Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Rootkit.gen is eating me alive...


  • This topic is locked This topic is locked
37 replies to this topic

#1 woe is me

woe is me

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 05 November 2009 - 05:39 PM

Yes, you read correctly. I have been battling TR/Rootkit.gen for so long that my strength has failed me and it is now eating me and my computer alive. I have come to this forum in hopes that I might be able to keep some of my limbs intact and my computer from becoming a paper weight. Avira will detect TR/Rootkit.gen and "repair" the problem. However, the next day if I do another scan, it will detect TR/Rootkit.gen again. Also, I am unable to enter safe mode in my computer. F8 will not work, nor will msconfig. Related to TR/Rootkit.gen?? Thanks for your time. Below is a DDS log, RootRepeal Log and I've attached the..."attach" of dds.


DDS (Ver_09-10-26.01) - NTFSx86
Run by Anthony Truong at 16:24:13.32 on Thu 11/05/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.295 [GMT -6:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\Explorer.EXE
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\windows\system32\TPSMain.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\windows\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\windows\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Motive\AsstCommon\motmon.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\windows\system32\TPSBattM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Digital Lifeline\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\windows\system32\drwtsn32.exe
C:\windows\system32\drwtsn32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\drwtsn32.exe
C:\Documents and Settings\Anthony Truong\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.toshiba.com/search
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Viewpoint Toolbar BHO: {a7327c09-b521-4edb-8509-7d2660c9ec98} - c:\program files\viewpoint\viewpoint toolbar\3.9.0\ViewBarBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Viewpoint Toolbar: {f8ad5aa5-d966-4667-9daf-2561d68b2012} - c:\program files\common files\viewpoint\toolbar runtime\3.9.0\IEViewBar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [Redemption] "c:\program files\redemption backup\all users\redemption\REDEMPTION.EXE" /STARTUP
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CXMon] "c:\program files\hewlett-packard\photosmart\photo imaging\Hpi_Monitor.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
mRun: [MotiveMonitor] "c:\program files\motive\asstcommon\motmon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
dRunOnce: [WMC_WMPDBExport] c:\program files\windows media player\wmdbexport.exe
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobe reader speed launch.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digital lifeline.lnk - c:\program files\digital lifeline\bin\mpbtn.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp digital imaging monitor.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hp photosmart premier fast start.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech desktop messenger.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~4\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150411123187
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - psqlpwd.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = psqlpwd scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\anthon~1\applic~1\mozilla\firefox\profiles\29rp32ks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pittstate.edu/
FF - plugin: c:\program files\mozilla firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\superadblocker.com\npsabffx.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-28 108289]
R2 FdRedir;FdRedir;c:\program files\common files\protector suite ql\drivers\FdRedir.sys [2005-12-21 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\common files\protector suite ql\drivers\filedisk.sys [2005-12-21 33024]
R2 REFILERW;REFILERW;c:\windows\system32\drivers\REFILERW.SYS [2006-9-7 5463]
R2 smihlp;SMI helper driver;c:\program files\protector suite ql\smihlp.sys [2005-12-21 3456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-2 24652]
S1 drvdrv;drvdrv;\??\c:\program files\drv\drv.sys --> c:\program files\drv\drv.sys [?]
S1 glaide32;glaide32;\??\c:\windows\system32\drivers\glaide32.sys --> c:\windows\system32\drivers\glaide32.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\f0.tmp --> c:\windows\system32\F0.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]

=============== Created Last 30 ================

2009-11-05 19:57:46 0 d-----w- c:\docume~1\anthon~1\applic~1\Digital Support
2009-11-05 19:57:41 0 d-----w- c:\program files\Digital Support
2009-10-25 22:49:46 0 d-----w- c:\program files\Sophos
2009-10-12 03:46:19 0 d-----w- c:\docume~1\alluse~1\applic~1\GARMIN
2009-10-12 03:46:15 0 d-----w- C:\Garmin
2009-10-12 02:45:09 0 d-----w- c:\docume~1\anthon~1\applic~1\GARMIN
2009-10-12 02:44:47 0 d-----w- c:\program files\Garmin GPS Plugin
2009-10-12 02:44:39 0 d-----w- c:\program files\Garmin

==================== Find3M ====================

2009-08-12 00:08:56 411368 ----a-w- c:\windows\system32\deploytk.dll
2005-05-13 22:12:00 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 16:13:58 66560 --sha-r- c:\windows\MOTA113.exe
2004-08-10 12:00:00 94784 --sh--w- c:\windows\twain.dll
2006-02-17 03:33:10 1216 --sh--w- c:\windows\Twunk_16.dll
2006-02-17 03:33:10 1216 --sh--w- c:\windows\Twunk_32.dll
2005-10-14 02:27:00 422400 --sha-r- c:\windows\x2.64.exe
2005-10-08 00:14:52 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 17:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 20:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 03:37:42 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 15:24:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 18:16:22 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 05:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll

============= FINISH: 16:24:40.12 ===============




ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/05 16:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 00000060
Image Path: \Driver\00000060
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xA90D9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: ugldqpod.sys
Image Path: C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\ugldqpod.sys
Address: 0xA8CF1000 Size: 87040 File Visible: No Signed: -
Status: -

Name: uphcleanhlp.sys
Image Path: C:\windows\system32\Drivers\uphcleanhlp.sys
Address: 0xA9D62000 Size: 8960 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\windows\win32k.sys:1
Address: 0xF7C76000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\windows\win32k.sys:2
Address: 0xA9C96000 Size: 57344 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Installer\4ea983.msi
Status: Locked to the Windows API!

Path: c:\documents and settings\anthony truong\application data\mozilla\firefox\profiles\29rp32ks.default\sessionstore.js
Status: Size mismatch (API: 43333, Raw: 43245)

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xf7ee8ae6

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7ee8adc

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xf7ee8aeb

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xf7ee8af5

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf7791d48

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf77920c0

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xf7ee8afa

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xf7791ae2

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7ee8ac8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7ee8acd

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf779218a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xf7792022

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xf7ee8b04

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xf7ee8aff

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xf7ee8af0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7ee8ad7

#: 263 Function Name: NtUnloadKey
Status: Hooked by "C:\windows\system32\Drivers\uphcleanhlp.sys" at address 0xa9d626d0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x873840e8 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x86552a80 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_CREATE]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_CLOSE]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_READ]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_WRITE]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_CLEANUP]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: Udfsȅ౨瑎晦܂╚ੈ, IRP_MJ_PNP]
Process: System Address: 0x8700ae88 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_CREATE]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_CLOSE]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_READ]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_WRITE]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_QUERY_EA]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_SET_EA]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_CLEANUP]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: meiudf, IRP_MJ_PNP]
Process: System Address: 0x87006968 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x87099eb0 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CREATE]
Process: System Address: 0x87046390 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_CLOSE]
Process: System Address: 0x87046390 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87046390 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87046390 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_POWER]
Process: System Address: 0x87046390 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87046390 Size: 15

Object: Hidden Code [Driver: dtscsi, IRP_MJ_PNP]
Process: System Address: 0x87046390 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CREATE]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_CLOSE]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_READ]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_WRITE]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_POWER]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: Disk, IRP_MJ_PNP]
Process: System Address: 0x873d1550 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x871e0eb0 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x873d1c78 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x873d1eb0 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_CREATE]
Process: System Address: 0x873d1808 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_CLOSE]
Process: System Address: 0x873d1808 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873d1808 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873d1808 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_POWER]
Process: System Address: 0x873d1808 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873d1808 Size: 15

Object: Hidden Code [Driver: KR10N, IRP_MJ_PNP]
Process: System Address: 0x873d1808 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x871203b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x871203b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x871203b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x871203b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x871203b0 Size: 15

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x871203b0 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLOSE]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_WRITE]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_EA]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_EA]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SHUTDOWN]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CLEANUP]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_SECURITY]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_POWER]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: Rdbss, IRP_MJ_SET_QUOTA]
Process: System Address: 0x870da9f8 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86e8ecb0 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_CREATE]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_CLOSE]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_READ]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_WRITE]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_CLEANUP]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Npfsࠅ䵃慖ࠁఋ敓Ш, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86e8e338 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_CREATE]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_CLOSE]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_READ]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_WRITE]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_CLEANUP]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: Msfs؅౨瑎晦܂╚ੈ, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f747a8 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_CREATE]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_CLOSE]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_READ]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_CLEANUP]
Process: System Address: 0x86f43c38 Size: 15

Object: Hidden Code [Driver: CdfsЅఏ瑎商܎h〈, IRP_MJ_PNP]
Process: System Address: 0x86f43c38 Size: 15

==EOF==



Again, thank you for all your time!

Sincerely,
Woe is Me

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:53 PM

Posted 10 November 2009 - 07:51 AM

Hello woe is me

Welcome to BleepingComputer :(
==========================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 woe is me

woe is me
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 10 November 2009 - 10:46 AM

Alright here are the OTL.Txt, Extras.TXT and Results.log. Thanks for your time!

