Computer virus or not?

Hi I was just wandering if someone could check out my files and tell me if anything is wrong as my computer seems to run slow, freeze up
all the time and there seems to be multiple variations of the same files in the system.

Sharon

OTL logfile created on: 9/23/2010 5:46:30 AM - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sharon\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.41 Gb Total Space | 419.88 Gb Free Space | 92.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEWLAPTOP
Current User Name: Sharon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Sharon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
PRC - C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.)
PRC - C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Sharon\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files\Norton PC Checkup\Engine\2.0.4.131\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (Thpsrv) -- C:\Windows\System32\ThpSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (tmwfp) -- C:\Windows\System32\drivers\tmwfp.sys (Trend Micro Inc.)
DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (tmlwf) -- C:\Windows\System32\drivers\tmlwf.sys (Trend Micro Inc.)
DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NETw5s32) Intel® -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tos_sps32) -- C:\windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (TVALZ) -- C:\windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (tosrfec) -- C:\Windows\System32\drivers\tosrfec.sys (TOSHIBA Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (LPCFilter) -- C:\windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (Thpevm) -- C:\windows\system32\DRIVERS\Thpevm.SYS (TOSHIBA Corporation)
DRV - (Thpdrv) -- C:\windows\system32\DRIVERS\thpdrv.sys (TOSHIBA Corporation)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek )
DRV - (enecirhid) -- C:\Windows\System32\drivers\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (netw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (enecirhidma) -- C:\Windows\System32\drivers\enecirhidma.sys (ENE TECHNOLOGY INC.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSAU&bmod=TSAU

