27:34 | 00,000,000 | ---D | M]
EXIF.DLL -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\$CD_Viewer\EXIF.DLL -> [2005/06/27 12:24:42 | 00,548,352 | R--- | M] (FUJI PHOTO FILM CO., LTD)
IJL11.DLL -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\$CD_Viewer\IJL11.DLL -> [2005/06/27 12:24:42 | 00,180,224 | R--- | M] (Intel Corporation)
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\_PASFX10\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\_PASFX10 -> [2008/02/03 12:19:45 | 00,000,000 | ---D | M]
7Z.DLL -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\_PASFX10\7Z.DLL -> [2008/02/03 12:19:42 | 00,076,288 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\_PASFX153\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\_PASFX153 -> [2008/05/15 19:51:06 | 00,000,000 | ---D | M]
7Z.DLL -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\_PASFX153\7Z.DLL -> [2008/05/15 19:50:10 | 00,076,288 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\isp23.tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\isp23.tmp\ -> [2007/01/07 12:16:34 | 00,000,000 | ---D | M]
_Setup.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\isp23.tmp\_Setup.dll -> [2007/01/07 12:16:33 | 00,380,928 | ---- | M] (Macrovision Corporation)
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsa20.tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsa20.tmp\ -> [2006/12/21 21:47:05 | 00,000,000 | ---D | M]
WT_Plugin.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsa20.tmp\WT_Plugin.dll -> [2006/12/21 21:46:51 | 00,167,936 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsq39.tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsq39.tmp\ -> [2006/12/21 21:49:18 | 00,000,000 | ---D | M]
WT_Plugin.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsq39.tmp\WT_Plugin.dll -> [2006/12/21 21:49:11 | 00,167,936 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsr2F.tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsr2F.tmp\ -> [2006/12/21 21:47:46 | 00,000,000 | ---D | M]
WT_Plugin.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsr2F.tmp\WT_Plugin.dll -> [2006/12/21 21:47:44 | 00,167,936 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsr7.tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsr7.tmp\ -> [2007/01/26 22:02:25 | 00,000,000 | ---D | M]
NSIS_Picasa.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsr7.tmp\NSIS_Picasa.dll -> [2007/01/26 22:02:25 | 00,054,784 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nst21.tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nst21.tmp\ -> [2006/12/21 21:35:14 | 00,000,000 | ---D | M]
WT_Plugin.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nst21.tmp\WT_Plugin.dll -> [2006/12/21 21:35:10 | 00,167,936 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsy1B.tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsy1B.tmp\ -> [2006/12/21 21:46:17 | 00,000,000 | ---D | M]
WT_Plugin.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\nsy1B.tmp\WT_Plugin.dll -> [2006/12/21 21:46:14 | 00,167,936 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp -> [2007/10/03 19:17:06 | 00,000,000 | ---D | M]
RtlExUpd.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\RtlExUpd.dll -> [2007/07/26 16:09:20 | 00,520,192 | ---- | M] (Realtek Semiconductor Corp.)
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM -> [2007/10/03 19:17:06 | 00,000,000 | ---D | M]
RTCOMDLL.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\RTCOMDLL.dll -> [2007/08/16 15:04:54 | 00,262,144 | ---- | M] ()
RtlCPAPI.dll -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\pft17~tmp\WDM\RtlCPAPI.dll -> [2007/03/07 13:59:30 | 00,131,072 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Cookies\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Cookies -> [2008/06/23 18:48:40 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Cookies\index.dat -> [2008/06/23 18:49:13 | 00,049,152 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\History\History.IE5\ -> [2008/06/23 18:02:34 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\History\History.IE5\index.dat -> [2008/06/23 19:07:35 | 00,114,688 | ---- | M] ()
C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [2008/06/23 17:59:54 | 00,000,000 | --SD | M]
index.dat -> C:\Documents and Settings\Christopher Maun\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/06/23 19:07:53 | 01,703,936 | ---- | M] ()
DdeMlTAy.ini -> %SystemRoot%\System32\DdeMlTAy.ini -> [2008/12/14 15:22:03 | 00,911,494 | -HS- | M] ()
DdeMlTAy.ini2 -> %SystemRoot%\System32\DdeMlTAy.ini2 -> [2008/12/14 15:20:26 | 00,911,494 | -HS- | M] ()
ToDisc.INI -> %SystemRoot%\ToDisc.INI -> [2008/12/14 14:54:40 | 00,000,000 | ---- | M] ()