OTL logfile created on: 11/10/2009 8:34:37 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Anthony Truong\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 360.03 Mb Available Physical Memory | 35.51% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 33.34 Gb Free Space | 29.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIZMO
Current User Name: Anthony Truong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Anthony Truong\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE (CompuApps Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Motive\AsstCommon\motmon.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Digital Lifeline\bin\mpbtn.exe ()
PRC - C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Anthony Truong\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (dtscsi) -- C:\windows\System32\Drivers\dtscsi.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (REFILERW) -- C:\WINDOWS\system32\drivers\REFILERW.SYS (CompuApps, Inc)
DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel« Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (PxHelp20) -- C:\windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsubleepa Electric Industrial Co.,Ltd.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KR10N) -- C:\windows\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SilverLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)
DRV - (TICalc) -- C:\WINDOWS\system32\drivers\Ticalc.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.pittstate.edu/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/11 18:09:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 00:34:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 19:08:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 19:08:59 | 00,000,000 | ---D | M]

[2008/08/29 08:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Mozilla\Extensions
[2008/08/29 08:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/11 18:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Mozilla\Firefox\Profiles\29rp32ks.default\extensions
[2009/11/09 14:06:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 19:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/11 18:09:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/06 19:08:51 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 19:08:51 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/09/03 12:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/08/11 18:08:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006/08/07 09:32:12 | 01,376,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/06 19:08:54 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/30 06:33:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/09/05 12:56:00 | 00,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
[2005/08/09 12:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2009/07/30 01:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/30 01:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/30 01:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/30 01:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/30 01:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/30 01:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/30 01:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (257725 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8958 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\windows\agrsmmsg.exe (Agere Systems)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MotiveMonitor] C:\Program Files\Motive\AsstCommon\motmon.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Redemption] C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE (CompuApps Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\windows\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 820 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1150411123187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\windows\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 09:38:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6e84fc13-3f46-11db-9be0-00a0d14023b2}\Shell - "" = AutoRun
O33 - MountPoints2\{6e84fc13-3f46-11db-9be0-00a0d14023b2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e84fc13-3f46-11db-9be0-00a0d14023b2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{72db5a13-08c1-11db-9bac-00038a000015}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\{7547bc12-3dfc-11db-9bdd-00a0d14023b2}\Shell - "" = AutoRun
O33 - MountPoints2\{7547bc12-3dfc-11db-9bdd-00a0d14023b2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7547bc12-3dfc-11db-9bdd-00a0d14023b2}\Shell\AutoRun\command - "" = G:\ONSPCLCK.exe -- File not found
O33 - MountPoints2\{765cb7dc-f9b8-11da-9b9f-00038a000015}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{8bfe33db-c54e-11db-9c7a-001302530f0e}\Shell\AutoRun\command - "" = G:\JDLightning\Windows\JDLightning.exe -- File not found
O33 - MountPoints2\{f98ad27a-38eb-11db-9bd6-00a0d14023b2}\Shell\AutoRun\command - "" = setupSNK.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\ONSPCLCK.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\ONSPCLCK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/10 07:50:29 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Anthony Truong\My Documents\My Safe
[2009/11/07 13:21:37 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Anthony Truong\Recent
[2009/11/05 13:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\Application Data\Digital Support
[2009/11/05 13:25:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\Desktop\Misc
[2009/10/25 16:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2009/10/12 21:20:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\My Documents\HTC_P4600 My Documents
[2009/10/11 21:46:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/10/11 21:46:15 | 00,000,000 | ---D | C] -- C:\Garmin
[2009/10/11 20:52:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\Application Data\Download Manager
[2009/10/11 20:45:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\Application Data\GARMIN
[2009/10/11 20:44:47 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2009/10/11 20:44:44 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/10/11 20:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\Garmin
[2006/06/30 12:42:04 | 00,018,944 | ---- | C] ( ) -- C:\windows\System32\IMPLODE.DLL
[2006/02/19 02:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\windows\Fonts\RandFont.dll
[2006/02/15 10:25:00 | 00,053,248 | ---- | C] ( ) -- C:\windows\System32\DLLVGA.dll
[9 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[16 C:\Documents and Settings\Anthony Truong\My Documents\*.tmp files -> C:\Documents and Settings\Anthony Truong\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/10 08:36:23 | 00,000,156 | ---- | M] () -- C:\windows\Twunk001.MTX
[2009/11/10 08:36:23 | 00,000,006 | ---- | M] () -- C:\windows\Twain001.Mtx
[2009/11/10 07:50:11 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/11/10 07:47:46 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/11/10 07:47:44 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/11/10 07:47:43 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/09 22:39:09 | 11,010,048 | -H-- | M] () -- C:\Documents and Settings\Anthony Truong\NTUSER.DAT
[2009/11/09 22:39:09 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Anthony Truong\ntuser.ini
[2009/11/09 22:39:03 | 20,877,926 | -H-- | M] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\IconCache.db
[2009/11/09 18:12:13 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\Stock_Market_Project ashley.xls
[2009/11/08 19:42:43 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\Stock_Market_Project.xls
[2009/11/08 12:18:13 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/08 12:00:00 | 00,000,382 | ---- | M] () -- C:\windows\tasks\PerfectOptimizer_home.job
[2009/11/07 13:23:44 | 00,000,554 | ---- | M] () -- C:\windows\ONSPCLCK.exe
[2009/11/04 07:28:06 | 00,236,526 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\cc_20091104_072744.reg
[2009/11/04 07:24:59 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\CCleaner.lnk
[2009/11/01 21:58:45 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/11/01 21:19:09 | 00,347,797 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\PSU_Chemistry_Club_Fall_09[1].pptx
[2009/11/01 14:42:25 | 00,528,020 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/11/01 14:42:25 | 00,445,938 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/11/01 14:42:25 | 00,072,978 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/10/28 15:26:00 | 00,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2009/10/22 06:31:50 | 00,000,151 | ---- | M] () -- C:\windows\PhotoSnapViewer.INI
[2009/10/20 18:26:45 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\intro to bus exam 2 sg.doc
[2009/10/18 22:13:32 | 00,020,471 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\paper project 2 maslow.docx
[2009/10/18 14:17:42 | 01,474,988 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\Supreme_Victors_Rulebook.pdf
[2009/10/12 21:20:26 | 00,001,471 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\HTC_P4600 My Documents.LNK
[2009/10/12 04:00:00 | 00,000,272 | ---- | M] () -- C:\windows\tasks\dfrg.job
[9 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[16 C:\Documents and Settings\Anthony Truong\My Documents\*.tmp files -> C:\Documents and Settings\Anthony Truong\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/09 18:06:27 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\Stock_Market_Project ashley.xls
[2009/11/08 19:42:43 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\Stock_Market_Project.xls
[2009/11/04 07:27:51 | 00,236,526 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\cc_20091104_072744.reg
[2009/11/01 21:19:08 | 00,347,797 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\PSU_Chemistry_Club_Fall_09[1].pptx
[2009/10/20 16:22:21 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\intro to bus exam 2 sg.doc
[2009/10/18 21:29:13 | 00,020,471 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\paper project 2 maslow.docx
[2009/10/18 14:17:42 | 01,474,988 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\Supreme_Victors_Rulebook.pdf
[2009/10/12 21:20:26 | 00,001,471 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\HTC_P4600 My Documents.LNK
[2009/08/06 08:37:21 | 00,066,482 | R--- | C] () -- C:\windows\System32\lvcoinst.ini
[2009/01/18 09:58:39 | 00,000,427 | ---- | C] () -- C:\windows\System32\winpdf.ini
[2008/10/03 08:40:05 | 00,000,170 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\wklnhst.dat
[2008/09/07 22:43:27 | 00,000,151 | ---- | C] () -- C:\windows\PhotoSnapViewer.INI
[2008/07/27 13:24:28 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\$_hpcst$.hpc
[2008/07/26 07:25:02 | 00,025,624 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2007/09/26 21:23:43 | 00,046,800 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\GDIPFONTCACHEV1.DAT
[2007/08/14 13:51:01 | 00,000,000 | ---- | C] () -- C:\windows\ringtonemaker.INI
[2007/08/14 13:44:55 | 00,001,208 | ---- | C] () -- C:\windows\mgxoschk.ini
[2007/02/18 14:13:33 | 00,009,152 | ---- | C] () -- C:\windows\System32\drivers\Ticalc.sys
[2007/02/18 14:13:33 | 00,000,378 | ---- | C] () -- C:\windows\Wlink83p.ini
[2007/01/26 14:33:56 | 00,000,029 | ---- | C] () -- C:\windows\atid.ini
[2006/10/24 11:07:53 | 00,000,067 | ---- | C] () -- C:\windows\swupdate.INI
[2006/10/21 21:26:18 | 00,000,080 | ---- | C] () -- C:\windows\sierra.ini
[2006/10/05 09:40:25 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/09/25 23:35:12 | 00,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2006/09/24 11:03:09 | 00,223,128 | ---- | C] () -- C:\windows\System32\drivers\dtscsi.sys
[2006/09/23 07:39:36 | 00,643,072 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2006/09/23 07:39:36 | 00,096,384 | ---- | C] () -- C:\windows\System32\drivers\sptd5053.sys
[2006/09/07 00:34:57 | 00,000,081 | ---- | C] () -- C:\windows\REDEMVER.INI
[2006/09/07 00:34:56 | 00,000,525 | ---- | C] () -- C:\windows\REDEMUNINS.INI
[2006/09/07 00:34:51 | 00,003,924 | ---- | C] () -- C:\windows\REDEMCALL.INI
[2006/09/04 08:35:10 | 00,594,450 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2006/09/04 08:35:10 | 00,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2006/09/04 08:35:10 | 00,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2006/09/04 08:35:08 | 00,005,120 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2006/09/04 08:35:08 | 00,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2006/08/22 16:43:03 | 00,077,824 | R--- | C] () -- C:\windows\System32\HPZIDS01.dll
[2006/08/22 16:31:43 | 00,001,061 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/19 20:05:22 | 00,000,000 | ---- | C] () -- C:\windows\VPC32.INI
[2006/07/02 21:31:35 | 00,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2006/07/02 11:56:14 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/01 11:28:52 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/30 13:05:56 | 00,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2006/06/12 17:02:16 | 00,073,728 | ---- | C] () -- C:\windows\System32\cdDll.dll
[2006/06/11 19:57:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\desktop.ini
[2006/06/11 19:57:11 | 20,877,926 | -H-- | C] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\IconCache.db
[2006/06/11 19:57:11 | 00,082,960 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/11 19:57:11 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\fusioncache.dat
[2006/05/24 16:47:11 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2006/03/09 21:24:31 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2006/02/24 22:28:54 | 00,045,056 | ---- | C] () -- C:\windows\System32\TDispVol.dll
[2006/02/16 09:07:58 | 00,000,012 | ---- | C] () -- C:\windows\dirsaver.ini
[2006/02/16 03:50:52 | 00,000,377 | ---- | C] () -- C:\windows\wininit.ini
[2006/02/16 03:25:21 | 00,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2006/02/16 03:25:21 | 00,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2006/02/16 03:25:21 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2006/02/16 03:25:21 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2006/02/16 03:25:21 | 00,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2006/02/16 03:25:21 | 00,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2006/02/15 10:41:53 | 00,036,736 | ---- | C] () -- C:\windows\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 10:41:53 | 00,029,184 | ---- | C] () -- C:\windows\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 10:40:07 | 00,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2006/02/15 10:28:50 | 00,128,113 | ---- | C] () -- C:\windows\System32\csellang.ini
[2006/02/15 10:28:50 | 00,045,056 | ---- | C] () -- C:\windows\System32\csellang.dll
[2006/02/15 10:28:50 | 00,010,165 | ---- | C] () -- C:\windows\System32\tosmreg.ini
[2006/02/15 10:28:50 | 00,007,671 | ---- | C] () -- C:\windows\System32\cseltbl.ini
[2006/02/15 10:25:00 | 00,118,784 | ---- | C] () -- C:\windows\System32\TCtrlIO.dll
[2006/02/15 10:21:53 | 00,135,168 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2006/02/15 09:44:19 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2006/02/15 09:34:07 | 00,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2006/02/15 08:09:00 | 00,000,341 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2006/02/15 08:04:21 | 00,000,740 | ---- | C] () -- C:\windows\win.ini
[2006/02/15 08:04:05 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
[2006/02/15 01:30:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/09/02 16:44:08 | 00,110,592 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll
[2005/08/24 17:20:28 | 00,009,472 | ---- | C] () -- C:\windows\System32\drivers\tbiosdrv.sys
[2005/08/05 16:01:54 | 00,235,008 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2005/07/22 23:30:20 | 00,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll
[2005/07/14 11:31:20 | 00,027,648 | RHS- | C] () -- C:\windows\System32\AVSredirect.dll
[2005/06/21 21:37:42 | 00,045,568 | RHS- | C] () -- C:\windows\System32\cygz.dll
[2004/07/20 19:04:02 | 00,094,208 | ---- | C] () -- C:\windows\System32\TosBtHcrpAPI.dll
[2004/01/15 16:43:28 | 00,114,688 | ---- | C] () -- C:\windows\System32\TBTMonUI.dll
[2004/01/13 20:46:00 | 00,172,032 | ---- | C] () -- C:\windows\System32\tifmicon.dll
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini