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSAU&bmod=TSAU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.ninemsn.com.au
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2010/09/18 12:57:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2010/09/18 12:57:40 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 198.142.0.51 211.29.132.12
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1b7a12e7-c446-11df-935d-0026c655b7b8}\Shell - "" = AutoRun
O33 - MountPoints2\{1b7a12e7-c446-11df-935d-0026c655b7b8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{1b7a130c-c446-11df-935d-002622f12cd4}\Shell - "" = AutoRun
O33 - MountPoints2\{1b7a130c-c446-11df-935d-002622f12cd4}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.siren - C:\windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/23 04:28:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2010/09/23 03:46:44 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2010/09/23 03:45:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/23 00:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/09/22 23:22:34 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Diagnostics
[2010/09/22 15:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/22 15:41:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/09/22 15:41:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/09/22 15:41:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/09/22 11:07:41 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Garage door pics
[2010/09/21 18:37:29 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Microsoft Help
[2010/09/21 18:32:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/09/21 17:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/09/21 17:13:18 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\My Received Files
[2010/09/21 17:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/09/21 15:59:48 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Tracing
[2010/09/21 14:38:32 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Sharon's Stuff
[2010/09/21 14:36:24 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Premier125
[2010/09/21 14:36:14 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Pete's Tax Statements
[2010/09/21 14:32:13 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Michael's Stuff
[2010/09/21 14:32:10 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Lawyer's documents
[2010/09/21 14:31:31 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Greg's GC Scapes Stuff
[2010/09/21 14:29:49 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\concrete saws
[2010/09/21 14:28:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Business Items
[2010/09/21 14:27:55 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Background Pictures
[2010/09/21 14:27:25 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Antivirus
[2010/09/21 14:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Chart Controls
[2010/09/21 14:17:27 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\FLEXnet
[2010/09/21 14:17:15 | 000,000,000 | ---D | C] -- C:\MYOBODBCAU10
[2010/09/21 14:17:15 | 000,000,000 | ---D | C] -- C:\MYOBODBC
[2010/09/21 14:16:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wintertree
[2010/09/21 14:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/09/21 14:15:25 | 000,000,000 | ---D | C] -- C:\Premier19
[2010/09/21 14:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\MYOB
[2010/09/21 14:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010/09/21 07:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2010/09/21 07:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/09/21 07:51:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/09/21 07:51:08 | 000,000,000 | -H-D | C] -- C:\windows\System32\CanonIJ Uninstaller Information
[2010/09/21 07:50:18 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/09/21 07:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/09/20 10:13:43 | 000,198,656 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbnet.sys
[2010/09/20 10:13:43 | 000,102,912 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbmdm.sys
[2010/09/20 10:13:43 | 000,101,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\windows\System32\drivers\ewusbdev.sys
[2010/09/20 10:13:43 | 000,023,424 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\windows\System32\drivers\ewdcsc.sys
[2010/09/20 10:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Optus Wireless Broadband
[2010/09/19 03:50:03 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/09/19 03:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\TOSHIBA Games
[2010/09/19 03:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2010/09/19 03:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/19 03:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/19 03:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/09/19 03:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2010/09/19 03:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/09/19 03:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/09/19 03:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/09/19 03:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/09/19 03:31:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/09/19 03:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/09/19 03:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/09/19 03:30:11 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/09/19 03:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/09/19 03:27:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/09/19 03:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/09/19 03:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/09/19 03:27:09 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2010/09/19 03:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/09/19 03:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2010/09/19 03:20:23 | 000,000,000 | ---D | C] -- C:\windows\System32\Macromed
[2010/09/19 03:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2010/09/19 03:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/09/19 03:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010/09/19 03:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2010/09/19 03:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Dolby
[2010/09/19 03:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared
[2010/09/19 03:12:23 | 000,000,000 | ---D | C] -- C:\windows\Downloaded Installations
[2010/09/19 03:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA
[2010/09/19 03:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/09/19 03:10:41 | 000,000,000 | ---D | C] -- C:\windows\System32\SDA
[2010/09/19 03:10:41 | 000,000,000 | ---D | C] -- C:\Program Files\JMicron
[2010/09/19 03:10:12 | 000,167,936 | ---- | C] (Realtek ) -- C:\windows\System32\drivers\Rt86win7.sys
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\tr
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\sv
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\sk
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\ru
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\pt
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\pl
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\no
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\nl
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\it
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\hu
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\fr
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\fi
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\es
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\el
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\de
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\da