hgGwUOGY.dll -> %SystemRoot%\System32\hgGwUOGY.dll -> [2008/12/14 14:31:36 | 00,034,816 | ---- | M] ()
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/14 14:26:22 | 00,001,745 | ---- | M] ()
Config.MPF -> %SystemRoot%\System32\Config.MPF -> [2008/12/14 14:23:26 | 00,007,635 | ---- | M] ()
urqNEvVp.dll -> %SystemRoot%\System32\urqNEvVp.dll -> [2008/12/14 14:22:29 | 00,034,816 | ---- | M] ()
bevaaaot.ini -> %SystemRoot%\System32\bevaaaot.ini -> [2008/12/14 14:16:49 | 01,647,120 | -HS- | M] ()
toaaaveb.dll -> %SystemRoot%\System32\toaaaveb.dll -> [2008/12/14 14:16:37 | 00,072,704 | ---- | M] ()
tduzmz.dll -> %SystemRoot%\System32\tduzmz.dll -> [2008/12/14 14:13:25 | 00,129,024 | ---- | M] ()
jntarhvk.dll -> %SystemRoot%\System32\jntarhvk.dll -> [2008/12/14 14:13:25 | 00,129,024 | ---- | M] ()
st_affiliate.ini -> %SystemRoot%\st_affiliate.ini -> [2008/12/14 14:10:48 | 00,000,073 | ---- | M] ()
win.ini -> %SystemRoot%\win.ini -> [2008/12/14 14:04:49 | 00,000,607 | ---- | M] ()
lyrjbhdg.job -> %SystemRoot%\tasks\lyrjbhdg.job -> [2008/12/14 14:00:00 | 00,000,316 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/14 13:46:58 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/14 13:46:12 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/14 13:46:06 | 26,739,22048 | -HS- | M] ()
qjmthcck.ini -> %SystemRoot%\System32\qjmthcck.ini -> [2008/12/13 14:16:18 | 01,655,225 | -HS- | M] ()
kcchtmjq.dll -> %SystemRoot%\System32\kcchtmjq.dll -> [2008/12/13 14:16:08 | 00,072,704 | ---- | M] ()
yclchxos.dll -> %SystemRoot%\System32\yclchxos.dll -> [2008/12/13 14:11:01 | 00,129,024 | ---- | M] ()
xdbfpk.dll -> %SystemRoot%\System32\xdbfpk.dll -> [2008/12/13 14:11:01 | 00,129,024 | ---- | M] ()
mjlmtn.dll -> %SystemRoot%\System32\mjlmtn.dll -> [2008/12/12 12:17:03 | 00,129,024 | ---- | M] ()
axrmmalt.dll -> %SystemRoot%\System32\axrmmalt.dll -> [2008/12/12 12:17:03 | 00,129,024 | ---- | M] ()
mlavrtmq.ini -> %SystemRoot%\System32\mlavrtmq.ini -> [2008/12/12 12:16:57 | 01,649,718 | -HS- | M] ()
fqblfepe.ini -> %SystemRoot%\System32\fqblfepe.ini -> [2008/12/11 13:33:47 | 01,626,823 | -HS- | M] ()
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/10 23:07:32 | 05,854,860 | -H-- | M] ()
atmtd.dll._ -> %SystemRoot%\System32\atmtd.dll._ -> [2008/12/10 21:55:34 | 00,687,592 | ---- | M] ()
atmtd.dll -> %SystemRoot%\System32\atmtd.dll -> [2008/12/10 21:55:34 | 00,687,592 | ---- | M] ()
McAfee Security Center.lnk -> %AllUsersProfile%\Desktop\McAfee Security Center.lnk -> [2008/12/10 20:28:03 | 00,000,682 | ---- | M] ()
McAfee EasyNetwork.lnk -> %AllUsersProfile%\Desktop\McAfee EasyNetwork.lnk -> [2008/12/10 20:27:09 | 00,000,677 | ---- | M] ()
McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [2008/12/10 20:17:53 | 00,000,362 | ---- | M] ()
McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [2008/12/10 20:17:51 | 00,000,354 | ---- | M] ()
McAfee Anti-Theft.lnk -> %AllUsersProfile%\Desktop\McAfee Anti-Theft.lnk -> [2008/12/10 19:54:20 | 00,001,814 | ---- | M] ()
kqjmcgoj.ini -> %SystemRoot%\System32\kqjmcgoj.ini -> [2008/12/10 12:26:57 | 01,545,234 | -HS- | M] ()
tmp.reg -> %SystemRoot%\System32\tmp.reg -> [2008/12/10 12:22:10 | 00,003,846 | ---- | M] ()
core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [2008/12/09 23:40:25 | 00,167,976 | ---- | M] ()
wpdusbb.sys -> %SystemRoot%\System32\drivers\wpdusbb.sys -> [2008/12/09 23:40:24 | 00,086,272 | ---- | M] ()
yATlMedD.dll -> %SystemRoot%\System32\yATlMedD.dll -> [2008/12/09 23:30:29 | 00,302,592 | ---- | M] ()
ACDSee Pro 2.lnk -> %AllUsersProfile%\Desktop\ACDSee Pro 2.lnk -> [2008/12/07 16:51:37 | 00,002,579 | ---- | M] ()
machine.ver -> %SystemRoot%\machine.ver -> [2008/12/02 18:59:41 | 00,002,838 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2008/12/02 13:26:32 | 17,593,280 | ---- | M] (Microsoft Corporation)
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/11/29 17:48:56 | 00,001,158 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/11/27 19:33:01 | 00,000,284 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/11/26 21:56:23 | 00,011,264 | ---- | M] ()
Picasa 3.lnk -> %AllUsersProfile%\Desktop\Picasa 3.lnk -> [2008/11/25 20:59:28 | 00,000,770 | ---- | M] ()
XPProtectionCenter.lnk -> %UserProfile%\Desktop\XPProtectionCenter.lnk -> [2008/11/20 13:17:55 | 00,001,659 | ---- | M] ()
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000a6
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
scan completed successfully
hidden files: 79

< End of report >
[/code]

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:37 AM

Posted 23 December 2008 - 07:13 PM

Hello Amador

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users