========== LOP Check ==========

[2007/07/31 10:04:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canon
[2009/10/11 21:46:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/06/27 20:05:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2006/08/18 13:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\scar5
[2008/12/09 17:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/02 22:15:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/30 06:36:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/02/27 08:47:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Aim
[2009/11/05 16:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Digital Support
[2009/01/18 11:02:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Foxit
[2009/10/11 21:45:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\GARMIN
[2008/02/24 15:36:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\GlarySoft
[2006/07/11 22:36:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\InterVideo
[2006/07/05 22:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Leadertech
[2006/11/03 11:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\OverDrive
[2006/09/15 07:33:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Protector Suite
[2006/09/07 00:35:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Redemption
[2006/08/18 08:09:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\scar5
[2006/07/03 00:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\SlySoft
[2008/10/03 08:40:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Template
[2006/07/01 10:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\toshiba
[2006/08/17 14:29:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\TrueCrypt
[2008/02/24 15:13:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Uniblue
[2009/11/05 13:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\uTorrent
[2007/01/11 10:15:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Viewpoint
[2004/08/10 06:00:00 | 00,000,065 | RH-- | M] () -- C:\windows\Tasks\desktop.ini
[2009/10/12 04:00:00 | 00,000,272 | ---- | M] () -- C:\windows\Tasks\dfrg.job
[2009/08/23 04:00:00 | 00,000,280 | ---- | M] () -- C:\windows\Tasks\Disk Cleanup.job
[2009/11/08 12:00:00 | 00,000,382 | ---- | M] () -- C:\windows\Tasks\PerfectOptimizer_home.job
[2006/06/11 19:55:05 | 00,000,258 | ---- | M] () -- C:\windows\Tasks\Registration reminder 2.job
[2009/11/10 07:47:46 | 00,000,006 | -H-- | M] () -- C:\windows\Tasks\SA.DAT

========== Purity Check ==========


< End of report >



OTL Extras logfile created on: 11/10/2009 8:34:37 AM - Run 1
OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\Anthony Truong\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 360.03 Mb Available Physical Memory | 35.51% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.88% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 33.34 Gb Free Space | 29.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIZMO
Current User Name: Anthony Truong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = scrfile] -- "%1" /s

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /s File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57348:TCP" = 57348:TCP:*:Enabled:Pando P2P TCP Listening Port
"57348:UDP" = 57348:UDP:*:Enabled:Pando P2P UDP Listening Port
"8085:TCP" = 8085:TCP:*:Enabled:drv

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1140083713\EE\AOLServiceHost.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:ÁTorrent -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\THQ\Dawn of War\W40k.exe" = C:\Program Files\THQ\Dawn of War\W40k.exe:*:Disabled:W40K -- File not found
"C:\Program Files\Steam\steamapps\afroguy36\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\afroguy36\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Internet Explorer\IEXPLORE.EXE" = C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\Warcraft III\War3.exe" = C:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III -- File not found
"C:\Program Files\Steam\steamapps\afroguy36\half-life\hl.exe" = C:\Program Files\Steam\steamapps\afroguy36\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\MoRUN.net\Sticker Lite\sticker.exe" = C:\Program Files\MoRUN.net\Sticker Lite\sticker.exe:*:Enabled:MoRUN.net Sticker Lite -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe« Photoshop« Album Starter Edition 3.0
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2E8B236-7554-45FE-92C0-94EF76E4D182}" = Garmin City Navigator North America NT 2010.20
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C9618743-1A5C-461E-91C4-E013A3D70F3C}" = Adobe« Photoshop« Album Starter Edition 3.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = SkypeÖ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EFF87108-C9D0-43F1-BEE1-28DA87778F1A}" = Garmin Communicator Plugin
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"7-Zip" = 7-Zip 4.65
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare Personal
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Video Tools 5.1_is1" = AVS Video Tools 5.1
"AVSDiscCreator_is1" = AVS Disc Creator version 2.1
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"Digital Lifeline" = Digital Lifeline
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExtractNow_is1" = ExtractNow
"Half-Life: Counter-Strike" = Half-Life: Counter-Strike
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Hy-Tek's TEAM MANAGER 4.0" = Hy-Tek's TEAM MANAGER 4.0
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.58
"LimeWire" = LimeWire 4.12.6
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"PeerGuardian_is1" = PeerGuardian 2.0
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"Redemption Backup" = Redemption Backup
"Registry Repair_is1" = Glarysoft Registry Repair 2.7
"Steam" = Steam
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TI-Black Link" = TI-Black Link
"TI-Graph Link 83 Plus" = TI-Graph Link 83 Plus
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"uTorrent" = ÁTorrent
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile« Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WM Converter 2.0" = WM Converter 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2009 2:08:37 AM | Computer Name = GIZMO | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 8/5/2009 10:58:43 PM | Computer Name = GIZMO | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 9.0.0.2162, faulting
module mshtml.dll, version 6.0.2900.5848, fault address 0x0006b0cc.

Error - 8/6/2009 2:29:18 AM | Computer Name = GIZMO | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 8/11/2009 9:01:12 PM | Computer Name = GIZMO | Source = Application Error | ID = 1000
Description = Faulting application yahoomessenger.exe, version 8.1.0.421, faulting
module oleaut32.dll, version 5.1.2600.5512, fault address 0x00004ee9.

Error - 8/23/2009 6:50:18 PM | Computer Name = GIZMO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/12/2009 11:08:26 PM | Computer Name = GIZMO | Source = Application Error | ID = 1000
Description = Faulting application extractnow.exe, version 4.1.5.0, faulting module
extractnow.exe, version 4.1.5.0, fault address 0x000096af.