[2010/09/19 03:09:32 | 000,000,000 | ---D | C] -- C:\windows\System32\cs
[2010/09/19 03:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/09/19 03:06:03 | 000,000,000 | ---D | C] -- C:\windows\System32\RTCOM
[2010/09/19 03:05:55 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioEQ.dll
[2010/09/19 03:05:55 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\WavesLib.dll
[2010/09/19 03:05:55 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSXT.dll
[2010/09/19 03:05:55 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DHT32.dll
[2010/09/19 03:05:55 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\System32\RP3DAA32.dll
[2010/09/19 03:05:55 | 000,266,240 | ---- | C] (Fortemedia Corporation) -- C:\windows\System32\FMAPO.dll
[2010/09/19 03:05:55 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSTSHD.dll
[2010/09/19 03:05:55 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSHP360.dll
[2010/09/19 03:05:55 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO20.dll
[2010/09/19 03:05:55 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\windows\System32\SRSWOW.dll
[2010/09/19 03:05:55 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\windows\System32\MaxxAudioAPO.dll
[2010/09/19 03:05:54 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010/09/19 03:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/09/19 03:03:47 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2010/09/19 03:02:49 | 000,024,576 | ---- | C] (COMPAL ELECTRONIC INC.) -- C:\windows\System32\TSBWLS.dll
[2010/09/19 03:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\XP
[2010/09/19 03:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_64
[2010/09/19 03:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\win7_32
[2010/09/19 03:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista64
[2010/09/19 03:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Vista32
[2010/09/19 03:02:22 | 000,000,000 | ---D | C] -- C:\windows\System32\Microsoft.VC80.MFC
[2010/09/19 03:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/09/19 02:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/09/19 02:59:01 | 000,000,000 | ---D | C] -- C:\windows\System32\AGEIA
[2010/09/19 02:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/09/19 02:55:18 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\windows\System32\CSVer.dll
[2010/09/19 02:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/09/19 02:54:41 | 000,000,000 | ---D | C] -- C:\TOSHIBA
[2010/09/18 14:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/09/18 14:50:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/09/18 14:44:34 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Tific
[2010/09/18 14:44:34 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Tific
[2010/09/18 14:44:29 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NortonPCCheckup
[2010/09/18 14:44:29 | 000,000,000 | ---D | C] -- C:\windows\System32\drivers\NortonPCCheckup\0200040.083
[2010/09/18 14:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2010/09/18 14:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/09/18 13:51:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/09/18 13:51:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/09/18 13:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/18 13:40:25 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Gate Opener Pricing
[2010/09/18 13:35:42 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Optus Invoices
[2010/09/18 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Adobe
[2010/09/18 13:23:46 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Documents\Computer enquiry files
[2010/09/18 13:21:45 | 000,000,000 | ---D | C] -- C:\windows\System32\Wat
[2010/09/18 13:04:24 | 000,284,752 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmwfp.sys
[2010/09/18 13:04:24 | 000,143,952 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmlwf.sys
[2010/09/18 12:57:45 | 000,092,112 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmtdi.sys
[2010/09/18 12:57:42 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys
[2010/09/18 12:57:42 | 000,080,464 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmactmon.sys
[2010/09/18 12:57:42 | 000,064,080 | ---- | C] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmevtmgr.sys
[2010/09/18 12:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/18 12:40:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Malwarebytes
[2010/09/18 12:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/18 12:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\TTi_HE_Download_32bit
[2010/09/18 12:18:38 | 057,554,555 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\TTi_HE_Download_32bit.exe
[2010/09/18 11:52:51 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Trend Micro
[2010/09/18 11:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2010/09/18 11:18:16 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Google
[2010/09/18 11:18:01 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Macromedia
[2010/09/18 11:18:00 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Adobe
[2010/09/18 11:11:49 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\TOSHIBA_Corporation
[2010/09/18 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Toshiba
[2010/09/18 10:59:57 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Toshiba
[2010/09/18 10:58:19 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Searches
[2010/09/18 10:58:19 | 000,000,000 | -H-D | C] -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/09/18 10:58:09 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Identities
[2010/09/18 10:58:07 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Contacts
[2010/09/18 10:57:26 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\VirtualStore
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\Temporary Internet Files
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Templates
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Start Menu
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\SendTo
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Recent
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\PrintHood
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\NetHood
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Videos
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Pictures
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Documents\My Music
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\My Documents
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Local Settings
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\History
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Cookies
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\Application Data
[2010/09/18 10:57:24 | 000,000,000 | -HSD | C] -- C:\Users\Sharon\AppData\Local\Application Data
[2010/09/18 10:57:23 | 000,000,000 | --SD | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Videos
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Saved Games
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Pictures
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Music
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Links
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Favorites
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Downloads
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\My Documents
[2010/09/18 10:57:23 | 000,000,000 | R--D | C] -- C:\Users\Sharon\Desktop
[2010/09/18 10:57:23 | 000,000,000 | -H-D | C] -- C:\Users\Sharon\AppData
[2010/09/18 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Temp
[2010/09/18 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\Microsoft
[2010/09/18 10:57:23 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Media Center Programs