Error - 9/17/2009 10:54:32 AM | Computer Name = GIZMO | Source = Application Error | ID = 1000
Description = Faulting application ntvdm.exe, version 5.1.2600.5512, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 9/18/2009 5:31:04 PM | Computer Name = GIZMO | Source = Application Error | ID = 1000
Description = Faulting application ntvdm.exe, version 5.1.2600.5512, faulting module
ntvdm.exe, version 5.1.2600.5512, fault address 0x0001759d.

Error - 9/20/2009 10:38:58 PM | Computer Name = GIZMO | Source = Application Error | ID = 1000
Description = Faulting application ntvdm.exe, version 5.1.2600.5512, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 9/27/2009 2:08:09 PM | Computer Name = GIZMO | Source = Application Error | ID = 1000
Description = Faulting application hpwucli.exe, version 5.0.8.1, faulting module
hpwucli.exe, version 5.0.8.1, fault address 0x00004607.

[ System Events ]
Error - 11/3/2009 5:33:12 PM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/3/2009 5:46:08 PM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/4/2009 8:36:11 AM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/4/2009 3:59:09 PM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/5/2009 11:55:41 AM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/6/2009 8:36:13 AM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/7/2009 10:52:10 AM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/8/2009 11:17:53 AM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/9/2009 8:44:27 AM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20

Error - 11/10/2009 9:48:02 AM | Computer Name = GIZMO | Source = Service Control Manager | ID = 7000
Description = The TICalc service failed to start due to the following error: %%20


< End of report >



GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-10 09:44:49
Windows 5.1.2600 Service Pack 3
Running: y8y602cy.exe; Driver: C:\DOCUME~1\ANTHON~1\LOCALS~1\Temp\ugldqpod.sys


---- System - GMER 1.0.15 ----

SSDT F7F1118E ZwCreateKey
SSDT F7F11184 ZwCreateThread
SSDT F7F11193 ZwDeleteKey
SSDT F7F1119D ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey [0xF7791D48]
SSDT sptd.sys ZwEnumerateValueKey [0xF77920C0]
SSDT F7F111A2 ZwLoadKey
SSDT sptd.sys ZwOpenKey [0xF7791AE2]
SSDT F7F11170 ZwOpenProcess
SSDT F7F11175 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF779218A]
SSDT sptd.sys ZwQueryValueKey [0xF7792022]
SSDT F7F111AC ZwReplaceKey
SSDT F7F111A7 ZwRestoreKey
SSDT F7F11198 ZwSetValueKey
SSDT F7F1117F ZwTerminateProcess
SSDT \??\C:\windows\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA9C566D0]

---- Kernel code sections - GMER 1.0.15 ----

? C:\windows\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\windows\System32\Drivers\SPTD5053.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F71E94D0 16 Bytes [1E, 44, 64, 7A, 42, 7F, FC, ...]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F71E94E1 31 Bytes [80, 1E, F7, 7E, 3E, 66, E4, ...]
? C:\windows\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.
? C:\windows\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !
? win32k.sys:1 The system cannot find the file specified. !
? win32k.sys:2 The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\iTunes\iTunesHelper.exe[3812] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672CF1 \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3812] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672D1D \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3812] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672D39 \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4060] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672CF1 \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4060] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672D1D \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4060] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672D39 \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4204] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672D1D \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4204] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672D39 \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[4204] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672CF1 \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F779AF52] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77B1658] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F779B550] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F779B454] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F779B620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F779B620] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F779B550] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F779B454] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77B0F6C] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F779B10E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F77B0BB0] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F779AFA6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F778DA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F778DB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F778DAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F778E6CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F778E5A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77B179E] sptd.sys
IAT \windows\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F77A01BA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F77B0BB0] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F77B0BBC] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F77B179E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F778D020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F778D020] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\windows\Explorer.EXE[508] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\Explorer.EXE[508] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\Explorer.EXE[508] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\Explorer.EXE[508] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE[604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01142F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE[604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01142CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE[604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [01142D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE[604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01142CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[800] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008C2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[800] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008C2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[800] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [008C2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[800] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008C2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ehome\ehtray.exe[1052] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00982F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ehome\ehtray.exe[1052] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00982CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ehome\ehtray.exe[1052] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00982D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ehome\ehtray.exe[1052] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00982CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TPSBattM.exe[1148] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TPSBattM.exe[1148] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A52CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TPSBattM.exe[1148] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A52D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TPSBattM.exe[1148] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1196] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1196] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1196] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B82D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[1196] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1344] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1344] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1344] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[1344] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1644] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1644] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1644] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1644] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\wuauclt.exe[2016] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00502F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\wuauclt.exe[2016] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00502CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\wuauclt.exe[2016] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00502D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\wuauclt.exe[2016] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00502CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2624] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C02F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2624] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C02CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2624] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C02D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft ActiveSync\wcescomm.exe[2624] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C02CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Tvs\TvsTray.exe[2672] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Tvs\TvsTray.exe[2672] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Tvs\TvsTray.exe[2672] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Tvs\TvsTray.exe[2672] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TPSMain.exe[2752] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TPSMain.exe[2752] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TPSMain.exe[2752] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TPSMain.exe[2752] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2768] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2768] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2768] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe[2768] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TDispVol.exe[2780] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TDispVol.exe[2780] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TDispVol.exe[2780] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\TDispVol.exe[2780] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\ctfmon.exe[2816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\ctfmon.exe[2816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\ctfmon.exe[2816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00512D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\ctfmon.exe[2816] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2828] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2828] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2828] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\MICROS~4\rapimgr.exe[2828] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2836] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\Toshiba.exe[2948] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\Toshiba.exe[2948] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\Toshiba.exe[2948] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\Toshiba.exe[2948] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[3016] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[3016] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[3016] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe[3016] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3172] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3172] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3172] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00392D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3172] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3208] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3208] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3208] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3208] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3272] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3272] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3272] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A02D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3272] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3300] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008A2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3300] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008A2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3300] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [008A2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3300] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008A2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3324] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3324] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3324] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00382D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[3324] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3368] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E32F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3368] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E32CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3368] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00E32D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[3368] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E32CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3392] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3392] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3392] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[3392] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe[3572] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe[3572] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe[3572] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe[3572] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BA2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BA2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00BA2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3604] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BA2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[3628] @ C:\windows\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00932F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[3628] @ C:\windows\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00932CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[3628] @ C:\windows\system32\KERNEL32.dll [ntdll.dll!NtClose] [00932D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe[3628] @ C:\windows\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00932CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Lifeline\bin\mpbtn.exe[3648] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00902F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Lifeline\bin\mpbtn.exe[3648] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00902CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Lifeline\bin\mpbtn.exe[3648] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00902D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Digital Lifeline\bin\mpbtn.exe[3648] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00902CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\AGRSMMSG.exe[3656] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\AGRSMMSG.exe[3656] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\AGRSMMSG.exe[3656] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\AGRSMMSG.exe[3656] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3700] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3700] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3700] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3700] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[3736] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[3736] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[3736] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[3736] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Motive\AsstCommon\motmon.exe[3784] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C32F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Motive\AsstCommon\motmon.exe[3784] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C32CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Motive\AsstCommon\motmon.exe[3784] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00C32D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Motive\AsstCommon\motmon.exe[3784] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C32CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3812] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3812] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3812] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3812] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\iTunes\iTunesHelper.exe[3812] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A87] \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3868] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008C2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3868] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008C2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3868] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [008C2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3868] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008C2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3872] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3872] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3872] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3872] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Anthony Truong\My Documents\Downloads\y8y602cy.exe[3924] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Anthony Truong\My Documents\Downloads\y8y602cy.exe[3924] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Anthony Truong\My Documents\Downloads\y8y602cy.exe[3924] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Anthony Truong\My Documents\Downloads\y8y602cy.exe[3924] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3960] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3960] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3960] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3960] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4036] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00912F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4036] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00912CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4036] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00912D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[4036] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00912CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4060] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CD2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4060] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CD2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4060] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CD2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4060] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CD2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4060] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A87] \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4204] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01162F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4204] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01162CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4204] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [01162D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4204] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01162CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4204] @ C:\windows\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A87] \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4416] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A62F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4416] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A62CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4416] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A62D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[4416] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A62CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\notepad.exe[4780] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\notepad.exe[4780] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\notepad.exe[4780] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\notepad.exe[4780] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\notepad.exe[5044] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\notepad.exe[5044] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\notepad.exe[5044] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\notepad.exe[5044] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\wscntfy.exe[5620] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\wscntfy.exe[5620] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\wscntfy.exe[5620] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\windows\system32\wscntfy.exe[5620] @ C:\windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 873D2EB0
Device \FileSystem\Fastfat \FatCdrom 86891930
Device \FileSystem\Udfs \UdfsCdRom 86F4FEB0
Device \FileSystem\meiudf \MeiUDF_Disk 871ACEB0
Device \FileSystem\meiudf \MeiUDF_CdRom 871ACEB0
Device \FileSystem\Udfs \UdfsDisk 86F4FEB0

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 87383A40
Device \Driver\dmio \Device\DmControl\DmConfig 87383A40
Device \Driver\dmio \Device\DmControl\DmPnP 87383A40
Device \Driver\dmio \Device\DmControl\DmInfo 87383A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 87383C78
Device \Driver\Cdrom \Device\CdRom0 87115B30
Device \Driver\Ftdisk \Device\HarddiskVolume2 87383C78
Device \FileSystem\Rdbss \Device\FsWrap 870A26C0
Device \Driver\Cdrom \Device\CdRom1 87115B30
Device \Driver\atapi \Device\Ide\IdePort0 [F76C3B40] atapi.sys[unknown section] {MOV EAX, 0x87383728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf77a2684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F76C3B40] atapi.sys[unknown section] {MOV EAX, 0x87383728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf77a2684; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F76C3B40] atapi.sys[unknown section] {MOV EAX, 0x87383728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf77a2684; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F76C3B40] atapi.sys[unknown section] {MOV EAX, 0x87383728; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf77a2684; RET }
Device \Driver\NetBT \Device\NetBt_Wins_Export 871D90E8
Device \Driver\NetBT \Device\NetbiosSmb 871D90E8
Device \Driver\00000059 \Device\0000005c sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 873D20E8
Device \Driver\Disk \Device\Harddisk2\DR5 873D20E8
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 873D20E8
Device \Driver\USBSTOR \Device\000000ab 871E2E18
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 870C30E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 870C30E8
Device \Driver\USBSTOR \Device\000000ae 871E2E18
Device \FileSystem\Npfs \Device\NamedPipe 871B6EB0
Device \Driver\Ftdisk \Device\FtControl 87383C78
Device \FileSystem\Msfs \Device\Mailslot 86EBF470
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 8709A5A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8709A5A8
Device \FileSystem\Fastfat \Fat 86891930

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 86787970
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll (*** hidden *** ) @ C:\windows\system32\svchost.exe [1404] 0x35670000
Library \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll (*** hidden *** ) @ C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2624] 0x35670000
Library \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll (*** hidden *** ) @ C:\windows\System32\alg.exe [2688] 0x35670000
Library \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll (*** hidden *** ) @ C:\PROGRA~1\MICROS~4\rapimgr.exe [2828] 0x35670000
Library \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll (*** hidden *** ) @ C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [3700] 0x35670000
Library \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [3812] 0x35670000
Library \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll (*** hidden *** ) @ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [4060] 0x35670000
Library \\?\globalroot\Device\__max++>\6BFD56D8.x86.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4204] 0x35670000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x75 0xDF 0x27 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0x7A 0x66 0x5F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x9C 0x8A 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x75 0xDF 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0x7A 0x66 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x9C 0x8A 0x5B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x75 0xDF 0x27 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0x7A 0x66 0x5F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x9C 0x8A 0x5B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x75 0xDF 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0x7A 0x66 0x5F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x9C 0x8A 0x5B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 71582434
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1129737367
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1799305822
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x75 0xDF 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0x7A 0x66 0x5F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x9C 0x8A 0x5B ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x81 0x75 0xDF 0x27 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF9 0x7A 0x66 0x5F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0B 0x9C 0x8A 0x5B ...

---- EOF - GMER 1.0.15 ----

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:53 PM

Posted 10 November 2009 - 01:51 PM

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
"%userprofile%\desktop\win32kdiag.exe" -f -r
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 woe is me

woe is me
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 10 November 2009 - 03:18 PM

Here is the Win32kDiag.txt

Running from: C:\Documents and Settings\Anthony Truong\My Documents\Downloads\Win32kDiag.exe

Log file at : C:\Documents and Settings\Anthony Truong\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\windows'...



Cannot access: C:\windows\Installer\4ea983.msi

[1] 2009-02-09 06:10:48 56320 C:\windows\Installer\4ea983.msi ()





Finished!

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:53 PM

Posted 10 November 2009 - 08:19 PM

Please click here and download that file.
Save it to your desktop and double click on it to run it then please post the log that it produces.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 woe is me

woe is me
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 10 November 2009 - 08:49 PM

Volume in drive C is SQ004033P03
Volume Serial Number is 2494-B190

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 06:00 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 06:00 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/10/2004 06:00 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 04:42 AM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 04:42 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/14/2008 04:41 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/14/2008 04:42 AM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/14/2008 04:42 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/14/2008 04:41 AM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
9 File(s) 1,932,288 bytes
0 Dir(s) 35,810,447,360 bytes free

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:53 PM

Posted 11 November 2009 - 05:09 AM

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 woe is me

woe is me
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 11 November 2009 - 03:07 PM

ComboFix 09-11-09.02 - Anthony Truong 11/11/2009 7:35.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.616 [GMT -6:00]
Running from: c:\documents and settings\Anthony Truong\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-3868997124-911790988-508925577-500
c:\windows\010112010146118114.dat
c:\windows\0101120101465349.dat
c:\windows\0101120101465749.dat
c:\windows\kb913800.exe
c:\windows\ONSPCLCK.exe
c:\windows\strt_1246552817.exe
c:\windows\system32\zip32.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRV
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_glaide32


((((((((((((((((((((((((( Files Created from 2009-10-11 to 2009-11-11 )))))))))))))))))))))))))))))))
.

2009-11-11 13:40 . 2008-04-14 10:42 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-11 13:40 . 2008-04-14 10:42 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-05 19:57 . 2009-11-05 22:42 -------- d-----w- c:\documents and settings\Anthony Truong\Application Data\Digital Support
2009-10-25 22:49 . 2009-11-05 22:42 -------- d-----w- c:\program files\Sophos

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 19:20 . 2008-08-11 05:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-06 03:52 . 2008-11-23 23:17 -------- d-----w- c:\program files\PeerGuardian2
2009-11-05 19:24 . 2006-09-03 04:22 -------- d-----w- c:\documents and settings\Anthony Truong\Application Data\uTorrent
2009-11-03 21:41 . 2006-07-03 05:55 -------- d-----w- c:\program files\Common Files\Ahead
2009-10-12 03:46 . 2009-10-12 03:46 -------- d-----w- c:\documents and settings\All Users\Application Data\GARMIN
2009-10-12 03:45 . 2009-10-12 02:45 -------- d-----w- c:\documents and settings\Anthony Truong\Application Data\GARMIN
2009-10-12 03:25 . 2009-10-12 02:52 -------- d-----w- c:\documents and settings\Anthony Truong\Application Data\Download Manager
2009-10-12 02:44 . 2009-10-12 02:44 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-10-12 02:44 . 2009-10-12 02:44 -------- d-----w- c:\program files\DIFX
2009-10-12 02:44 . 2009-10-12 02:44 -------- d-----w- c:\program files\Garmin
2009-09-21 04:30 . 2007-12-23 03:54 -------- d-----w- c:\documents and settings\Anthony Truong\Application Data\Skype
2009-09-21 02:38 . 2009-08-06 14:58 -------- d-----w- c:\documents and settings\Anthony Truong\Application Data\skypePM
2009-09-20 16:58 . 2009-07-03 04:40 117760 ----a-w- c:\documents and settings\Anthony Truong\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-20 04:42 . 2009-09-11 22:11 -------- d-----w- c:\documents and settings\Anthony Truong\Application Data\HpUpdate
2009-09-13 06:06 . 2009-09-13 06:06 -------- d-----w- c:\program files\7-Zip
2009-09-13 03:20 . 2008-05-13 15:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-07 16:17 . 2006-06-12 01:57 82960 ----a-w- c:\documents and settings\Anthony Truong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 16:14 . 2006-02-16 16:59 82960 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-05-13 22:12 . 2005-05-13 22:12 217073 --sha-r- c:\windows\meta4.exe
2005-10-24 16:13 . 2005-10-24 16:13 66560 --sha-r- c:\windows\MOTA113.exe
2004-08-10 12:00 . 2006-02-15 14:04 94784 --sh--w- c:\windows\twain.dll
2006-02-17 03:33 . 2006-02-17 03:33 1216 --sh--w- c:\windows\Twunk_16.dll
2006-02-17 03:33 . 2006-02-17 03:33 1216 --sh--w- c:\windows\Twunk_32.dll
2005-10-14 02:27 . 2005-10-14 02:27 422400 --sha-r- c:\windows\x2.64.exe
2005-10-08 00:14 . 2005-10-08 00:14 308224 --sha-r- c:\windows\system32\avisynth.dll
2005-07-14 17:31 . 2005-07-14 17:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll
2005-06-26 20:32 . 2005-06-26 20:32 616448 --sha-r- c:\windows\system32\cygwin1.dll
2005-06-22 03:37 . 2005-06-22 03:37 45568 --sha-r- c:\windows\system32\cygz.dll
2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\windows\system32\i420vfw.dll
2006-04-27 15:24 . 2006-04-27 15:24 2945024 --sha-r- c:\windows\system32\Smab.dll
2005-02-28 18:16 . 2005-02-28 18:16 240128 --sha-r- c:\windows\system32\x.264.exe
2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Redemption"="c:\program files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE" [2006-08-20 8183808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"MotiveMonitor"="c:\program files\Motive\AsstCommon\motmon.exe" [2002-09-27 135168]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-12 149280]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-03-11 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WMC_WMPDBExport"="c:\program files\Windows Media Player\wmdbexport.exe" [2006-10-19 493568]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"TSClientAXDisabler"="c:\windows\Installer\TSClientMsiTrans\tscdsbl.bat" [2008-01-19 2247]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Lifeline.lnk - c:\program files\Digital Lifeline\bin\mpbtn.exe [2006-6-12 172032]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-8-6 66864]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-15 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-13 03:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-12-22 05:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ psqlpwd scecli

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\afroguy36\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\afroguy36\\half-life\\hl.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57348:TCP"= 57348:TCP:Pando P2P TCP Listening Port
"57348:UDP"= 57348:UDP:Pando P2P UDP Listening Port