========== Files - Modified Within 90 Days ==========

[2010/09/23 05:48:11 | 002,621,440 | -HS- | M] () -- C:\Users\Sharon\NTUSER.DAT
[2010/09/23 05:34:37 | 000,000,036 | ---- | M] () -- C:\Users\Sharon\AppData\Local\housecall.guid.cache
[2010/09/23 05:24:45 | 000,877,396 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/09/23 05:24:45 | 000,736,192 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/09/23 05:24:45 | 000,150,372 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/09/23 04:43:50 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/23 04:43:50 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/23 04:28:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2010/09/23 03:47:52 | 000,284,915 | ---- | M] () -- C:\Users\Sharon\Desktop\gmer.zip
[2010/09/23 03:45:49 | 000,000,846 | ---- | M] () -- C:\Users\Sharon\Desktop\ERUNT.lnk
[2010/09/23 02:55:42 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/09/23 02:55:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/09/23 02:55:32 | 2388,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 02:54:28 | 002,467,811 | -H-- | M] () -- C:\Users\Sharon\AppData\Local\IconCache.db
[2010/09/22 15:16:51 | 000,738,602 | ---- | M] () -- C:\Users\Sharon\Documents\postcharges.pdf
[2010/09/22 08:39:32 | 000,435,240 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/09/21 19:00:50 | 000,122,432 | ---- | M] () -- C:\Users\Sharon\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/21 18:49:03 | 000,001,074 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/09/21 18:37:47 | 000,000,478 | ---- | M] () -- C:\windows\win.ini
[2010/09/21 18:33:20 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/21 17:29:15 | 000,002,693 | ---- | M] () -- C:\Users\Sharon\Desktop\Microsoft Office Outlook 2007.lnk
[2010/09/21 14:54:36 | 000,000,431 | ---- | M] () -- C:\windows\MYOBP.INI
[2010/09/21 14:53:21 | 000,000,042 | ---- | M] () -- C:\windows\MYOB.INI
[2010/09/21 14:17:21 | 000,000,663 | ---- | M] () -- C:\windows\openrda.ini
[2010/09/21 14:17:05 | 000,000,000 | ---- | M] () -- C:\windows\drvxl32.INI
[2010/09/21 14:17:03 | 000,000,000 | ---- | M] () -- C:\windows\drvwd32.INI
[2010/09/21 14:16:26 | 000,001,599 | ---- | M] () -- C:\Users\Public\Desktop\MYOB AccountRight Premier v19.lnk
[2010/09/21 07:52:05 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
[2010/09/20 10:13:47 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/09/20 10:02:13 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/19 03:55:01 | 000,039,252 | ---- | M] () -- C:\windows\System32\license.rtf
[2010/09/19 03:38:38 | 000,000,945 | ---- | M] () -- C:\windows\System32\mapisvc.inf
[2010/09/19 03:22:29 | 000,000,000 | ---- | M] () -- C:\windows\NDSTray.INI
[2010/09/19 03:13:25 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\HDMI Out.lnk
[2010/09/19 03:08:40 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/09/18 14:44:32 | 000,002,251 | ---- | M] () -- C:\Users\Public\Desktop\Norton PC Checkup.LNK
[2010/09/18 13:38:35 | 001,309,203 | ---- | M] () -- C:\Users\Sharon\Desktop\malware_removal_guide.pdf
[2010/09/18 12:58:19 | 000,001,412 | ---- | M] () -- C:\Users\Sharon\Desktop\Trend Micro Titanium Maximum Security.lnk
[2010/09/18 12:47:35 | 000,284,752 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmwfp.sys
[2010/09/18 12:47:35 | 000,189,520 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmcomm.sys
[2010/09/18 12:47:35 | 000,143,952 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmlwf.sys
[2010/09/18 12:47:35 | 000,092,112 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmtdi.sys
[2010/09/18 12:47:35 | 000,080,464 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmactmon.sys
[2010/09/18 12:47:35 | 000,064,080 | ---- | M] (Trend Micro Inc.) -- C:\windows\System32\drivers\tmevtmgr.sys
[2010/09/18 12:19:02 | 057,554,555 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TTi_HE_Download_32bit.exe
[2010/09/18 12:14:18 | 000,001,378 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/18 11:29:40 | 000,524,288 | -HS- | M] () -- C:\Users\Sharon\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/18 11:29:40 | 000,524,288 | -HS- | M] () -- C:\Users\Sharon\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 11:29:40 | 000,065,536 | -HS- | M] () -- C:\Users\Sharon\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/18 11:22:56 | 000,000,020 | ---- | M] () -- C:\windows\8ú„
[2010/09/18 10:57:24 | 000,000,020 | -HS- | M] () -- C:\Users\Sharon\ntuser.ini
[2010/09/15 14:52:16 | 005,096,448 | ---- | M] () -- C:\Users\Sharon\Documents\Outlook.pst
[2010/07/02 09:18:46 | 000,000,172 | ---- | M] () -- C:\windows\System32\drivers\NortonPCCheckup\0200040.083\isolate.ini