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 10:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 10:01 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/28/2009 10:09 AM 108289]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/21/2005 11:55 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/21/2005 11:55 PM 33024]
R2 REFILERW;REFILERW;c:\windows\system32\drivers\REFILERW.SYS [9/7/2006 12:34 AM 5463]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/21/2005 11:25 PM 3456]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/2/2007 5:34 PM 24652]
S1 drvdrv;drvdrv;\??\c:\program files\drv\drv.sys --> c:\program files\drv\drv.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\F0.tmp --> c:\windows\system32\F0.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 10:01 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv REG_MULTI_SZ drv
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2006-02-15 12:00]

2009-08-23 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2008-05-31 10:42]

2006-06-12 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-05-31 10:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Anthony Truong\Application Data\Mozilla\Firefox\Profiles\29rp32ks.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pittstate.edu/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsabffx.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\system32\SuperAdBlocker.com\npsabffx.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
AddRemove-Hy-Tek's TEAM MANAGER 4.0 - c:\hy-sport\TM4\DeIsL1.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-11 07:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x873D20E8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x873d20e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\F0.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(812)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(2316)
c:\windows\system32\TDispVol.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\eHome\ehmsas.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2009-11-11 7:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-11 13:54

Pre-Run: 35,709,403,136 bytes free
Post-Run: 35,520,630,784 bytes free

Current=5 Default=5 Failed=1 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 8BAAAE345575A625BCF709FED37B1D03

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:53 PM

Posted 12 November 2009 - 06:50 AM

1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
Viewpoint Manager Service
drvdrv

Folder::
c:\program files\drv

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"drv"=-

MBR::


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following report/log into your next reply:
  • Combofix.txt
=============
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 woe is me

woe is me
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 12 November 2009 - 03:22 PM

Tried running combofix but it didn't seem to work. I let it run for about two hours but it just stayed on that scanning for infected files part. I tried this twice. Both times it stayed there for a couple hours. Then when I closed it the internet wouldn't work for a couple minutes, but maybe that was a coincidence.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:53 PM

Posted 13 November 2009 - 07:52 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Services
    Viewpoint Manager Service
    drvdrv
    
    :Files
    c:\program files\drv
    c:\program files\Viewpoint
    
    :reg
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    "drv"=-
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 woe is me

woe is me
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 14 November 2009 - 10:33 AM

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/13/2009 2:20:07 PM
mbam-log-2009-11-13 (14-20-07).txt

Scan type: Full Scan (C:\|)
Objects scanned: 229805
Time elapsed: 6 hour(s), 46 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.pox (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pofile (Rogue.FixTool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0024030.exe (PUP.PerfectOptimizer) -> Quarantined and deleted successfully.


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=efa6955e83850840aaf7b6e8c7fbc6ff
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-14 12:53:23
# local_time=2009-11-13 06:53:23 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775125 100 100 0 34485698 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=106476
# found=2
# cleaned=2
# scan_time=3547
C:\Documents and Settings\Anthony Truong\Incomplete\Preview-T-5554193-shakina blindside.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Anthony Truong\Incomplete\T-5554193-shakina blindside.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:53 PM

Posted 14 November 2009 - 11:29 AM

Hi do you have the results from the OTL instructions prior to running the scans?
If so then please post that in your next reply.

How are things running now?
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 woe is me

woe is me
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 15 November 2009 - 07:09 PM

Is this the OTL instructions you wanted?

All processes killed
========== SERVICES/DRIVERS ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
Service drvdrv stopped successfully!
Service drvdrv deleted successfully!
========== FILES ==========
File\Folder c:\program files\drv not found.
c:\program files\Viewpoint\Viewpoint Toolbar\3.9.0 folder moved successfully.
c:\program files\Viewpoint\Viewpoint Toolbar folder moved successfully.
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images folder moved successfully.
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData folder moved successfully.
c:\program files\Viewpoint\Viewpoint Manager folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\NewComponents folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\VMgr_Win folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology\Components folder moved successfully.
c:\program files\Viewpoint\Viewpoint Experience Technology folder moved successfully.
c:\program files\Viewpoint\Common folder moved successfully.
c:\program files\Viewpoint folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\drv deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Anthony Truong
->Temp folder emptied: 1365293 bytes
->Temporary Internet Files folder emptied: 5503403 bytes
->Java cache emptied: 19255564 bytes
->FireFox cache emptied: 100612516 bytes
->Apple Safari cache emptied: 1226178 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 360912 bytes
->FireFox cache emptied: 4088795 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 58707 bytes
%systemroot%\System32 .tmp files removed: 4412733 bytes
Windows Temp folder emptied: 166337 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12990356 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 143.12 mb


OTL by OldTimer - Version 3.1.5.0 log created on 11132009_071009

Files\Folders moved on Reboot...
File move failed. C:\windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Here is the log of the latest OTL scan

OTL logfile created on: 11/15/2009 6:03:18 PM - Run 2
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Documents and Settings\Anthony Truong\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.98 Mb Total Physical Memory | 379.36 Mb Available Physical Memory | 37.41% Memory free
2.38 Gb Paging File | 1.83 Gb Available in Paging File | 76.84% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.54 Gb Total Space | 32.98 Gb Free Space | 29.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GIZMO
Current User Name: Anthony Truong
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Anthony Truong\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
PRC - C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE (CompuApps Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\Toshiba.exe (Synaptics, Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TDispVol.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Motive\AsstCommon\motmon.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Digital Lifeline\bin\mpbtn.exe ()
PRC - C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe (Hewlett-Packard Company)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Anthony Truong\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\TDispVol.dll ()


========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ehRecvr) -- C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (ehSched) -- C:\WINDOWS\ehome\ehSched.exe (Microsoft Corporation)
SRV - (McrdSvc) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (UPHClean) -- C:\Program Files\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (DVD-RAM_Service) -- C:\WINDOWS\system32\DVDRAMSV.exe (Matsubleepa Electric Industrial Co., Ltd.)


========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (dtscsi) -- C:\windows\System32\Drivers\dtscsi.sys ()
DRV - (sptd) -- C:\windows\System32\Drivers\sptd.sys ()
DRV - (REFILERW) -- C:\WINDOWS\system32\drivers\REFILERW.SYS (CompuApps, Inc)
DRV - (AegisP) -- C:\WINDOWS\system32\drivers\AegisP.sys (Meetinghouse Data Communications)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (FdRedir) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys (UPEK Inc.)
DRV - (FileDisk2) -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys (UPEK Inc.)
DRV - (TcUsb) -- C:\WINDOWS\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (smihlp) -- C:\Program Files\Protector Suite QL\smihlp.sys (UPEK Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel« Corporation)
DRV - (Tvs) -- C:\WINDOWS\system32\drivers\Tvs.sys (TOSHIBA Corporation)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (TVALD) -- C:\WINDOWS\system32\drivers\NBSMI.sys (Toshiba Corporation)
DRV - (e1express) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (tosrfec) -- C:\WINDOWS\system32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (tbiosdrv) -- C:\WINDOWS\system32\drivers\tbiosdrv.sys ()
DRV - (PxHelp20) -- C:\windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (meiudf) -- C:\WINDOWS\system32\drivers\meiudf.sys (Matsubleepa Electric Industrial Co.,Ltd.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KR10N) -- C:\windows\system32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SilverLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)
DRV - (wanatw) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (SONYPVU1) -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS (Sony Corporation)
DRV - (QV2KUX) -- C:\WINDOWS\system32\drivers\qv2kux.sys (Microsoft Corporation)
DRV - (TICalc) -- C:\WINDOWS\system32\drivers\Ticalc.sys ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.pittstate.edu/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/11 18:09:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 00:34:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 19:08:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 19:08:59 | 00,000,000 | ---D | M]

[2008/08/29 08:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Mozilla\Extensions
[2008/08/29 08:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/11 18:33:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Anthony Truong\Application Data\Mozilla\Firefox\Profiles\29rp32ks.default\extensions
[2009/11/14 18:11:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 19:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/11 18:09:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/06 19:08:51 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 19:08:51 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/09/03 12:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/08/11 18:08:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2006/08/07 09:32:12 | 01,376,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2009/11/06 19:08:54 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/30 06:33:43 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/30 06:33:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/09/05 12:56:00 | 00,352,256 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsabffx.dll
[2005/08/09 12:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2009/07/30 01:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/30 01:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/30 01:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/30 01:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/30 01:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/30 01:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/30 01:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Viewpoint Toolbar BHO) - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Viewpoint Toolbar) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\windows\agrsmmsg.exe (Agere Systems)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CXMon] C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MotiveMonitor] C:\Program Files\Motive\AsstCommon\motmon.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Redemption] C:\Program Files\Redemption Backup\All Users\Redemption\REDEMPTION.EXE (CompuApps Inc.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TDispVol] C:\windows\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\windows\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Lifeline.lnk = C:\Program Files\Digital Lifeline\bin\mpbtn.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 43 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 820 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1150411123187 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\windows\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\windows\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\windows\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\windows\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\windows\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\windows\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\windows\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\windows\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\windows\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\windows\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\windows\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/15 09:38:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{7547bc12-3dfc-11db-9bdd-00a0d14023b2}\Shell - "" = AutoRun
O33 - MountPoints2\{7547bc12-3dfc-11db-9bdd-00a0d14023b2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7547bc12-3dfc-11db-9bdd-00a0d14023b2}\Shell\AutoRun\command - "" = G:\ONSPCLCK.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/15 17:56:24 | 00,000,000 | R-SD | C] -- C:\Documents and Settings\Anthony Truong\My Documents\My Safe
[2009/11/13 17:47:32 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/13 07:10:09 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/12 16:06:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\My Documents\Version Cue
[2009/11/12 16:06:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\My Documents\AdobeStockPhotos
[2009/11/12 12:40:25 | 00,000,000 | --SD | C] -- C:\ComboFix(2)
[2009/11/11 07:40:35 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\proquota.exe
[2009/11/11 07:40:35 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\proquota.exe
[2009/11/11 07:20:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2009/11/11 07:20:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2009/11/11 07:20:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2009/11/11 07:20:40 | 00,031,232 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2009/11/11 07:20:11 | 00,000,000 | ---D | C] -- C:\windows\ERDNT
[2009/11/11 07:18:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/07 13:21:37 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Anthony Truong\Recent
[2009/11/05 13:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\Application Data\Digital Support
[2009/11/05 13:25:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Anthony Truong\Desktop\Misc
[2009/10/25 16:49:46 | 00,000,000 | ---D | C] -- C:\Program Files\Sophos
[2006/06/30 12:42:04 | 00,018,944 | ---- | C] ( ) -- C:\windows\System32\IMPLODE.DLL
[2006/02/19 02:28:56 | 00,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\windows\Fonts\RandFont.dll
[2006/02/15 10:25:00 | 00,053,248 | ---- | C] ( ) -- C:\windows\System32\DLLVGA.dll
[16 C:\Documents and Settings\Anthony Truong\My Documents\*.tmp files -> C:\Documents and Settings\Anthony Truong\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/15 17:56:49 | 00,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2009/11/15 17:56:07 | 00,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2009/11/15 17:56:05 | 00,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2009/11/15 17:56:04 | 10,633,09312 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/15 12:38:48 | 11,534,336 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\ntuser.dat
[2009/11/15 12:38:48 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Anthony Truong\ntuser.ini
[2009/11/14 04:08:37 | 21,941,948 | -H-- | M] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\IconCache.db
[2009/11/13 17:44:27 | 00,445,938 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2009/11/13 17:44:26 | 00,072,978 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2009/11/13 17:44:25 | 00,528,020 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2009/11/13 14:26:17 | 00,000,006 | ---- | M] () -- C:\windows\Twain001.Mtx
[2009/11/13 14:26:16 | 00,000,156 | ---- | M] () -- C:\windows\Twunk001.MTX
[2009/11/13 07:01:41 | 00,000,974 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\Spybot - Search & Destroy.lnk
[2009/11/12 16:20:13 | 03,883,087 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\slow dance in burning room.psd
[2009/11/12 16:08:19 | 00,038,770 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\slow dance1.jpg
[2009/11/12 15:54:16 | 00,578,396 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\fire.jpg
[2009/11/12 15:52:33 | 00,051,942 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\slow dance.jpg
[2009/11/12 15:21:26 | 00,000,504 | ---- | M] () -- C:\windows\ONSPCLCK.exe
[2009/11/11 07:43:35 | 00,000,227 | ---- | M] () -- C:\windows\system.ini
[2009/11/11 07:43:03 | 00,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2009/11/10 20:46:30 | 00,013,358 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\ku interview.docx
[2009/11/10 20:22:23 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\KU Interview Day Schedule-1.doc
[2009/11/10 19:59:45 | 00,032,256 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\LodgingTransportInfoForAppls2009.doc
[2009/11/10 15:34:43 | 00,082,482 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\Snoopy.JPG
[2009/11/10 14:35:03 | 00,276,994 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\335zye33vc_remember.jpg
[2009/11/10 11:23:19 | 00,011,863 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\LFC subway nutrition.xlsx
[2009/11/09 18:12:13 | 00,030,720 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\Stock_Market_Project ashley.xls
[2009/11/08 19:42:43 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\Stock_Market_Project.xls
[2009/11/08 12:18:13 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\windows\PEV.exe
[2009/11/04 07:28:06 | 00,236,526 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\cc_20091104_072744.reg
[2009/11/04 07:24:59 | 00,001,559 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\CCleaner.lnk
[2009/11/01 21:58:45 | 00,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2009/11/01 21:19:09 | 00,347,797 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\PSU_Chemistry_Club_Fall_09[1].pptx
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\windows\MBR.exe
[2009/10/22 06:31:50 | 00,000,151 | ---- | M] () -- C:\windows\PhotoSnapViewer.INI
[2009/10/20 18:26:45 | 00,054,272 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\intro to bus exam 2 sg.doc
[2009/10/18 22:13:32 | 00,020,471 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\My Documents\paper project 2 maslow.docx
[2009/10/18 14:17:42 | 01,474,988 | ---- | M] () -- C:\Documents and Settings\Anthony Truong\Desktop\Supreme_Victors_Rulebook.pdf
[16 C:\Documents and Settings\Anthony Truong\My Documents\*.tmp files -> C:\Documents and Settings\Anthony Truong\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/12 16:20:11 | 03,883,087 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\slow dance in burning room.psd
[2009/11/12 16:08:18 | 00,038,770 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\slow dance1.jpg
[2009/11/12 15:54:16 | 00,578,396 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\fire.jpg
[2009/11/12 15:52:32 | 00,051,942 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\slow dance.jpg
[2009/11/12 15:21:26 | 00,000,504 | ---- | C] () -- C:\windows\ONSPCLCK.exe
[2009/11/11 21:46:26 | 11,534,336 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\ntuser.dat
[2009/11/11 07:20:40 | 00,267,264 | ---- | C] () -- C:\windows\PEV.exe
[2009/11/11 07:20:40 | 00,098,816 | ---- | C] () -- C:\windows\sed.exe
[2009/11/11 07:20:40 | 00,080,412 | ---- | C] () -- C:\windows\grep.exe
[2009/11/11 07:20:40 | 00,077,312 | ---- | C] () -- C:\windows\MBR.exe
[2009/11/11 07:20:40 | 00,068,096 | ---- | C] () -- C:\windows\zip.exe
[2009/11/10 20:20:13 | 00,013,358 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\ku interview.docx
[2009/11/10 19:59:45 | 00,032,256 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\LodgingTransportInfoForAppls2009.doc
[2009/11/10 19:57:39 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\KU Interview Day Schedule-1.doc
[2009/11/10 15:34:42 | 00,082,482 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\Snoopy.JPG
[2009/11/10 14:35:02 | 00,276,994 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\335zye33vc_remember.jpg
[2009/11/10 11:23:19 | 00,011,863 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\LFC subway nutrition.xlsx
[2009/11/09 18:06:27 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\Stock_Market_Project ashley.xls
[2009/11/08 19:42:43 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\Stock_Market_Project.xls
[2009/11/04 07:27:51 | 00,236,526 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\cc_20091104_072744.reg
[2009/11/01 21:19:08 | 00,347,797 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\PSU_Chemistry_Club_Fall_09[1].pptx
[2009/10/20 16:22:21 | 00,054,272 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\intro to bus exam 2 sg.doc
[2009/10/18 21:29:13 | 00,020,471 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\My Documents\paper project 2 maslow.docx
[2009/10/18 14:17:42 | 01,474,988 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Desktop\Supreme_Victors_Rulebook.pdf
[2009/08/06 08:37:21 | 00,066,482 | R--- | C] () -- C:\windows\System32\lvcoinst.ini
[2009/01/18 09:58:39 | 00,000,427 | ---- | C] () -- C:\windows\System32\winpdf.ini
[2008/10/03 08:40:05 | 00,000,170 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\wklnhst.dat
[2008/09/07 22:43:27 | 00,000,151 | ---- | C] () -- C:\windows\PhotoSnapViewer.INI
[2008/07/27 13:24:28 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\$_hpcst$.hpc
[2008/07/26 07:25:02 | 00,025,624 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2007/09/26 21:23:43 | 00,046,800 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\GDIPFONTCACHEV1.DAT
[2007/08/14 13:51:01 | 00,000,000 | ---- | C] () -- C:\windows\ringtonemaker.INI
[2007/08/14 13:44:55 | 00,001,208 | ---- | C] () -- C:\windows\mgxoschk.ini
[2007/02/18 14:13:33 | 00,009,152 | ---- | C] () -- C:\windows\System32\drivers\Ticalc.sys
[2007/02/18 14:13:33 | 00,000,378 | ---- | C] () -- C:\windows\Wlink83p.ini
[2007/01/26 14:33:56 | 00,000,029 | ---- | C] () -- C:\windows\atid.ini
[2006/10/24 11:07:53 | 00,000,067 | ---- | C] () -- C:\windows\swupdate.INI
[2006/10/21 21:26:18 | 00,000,080 | ---- | C] () -- C:\windows\sierra.ini
[2006/10/05 09:40:25 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/09/25 23:35:12 | 00,043,520 | ---- | C] () -- C:\windows\System32\CmdLineExt03.dll
[2006/09/24 11:03:09 | 00,223,128 | ---- | C] () -- C:\windows\System32\drivers\dtscsi.sys
[2006/09/23 07:39:36 | 00,643,072 | ---- | C] () -- C:\windows\System32\drivers\sptd.sys
[2006/09/23 07:39:36 | 00,096,384 | ---- | C] () -- C:\windows\System32\drivers\sptd5053.sys
[2006/09/07 00:34:57 | 00,000,081 | ---- | C] () -- C:\windows\REDEMVER.INI
[2006/09/07 00:34:56 | 00,000,525 | ---- | C] () -- C:\windows\REDEMUNINS.INI
[2006/09/07 00:34:51 | 00,003,924 | ---- | C] () -- C:\windows\REDEMCALL.INI
[2006/09/04 08:35:10 | 00,594,450 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2006/09/04 08:35:10 | 00,524,288 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2006/09/04 08:35:10 | 00,139,264 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2006/09/04 08:35:08 | 00,005,120 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2006/09/04 08:35:08 | 00,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2006/08/22 16:43:03 | 00,077,824 | R--- | C] () -- C:\windows\System32\HPZIDS01.dll
[2006/08/22 16:31:43 | 00,001,061 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/08/19 20:05:22 | 00,000,000 | ---- | C] () -- C:\windows\VPC32.INI
[2006/07/02 21:31:35 | 00,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2006/07/02 11:56:14 | 00,100,864 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/07/01 11:28:52 | 00,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/30 13:05:56 | 00,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2006/06/12 17:02:16 | 00,073,728 | ---- | C] () -- C:\windows\System32\cdDll.dll
[2006/06/11 19:57:13 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Anthony Truong\Application Data\desktop.ini
[2006/06/11 19:57:11 | 21,941,948 | -H-- | C] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\IconCache.db
[2006/06/11 19:57:11 | 00,082,960 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/06/11 19:57:11 | 00,000,138 | ---- | C] () -- C:\Documents and Settings\Anthony Truong\Local Settings\Application Data\fusioncache.dat
[2006/05/24 16:47:11 | 03,596,288 | ---- | C] () -- C:\windows\System32\qt-dx331.dll
[2006/03/09 21:24:31 | 00,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2006/02/24 22:28:54 | 00,045,056 | ---- | C] () -- C:\windows\System32\TDispVol.dll
[2006/02/16 09:07:58 | 00,000,012 | ---- | C] () -- C:\windows\dirsaver.ini
[2006/02/16 03:50:52 | 00,000,377 | ---- | C] () -- C:\windows\wininit.ini
[2006/02/16 03:25:21 | 00,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2006/02/16 03:25:21 | 00,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2006/02/16 03:25:21 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2006/02/16 03:25:21 | 00,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2006/02/16 03:25:21 | 00,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2006/02/16 03:25:21 | 00,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2006/02/15 10:41:53 | 00,036,736 | ---- | C] () -- C:\windows\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/15 10:41:53 | 00,029,184 | ---- | C] () -- C:\windows\System32\drivers\TSXT_kern_i386.sys
[2006/02/15 10:40:07 | 00,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2006/02/15 10:28:50 | 00,128,113 | ---- | C] () -- C:\windows\System32\csellang.ini
[2006/02/15 10:28:50 | 00,045,056 | ---- | C] () -- C:\windows\System32\csellang.dll
[2006/02/15 10:28:50 | 00,010,165 | ---- | C] () -- C:\windows\System32\tosmreg.ini
[2006/02/15 10:28:50 | 00,007,671 | ---- | C] () -- C:\windows\System32\cseltbl.ini
[2006/02/15 10:25:00 | 00,118,784 | ---- | C] () -- C:\windows\System32\TCtrlIO.dll
[2006/02/15 10:21:53 | 00,135,168 | ---- | C] () -- C:\windows\System32\RtlCPAPI.dll
[2006/02/15 09:44:19 | 00,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2006/02/15 09:34:07 | 00,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2006/02/15 08:09:00 | 00,000,341 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2006/02/15 08:04:21 | 00,000,740 | ---- | C] () -- C:\windows\win.ini
[2006/02/15 08:04:05 | 00,000,227 | ---- | C] () -- C:\windows\system.ini
[2006/02/15 01:30:03 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/09/02 16:44:08 | 00,110,592 | ---- | C] () -- C:\windows\System32\TosBtAcc.dll
[2005/08/24 17:20:28 | 00,009,472 | ---- | C] () -- C:\windows\System32\drivers\tbiosdrv.sys
[2005/08/05 16:01:54 | 00,235,008 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2005/07/22 23:30:20 | 00,065,536 | ---- | C] () -- C:\windows\System32\TosCommAPI.dll
[2005/07/14 11:31:20 | 00,027,648 | RHS- | C] () -- C:\windows\System32\AVSredirect.dll
[2005/06/21 21:37:42 | 00,045,568 | RHS- | C] () -- C:\windows\System32\cygz.dll
[2004/07/20 19:04:02 | 00,094,208 | ---- | C] () -- C:\windows\System32\TosBtHcrpAPI.dll
[2004/01/15 16:43:28 | 00,114,688 | ---- | C] () -- C:\windows\System32\TBTMonUI.dll
[2004/01/13 20:46:00 | 00,172,032 | ---- | C] () -- C:\windows\System32\tifmicon.dll
[2001/07/07 02:00:00 | 00,003,399 | ---- | C] () -- C:\windows\System32\hptcpmon.ini
< End of report >