========== Files Created - No Company Name ==========

[2010/09/23 05:34:35 | 000,000,036 | ---- | C] () -- C:\Users\Sharon\AppData\Local\housecall.guid.cache
[2010/09/23 03:47:47 | 000,284,915 | ---- | C] () -- C:\Users\Sharon\Desktop\gmer.zip
[2010/09/23 03:45:49 | 000,000,846 | ---- | C] () -- C:\Users\Sharon\Desktop\ERUNT.lnk
[2010/09/22 15:16:51 | 000,738,602 | ---- | C] () -- C:\Users\Sharon\Documents\postcharges.pdf
[2010/09/21 18:32:39 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/09/21 17:29:15 | 000,002,693 | ---- | C] () -- C:\Users\Sharon\Desktop\Microsoft Office Outlook 2007.lnk
[2010/09/21 14:23:45 | 000,000,431 | ---- | C] () -- C:\windows\MYOBP.INI
[2010/09/21 14:23:45 | 000,000,042 | ---- | C] () -- C:\windows\MYOB.INI
[2010/09/21 14:17:21 | 000,000,663 | ---- | C] () -- C:\windows\openrda.ini
[2010/09/21 14:17:05 | 000,000,000 | ---- | C] () -- C:\windows\drvxl32.INI
[2010/09/21 14:17:03 | 000,000,000 | ---- | C] () -- C:\windows\drvwd32.INI
[2010/09/21 14:16:26 | 000,001,599 | ---- | C] () -- C:\Users\Public\Desktop\MYOB AccountRight Premier v19.lnk
[2010/09/21 13:15:20 | 005,096,448 | ---- | C] () -- C:\Users\Sharon\Documents\Outlook.pst
[2010/09/21 07:52:04 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP Navigator EX 3.0.lnk
[2010/09/21 07:51:00 | 000,012,544 | ---- | C] () -- C:\windows\System32\CNC173CD.TBL
[2010/09/20 22:39:07 | 000,000,175 | ---- | C] () -- C:\ProgramData\OutlookFail.20100920.log
[2010/09/20 21:17:10 | 000,001,074 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2010/09/20 10:13:47 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Optus Wireless Broadband.lnk
[2010/09/20 10:02:13 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/09/19 03:22:29 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/09/19 03:13:25 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\HDMI Out.lnk
[2010/09/19 03:10:12 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/09/19 03:08:40 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2010/09/19 03:05:56 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010/09/19 03:05:56 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010/09/19 03:05:56 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010/09/19 03:05:56 | 000,000,096 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010/09/19 03:02:49 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/09/19 02:50:37 | 2388,287,488 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/18 14:44:32 | 000,002,251 | ---- | C] () -- C:\Users\Public\Desktop\Norton PC Checkup.LNK
[2010/09/18 14:44:29 | 000,000,172 | ---- | C] () -- C:\windows\System32\drivers\NortonPCCheckup\0200040.083\isolate.ini
[2010/09/18 13:38:35 | 001,309,203 | ---- | C] () -- C:\Users\Sharon\Desktop\malware_removal_guide.pdf
[2010/09/18 12:58:10 | 000,001,412 | ---- | C] () -- C:\Users\Sharon\Desktop\Trend Micro Titanium Maximum Security.lnk
[2010/09/18 12:14:18 | 000,001,378 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/18 11:22:56 | 000,000,020 | ---- | C] () -- C:\windows\8ú„
[2010/09/18 10:57:24 | 000,524,288 | -HS- | C] () -- C:\Users\Sharon\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/09/18 10:57:24 | 000,524,288 | -HS- | C] () -- C:\Users\Sharon\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/09/18 10:57:24 | 000,262,144 | -HS- | C] () -- C:\Users\Sharon\ntuser.dat.LOG1
[2010/09/18 10:57:24 | 000,065,536 | -HS- | C] () -- C:\Users\Sharon\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/09/18 10:57:24 | 000,000,290 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/09/18 10:57:24 | 000,000,272 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/09/18 10:57:24 | 000,000,020 | -HS- | C] () -- C:\Users\Sharon\ntuser.ini
[2010/09/18 10:57:24 | 000,000,000 | -HS- | C] () -- C:\Users\Sharon\ntuser.dat.LOG2
[2010/09/18 10:57:23 | 002,621,440 | -HS- | C] () -- C:\Users\Sharon\NTUSER.DAT
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/04/28 21:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll
[2008/10/08 02:13:30 | 000,197,912 | ---- | C] () -- C:\windows\System32\physxcudart_20.dll
[2008/10/08 02:13:22 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/08 02:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSwedish.dll
[2008/10/08 02:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSpanish.dll
[2008/10/08 02:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/08 02:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelPortugese.dll
[2008/10/08 02:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelKorean.dll
[2008/10/08 02:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelJapanese.dll
[2008/10/08 02:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelGerman.dll
[2008/10/08 02:13:20 | 000,058,648 | ---- | C] () -- C:\windows\System32\AgCPanelFrench.dll
[2006/05/05 18:26:00 | 000,335,872 | ---- | C] () -- C:\windows\System32\ctreestd.dll
[2000/01/31 08:02:00 | 000,047,104 | ---- | C] () -- C:\windows\System32\Wh2Robo.dll

========== LOP Check ==========

[2010/09/18 14:44:34 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Tific
[2010/09/18 11:14:47 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Toshiba
[2009/07/14 14:53:46 | 000,007,916 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/06/11 07:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/07/14 11:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009/08/21 13:40:08 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/11 07:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/09/23 02:55:32 | 2388,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/23 02:55:34 | 3184,386,048 | -HS- | M] () -- C:\pagefile.sys
[2010/09/23 05:45:59 | 000,000,432 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2009/07/14 14:52:25 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 14:52:25 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 14:52:25 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 14:52:25 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 07:31:19 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/24 05:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9Y.DLL
[2010/04/24 05:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9Y.DLL
[2009/07/14 11:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/14 11:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 14:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010/09/18 12:19:02 | 057,554,555 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\TTi_HE_Download_32bit.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/18 12:14:18 | 000,000,221 | -HS- | M] () -- C:\Users\Sharon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/23 04:28:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 07:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/18 13:14:49 | 000,000,402 | -HS- | M] () -- C:\Users\Sharon\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/09/20 22:39:07 | 000,000,175 | ---- | M] () -- C:\ProgramData\OutlookFail.20100920.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< %SystemRoot%\system32\*.goo >

< %systemroot%\system32\IME\*.* >

< %systemroot%\BackUp\*.* >

< %systemroot%\system32\*.ico >
[2009/06/11 07:17:19 | 000,116,288 | ---- | M] () -- C:\Windows\System32\PerfCenterCpl.ico