The computer seems to be running fine. However I ran a scan with Avira just to see how it would do and it detected a bunch of stuff. Here is the scan for that.



Avira AntiVir Personal
Report file date: Sunday, November 15, 2009 11:18

Scanning for 1903267 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : GIZMO

Version information:
BUILD.DAT : 9.0.0.410 18074 Bytes 9/25/2009 11:56:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 8/6/2009 01:39:24
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 22:02:42
ANTIVIR2.VDF : 7.1.6.222 5998592 Bytes 11/11/2009 23:44:54
ANTIVIR3.VDF : 7.1.6.235 129536 Bytes 11/13/2009 23:44:28
Engineversion : 8.2.1.65
AEVDF.DLL : 8.1.1.2 106867 Bytes 9/15/2009 21:32:20
AESCRIPT.DLL : 8.1.2.44 586107 Bytes 11/6/2009 22:16:35
AESCN.DLL : 8.1.2.5 127346 Bytes 9/4/2009 02:44:11
AERDL.DLL : 8.1.3.2 479604 Bytes 10/3/2009 01:40:38
AEPACK.DLL : 8.2.0.3 422261 Bytes 11/5/2009 22:18:53
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/17/2009 21:43:13
AEHEUR.DLL : 8.1.0.180 2093432 Bytes 11/6/2009 22:16:04
AEHELP.DLL : 8.1.7.0 237940 Bytes 9/4/2009 02:44:09
AEGEN.DLL : 8.1.1.74 364917 Bytes 11/13/2009 23:44:57
AEEMU.DLL : 8.1.1.0 393587 Bytes 10/3/2009 01:40:32
AECORE.DLL : 8.1.8.2 184694 Bytes 11/5/2009 22:15:00
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 9/11/2009 21:19:14
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/15/2009 21:43:34
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Sunday, November 15, 2009 11:18

Starting search for hidden objects.
'57972' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'mpbtn.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'rapimgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'motmon.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Hpi_monitor.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'psqltray.exe' - '1' Module(s) have been scanned
Scan process 'Toshiba.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'pinger.exe' - '1' Module(s) have been scanned
Scan process 'REDEMPTION.EXE' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'TDispVol.exe' - '1' Module(s) have been scanned
Scan process 'THotkey.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'uphclean.exe' - '1' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
Scan process 'swupdtmr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
83 processes with 83 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '101' files ).


Starting the file scan:

Begin scan in 'C:\' <SQ004033P03>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Anthony Truong\Incomplete\Preview-T-5554193-shakina blindside.mp3
[DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
C:\Documents and Settings\Anthony Truong\Incomplete\T-5554193-shakina blindside.mp3
[DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP109\A0023468.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0023865.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0023885.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0024086.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0024120.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP111\A0024183.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP112\A0024251.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP113\A0024305.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP114\A0025350.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP115\A0025391.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP116\A0025474.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP116\A0025544.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
C:\WINDOWS\Installer\4ea983.msi
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd5053.sys
[WARNING] The file could not be opened!

Beginning disinfection:
C:\Documents and Settings\Anthony Truong\Incomplete\Preview-T-5554193-shakina blindside.mp3
[DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
[NOTE] The file was moved to '4b654ab5.qua'!
C:\Documents and Settings\Anthony Truong\Incomplete\T-5554193-shakina blindside.mp3
[DETECTION] Is the TR/Dldr.WMA.Wimad.N Trojan
[NOTE] The file was moved to '4b354a70.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP109\A0023468.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4b304a74.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0023865.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4ab81ddd.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0023885.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4ab70595.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0024086.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4a488705.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP110\A0024120.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48ab27ad.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP111\A0024183.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48ac3fd5.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP112\A0024251.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4abb2575.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP113\A0024305.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4890deb5.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP114\A0025350.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4b304a75.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP115\A0025391.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '48afc68e.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP116\A0025474.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4891d6fe.qua'!
C:\System Volume Information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP116\A0025544.sys:1
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to '4892ee26.qua'!
C:\WINDOWS\Installer\4ea983.msi
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4b614aaa.qua'!


End of the scan: Sunday, November 15, 2009 12:36
Used time: 1:15:31 Hour(s)

The scan has been done completely.

12129 Scanned directories
438813 Files were scanned
15 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
15 Files were moved to quarantine
0 Files were renamed
5 Files cannot be scanned
438793 Files not concerned
11741 Archives were scanned
5 Warnings
17 Notes
57972 Objects were scanned with rootkit scan
0 Hidden objects were found




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users