< %systemroot%\system\*.dat >

< %systemroot%\system\*.exe >

< %AppData%\Macromedia\Common\*.* >

< %SYSTEMDRIVE%\dir\*.* /s >

< %systemroot%\system32\ras\*.exe >

< %SYSTEMDRIVE%\MFILES\*.* >

< %SYSTEMDRIVE%\mDNSRespon.exe\*.* >

< %systemroot%\system32\services\*.* >

< %systemroot%\Spooler\*.* >

< %ProgramFiles%\system32\*.* >

< %systemroot%\system32\Setup\*.dll /x >

< %systemroot%\system32\*.mine >

< %SYSTEMDRIVE%\cleansweep.exe\*.* >

< %systemroot%\system32\ras\*.dll >

< %systemroot%\system32\ras\*.drv >

< %systemroot%\*.iq >

< %systemroot%\system32\XP\*.* >

< %SYSTEMDRIVE%\Extracted\*.* >

< %systemroot%\system32\windows\*.* >

< %systemroot%\logs\*.* >
[2010/09/19 03:15:27 | 000,051,558 | ---- | M] () -- C:\Windows\Logs\DirectX.log

< %SYSTEMDRIVE%\Win.Msi\*.* >

< %systemroot%\regedit\*.* >

< %systemroot%\system32\skype\*.* >

< %AppData%\Adobe\dlluplwin25\*.* >

< %UserProfile%\*.dat >
[2010/09/23 05:48:11 | 002,621,440 | -HS- | M] () -- C:\Users\Sharon\NTUSER.DAT

< %UserProfile%\*.dll >

< %systemroot%\system32\*.sxo >

< %SYSTEMDRIVE%\Gazma\*.* /s >

< %systemroot%\system32\spynet\*.* >

< %systemroot%\system32\System\*.* >

< %appdata%\Microsoft\Windows\*.* >

< %systemroot%\system32\WinDir\*.* >

< %systemroot%\_\*.* >

< %systemroot%\system32\windows32\*.* >

< %ProgramFiles%\win\*.* >

< %AppData%\Microsoft\CD Burning\*.* >

< %systemroot%\*.cab >

< %systemroot%\K.Backup\*.* >

< %ProgramFiles%\Massenger\*.* >

< %systemroot%\System32\*.doc >

< %systemroot%\Office12\*.* >

< %systemroot%\System32\Rundl32.exe\*.* >

< %ProgramFiles%\yahoo.net\*.* >

< %systemroot%\system32\*.igo >

< %systemroot%\*.rew >

< %systemroot%\System32\spool\DRIVERS\W32X86\3\*.exe >
[2010/04/23 10:39:58 | 000,018,768 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNMSE9Y.EXE
[2010/04/23 10:40:00 | 000,058,192 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNMVS9Y.EXE

< %USERPROFILE%\.COMMgr\*.* >

< %USERPROFILE%\Desktop\*.bat >

< %PROGRAMFILES%\Common Files\Real\visualizations\*.* >

< %PROGRAMFILES%\Internet Explorer\*.Jmp >

< %PROGRAMFILES%\Windows NT\system\*.dll >

< %systemroot%\system32\*.ext >

< %systemroot%\system32\Com\*.cfg >

< %systemroot%\system32\btz\*.* >

< %systemroot%\system32\EMP\*.* >

< %systemroot%\system32\expo\*.* >

< %systemroot%\system32\inet2\*.* >

< %systemroot%\system32\xrem\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-21 07:24:26

< End of report >

OTL Extras logfile created on: 9/23/2010 5:46:30 AM - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Sharon\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 453.41 Gb Total Space | 419.88 Gb Free Space | 92.60% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NEWLAPTOP
Current User Name: Sharon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{14CD4651-23C3-4D99-9A13-D1DBE4835E16}" = MYOB AccountRight Premier v19.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™ Maximum Security
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"284D9B4A58796481EC5A61D01DCC5E654761629C" = ENE CIR Receiver Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{14CD4651-23C3-4D99-9A13-D1DBE4835E16}" = MYOB AccountRight Premier v19.5
"InstallShield_{342126B2-10D5-409E-884B-245347A497E1}" = TOSHIBA Bulletin Board
"InstallShield_{42451051-52B5-4D74-920A-BB49861D7253}" = TOSHIBA ReelTime
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{55D5A77E-FAAA-4358-B3E5-6565E024F78B}" = MYOB ODBC Direct v10 AUS
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NortonPCCheckup" = Norton PC Checkup
"NVIDIA Drivers" = NVIDIA Drivers
"Optus Wireless Broadband" = Optus Wireless Broadband
"PROHYBRIDR" = 2007 Microsoft Office system
"PROR" = Microsoft Office Professional 2007
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/22/2010 10:57:40 AM | Computer Name = newlaptop | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary SASDIFSV. System Error: The system cannot find the file specified. .

Error - 9/22/2010 12:46:34 PM | Computer Name = newlaptop | Source = Application Error | ID = 1000
Description = Faulting application name: avguard.exe, version: 10.0.1.44, time stamp:
0x4bb47bae Faulting module name: MSVCR90.dll, version: 9.0.30729.4926, time stamp:
0x4a1743c1 Exception code: 0xc0000417 Fault offset: 0x0006c955 Faulting process id:
0x720 Faulting application start time: 0x01cb5a6c820e750b Faulting application path:
C:\Program Files\Avira\AntiVir Desktop\avguard.exe Faulting module path: C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\MSVCR90.dll
Report
Id: f500a798-c668-11df-a83d-002622f12cd4

Error - 9/22/2010 1:24:43 PM | Computer Name = newlaptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 974 Start
Time: 01cb5a7ac732b8da Termination Time: 32 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 9/22/2010 2:26:33 PM | Computer Name = newlaptop | Source = Application Hang | ID = 1002
Description = The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c98 Start
Time: 01cb5a83a236b8f1 Termination Time: 0 Application Path: C:\windows\system32\NOTEPAD.EXE

Report
Id: eab60591-c676-11df-bf47-002622f12cd4

Error - 9/22/2010 2:27:39 PM | Computer Name = newlaptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 15e8 Start
Time: 01cb5a7d1661d28e Termination Time: 0 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 9/22/2010 2:52:33 PM | Computer Name = newlaptop | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.14.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: c74 Start Time:
01cb5a86389bb6a8 Termination Time: 16 Application Path: C:\Users\Sharon\Desktop\OTL.exe

Report
Id: 8c25c62d-c67a-11df-bf47-002622f12cd4

Error - 9/22/2010 2:59:51 PM | Computer Name = newlaptop | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.14.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1288 Start Time:
01cb5a872d878fe1 Termination Time: 16 Application Path: C:\Users\Sharon\Desktop\OTL.exe

Report
Id: 91f13d6f-c67b-11df-bf47-002622f12cd4

Error - 9/22/2010 3:00:44 PM | Computer Name = newlaptop | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10d4 Start
Time: 01cb5a83de811361 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: b0bf8b9f-c67b-11df-bf47-002622f12cd4

Error - 9/22/2010 3:03:13 PM | Computer Name = newlaptop | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.14.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 5f4 Start Time:
01cb5a88628850b6 Termination Time: 31 Application Path: C:\Users\Sharon\Desktop\OTL.exe

Report
Id: 09934538-c67c-11df-bf47-002622f12cd4

Error - 9/22/2010 3:44:57 PM | Computer Name = newlaptop | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.14.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 9f0 Start Time:
01cb5a8e7751a30e Termination Time: 15 Application Path: C:\Users\Sharon\Desktop\OTL.exe

Report
Id:

[ System Events ]
Error - 9/17/2010 9:16:59 PM | Computer Name = newlaptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Norton Internet Security service.

< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-23 05:55:48
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Sharon\AppData\Local\Temp\kwlyypod.sys

---- System - GMER 1.0.15 ----

SSDT 8A92FB00 ZwCreateKey
SSDT 8A975A60 ZwCreateMutant
SSDT 8A92E600 ZwCreateProcess
SSDT 8A92E900 ZwCreateProcessEx
SSDT 8A975E20 ZwCreateSymbolicLinkObject
SSDT 8A9753A0 ZwCreateThread
SSDT 8A975580 ZwCreateThreadEx
SSDT 8A92EC00 ZwCreateUserProcess
SSDT 8A930100 ZwDeleteKey
SSDT 8A930A00 ZwDeleteValueKey
SSDT 8A976000 ZwDuplicateObject
SSDT 8A975760 ZwLoadDriver
SSDT 8A92EF00 ZwOpenProcess
SSDT 8A975020 ZwOpenSection
SSDT 8A92F200 ZwOpenThread
SSDT 8A930400 ZwRenameKey
SSDT 8A930700 ZwRestoreKey
SSDT 8A975C40 ZwSetSystemInformation
SSDT 8A92FE00 ZwSetValueKey
SSDT 8A92F500 ZwTerminateProcess
SSDT 8A92F800 ZwTerminateThread
SSDT 8A9751C0 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83838AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83838104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838383F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838212D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83820898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838381DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83838958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838386F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83838F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838391A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83451599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83475F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 308 8347D818 4 Bytes [00, FB, 92, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 318 8347D828 4 Bytes [60, 5A, 97, 8A]
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 8347D83C 8 Bytes [00, E6, 92, 8A, 00, E9, 92, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 348 8347D858 12 Bytes [20, 5E, 97, 8A, A0, 53, 97, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 8347D874 4 Bytes [00, EC, 92, 8A]
.text ...
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8BF49000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8BF8E000, 0x3DC, 0x48000040]
.text peauth.sys 9CB2CC9D 28 Bytes [4F, E6, F9, FB, B6, 79, 1C, ...]
.text peauth.sys 9CB2CCC1 28 Bytes [4F, E6, F9, FB, B6, 79, 1C, ...]
PAGE peauth.sys 9CB32B9B 72 Bytes [E7, 3D, 7C, A2, B1, A1, B3, ...]
PAGE peauth.sys 9CB32BEC 111 Bytes [D0, B7, 25, 13, 27, C0, 72, ...]
PAGE peauth.sys 9CB3302C 102 Bytes [07, 31, 4E, C5, 8B, 4C, F3, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!UnhookWindowsHookEx 76E3CC7B 5 Bytes JMP 6CFE835E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!CallNextHookEx 76E3CC8F 5 Bytes JMP 6CFC9D5C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!CreateWindowExW 76E40E51 5 Bytes JMP 6CFD8157 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!SetWindowsHookExW 76E4210A 5 Bytes JMP 6CF84633 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamW 76E64AA7 5 Bytes JMP 6D0FF970 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxParamW 76E6564A 5 Bytes JMP 6CEF4BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxParamA 76E7CF6A 5 Bytes JMP 6D0FF90D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!DialogBoxIndirectParamA 76E7D29C 5 Bytes JMP 6D0FF9D3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxIndirectA 76E8E8C9 5 Bytes JMP 6D0FF8A2 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxIndirectW 76E8E9C3 5 Bytes JMP 6D0FF837 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxExA 76E8EA29 5 Bytes JMP 6D0FF7D5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] USER32.dll!MessageBoxExW 76E8EA4D 5 Bytes JMP 6D0FF773 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] ole32.dll!OleLoadFromStream 76345B88 5 Bytes JMP 6D0FFCCE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5104] ole32.dll!CoCreateInstance 763957FC 5 Bytes JMP 6CFD8C45 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!UnhookWindowsHookEx 76E3CC7B 5 Bytes JMP 6CFE835E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CallNextHookEx 76E3CC8F 5 Bytes JMP 6CFC9D5C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!CreateWindowExW 76E40E51 5 Bytes JMP 6CFD8157 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!SetWindowsHookExW 76E4210A 5 Bytes JMP 6CF84633 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamW 76E64AA7 5 Bytes JMP 6D0FF970 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamW 76E6564A 5 Bytes JMP 6CEF4BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxParamA 76E7CF6A 5 Bytes JMP 6D0FF90D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!DialogBoxIndirectParamA 76E7D29C 5 Bytes JMP 6D0FF9D3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectA 76E8E8C9 5 Bytes JMP 6D0FF8A2 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxIndirectW 76E8E9C3 5 Bytes JMP 6D0FF837 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExA 76E8EA29 5 Bytes JMP 6D0FF7D5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] USER32.dll!MessageBoxExW 76E8EA4D 5 Bytes JMP 6D0FF773 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!OleLoadFromStream 76345B88 5 Bytes JMP 6D0FFCCE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5276] ole32.dll!CoCreateInstance 763957FC 5 Bytes JMP 6CFD8C45 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!UnhookWindowsHookEx 76E3CC7B 5 Bytes JMP 6CFE835E C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CallNextHookEx 76E3CC8F 5 Bytes JMP 6CFC9D5C C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!CreateWindowExW 76E40E51 5 Bytes JMP 6CFD8157 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!SetWindowsHookExW 76E4210A 5 Bytes JMP 6CF84633 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DialogBoxIndirectParamW 76E64AA7 5 Bytes JMP 6D0FF970 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DialogBoxParamW 76E6564A 5 Bytes JMP 6CEF4BA7 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DialogBoxParamA 76E7CF6A 5 Bytes JMP 6D0FF90D C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!DialogBoxIndirectParamA 76E7D29C 5 Bytes JMP 6D0FF9D3 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!MessageBoxIndirectA 76E8E8C9 5 Bytes JMP 6D0FF8A2 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!MessageBoxIndirectW 76E8E9C3 5 Bytes JMP 6D0FF837 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!MessageBoxExA 76E8EA29 5 Bytes JMP 6D0FF7D5 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] USER32.dll!MessageBoxExW 76E8EA4D 5 Bytes JMP 6D0FF773 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] ole32.dll!OleLoadFromStream 76345B88 5 Bytes JMP 6D0FFCCE C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5780] ole32.dll!CoCreateInstance 763957FC 5 Bytes JMP 6CFD8C45 C:\windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\[email protected]:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\[email protected]:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk 1

---- EOF - GMER 1.0.15 ----

#1
sms77

Posted 22 September 2010 - 02:19 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us