Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

background change, redirects, McAfee?, pop-ups

Started by rt60 , Feb 27 2011 10:42 AM

Please log in to reply

#1
rt60

Posted 27 February 2011 - 10:42 AM

Member

Member
55 posts

I'm posting this for my dad. His laptop seems to have several types of infections/issue. His desktop background has been changed to a blue screen with red and white text that say, among other things: "Warning! You're in danger! Your computer is infected with spyware!" I'm noticing re-directs when I click on links online and pop-ups when I hover the mouse over words on the screen. I had MSE installed, and it looks as if it has somehow uninstalled. There's a McAfee button on the toolbar that I hadn't noticed before and the search engine keeps trying to automatically change.

OTL logfile created on: 2/27/2011 11:34:47 AM - Run 1
OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\roger\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 74.42 Gb Free Space | 67.46% Space Free | Partition Type: NTFS

Computer Name: ROGER-PC | User Name: roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 11:33:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\roger\Desktop\OTL.exe
PRC - [2011/02/26 10:35:52 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/18 22:15:57 | 001,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/11/20 19:04:16 | 000,218,496 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil9e.exe
PRC - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/25 21:45:42 | 000,468,600 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\IVP\ISM\Ivpsvmgr.exe
PRC - [2007/01/10 00:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/02/27 11:33:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\roger\Desktop\OTL.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/01/04 19:30:16 | 000,822,048 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0163341298822543mcinst.exe -- (0163341298822543mcinstcleanup) McAfee Application Installer Cleanup (0163341298822543)
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/02/18 22:15:57 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/31 16:11:42 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/12 22:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 00:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/02/27 09:25:24 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84B7A2B7-BAF3-4480-8020-D27E4DF1B64C}\MpKslc3c3e868.sys -- (MpKslc3c3e868)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/02/18 22:16:48 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/01/25 19:24:56 | 000,764,416 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/05/15 04:00:00 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/05/15 04:00:00 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVENG.SYS -- (NAVENG)
DRV - [2007/04/30 16:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/02/01 05:21:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/11 21:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/01/11 21:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/11 21:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/01/09 17:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 17:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/12/28 01:48:26 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 00:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 00:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49362

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/27 11:27:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [jswtrayutil] File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\RunOnce: [lKlDaCg08200] C:\ProgramData\lKlDaCg08200\lKlDaCg08200.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.64.126.27 68.64.126.28
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/27 11:33:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\roger\Desktop\OTL.exe
[2011/02/27 11:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/02/27 11:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/02/27 02:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\lKlDaCg08200
[2011/02/26 19:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2011/02/24 14:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2011/02/24 14:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/24 14:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/02/24 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\TOSHIBA
[2011/02/24 03:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/18 21:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/13 03:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/02/12 01:59:43 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Adobe
[2011/02/12 00:04:15 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Microsoft Games
[2011/02/10 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/02/10 21:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/10 20:42:18 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Macromedia
[2011/02/10 20:41:13 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Adobe
[2011/02/10 20:40:04 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Google
[2011/02/10 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Toshiba
[2011/02/10 20:38:24 | 000,000,000 | ---D | C] -- C:\Users\roger\Documents\My Google Gadgets
[2011/02/10 20:38:15 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Google
[2011/02/10 20:37:43 | 000,000,000 | R--D | C] -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/10 20:37:43 | 000,000,000 | R--D | C] -- C:\Users\roger\Searches
[2011/02/10 20:37:43 | 000,000,000 | R--D | C] -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Identities
[2011/02/10 20:37:23 | 000,000,000 | R--D | C] -- C:\Users\roger\Contacts
[2011/02/10 20:37:21 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\VirtualStore
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\AppData\Local\Temporary Internet Files
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Templates
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Start Menu
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\SendTo
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Recent
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\PrintHood
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\NetHood
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Documents\My Videos
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Documents\My Pictures
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Documents\My Music
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\My Documents
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Local Settings
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\AppData\Local\History
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Cookies
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Application Data
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\AppData\Local\Application Data
[2011/02/10 20:37:01 | 000,000,000 | --SD | C] -- C:\Users\roger\AppData\Roaming\Microsoft
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Videos
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Saved Games
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Pictures
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Music
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Links
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Favorites
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Downloads
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Documents
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Desktop
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/10 20:37:01 | 000,000,000 | -H-D | C] -- C:\Users\roger\AppData
[2011/02/10 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Temp
[2011/02/10 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Microsoft
[2011/02/10 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Media Center Programs
[2011/02/10 18:10:17 | 000,020,352 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys
[2011/02/10 18:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Jumpstart
[2011/02/10 18:08:12 | 000,764,416 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/02/10 18:08:12 | 000,764,416 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2011/02/10 18:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/02/10 18:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/02/10 18:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared
[2011/02/10 18:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER
[2011/02/10 18:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2011/02/10 17:53:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/02/10 17:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/02/10 17:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/02/10 17:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/02/10 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/02/10 17:44:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/02/10 17:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/02/10 17:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/02/10 17:38:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/10 17:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/10 17:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/02/10 17:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/02/10 17:34:21 | 000,000,000 | ---D | C] -- C:\WORKSSETUP
[2011/02/10 17:26:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/10 17:21:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/27 11:33:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\roger\Desktop\OTL.exe
[2011/02/27 11:27:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/27 09:32:45 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/27 09:32:45 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/27 09:25:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 09:25:12 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/27 09:25:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/27 09:24:23 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/27 01:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/26 19:10:32 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/02/26 19:10:32 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/20 02:43:17 | 000,000,192 | ---- | M] () -- C:\Users\roger\Desktop\Netflix.url
[2011/02/18 23:26:51 | 000,006,024 | ---- | M] () -- C:\Windows\machine.ver
[2011/02/18 21:16:19 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/13 09:20:54 | 000,326,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/10 21:01:16 | 000,003,584 | ---- | M] () -- C:\Users\roger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 20:39:41 | 000,000,104 | ---- | M] () -- C:\Users\roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2011/02/10 20:39:23 | 000,000,104 | ---- | M] () -- C:\Users\roger\Desktop\Internet - Shortcut.lnk
[2011/02/10 20:37:25 | 000,000,017 | RHS- | M] () -- C:\Windows\System32\drivers\fbd.sys
[2011/02/10 18:30:56 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/02/10 18:05:35 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\TOSHIBA DVD PLAYER.lnk
[2011/02/10 18:03:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
[2011/02/10 18:00:42 | 000,014,596 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/02/10 17:48:21 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/02/10 17:19:31 | 000,000,004 | RHS- | M] () -- C:\Windows\System32\drivers\taishop.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/24 14:26:46 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011/02/24 14:26:46 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/02/24 03:00:50 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 03:00:50 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 03:00:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/20 02:43:16 | 000,000,192 | ---- | C] () -- C:\Users\roger\Desktop\Netflix.url
[2011/02/18 23:26:51 | 000,006,024 | ---- | C] () -- C:\Windows\machine.ver
[2011/02/18 21:16:19 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/18 21:15:38 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/13 03:54:29 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/13 03:54:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/13 03:54:26 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/02/12 16:42:23 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/02/12 16:37:11 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/02/10 21:01:13 | 000,003,584 | ---- | C] () -- C:\Users\roger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 20:45:10 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/10 20:45:08 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/10 20:39:41 | 000,000,104 | ---- | C] () -- C:\Users\roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2011/02/10 20:39:23 | 000,000,104 | ---- | C] () -- C:\Users\roger\Desktop\Internet - Shortcut.lnk
[2011/02/10 20:37:44 | 000,000,960 | ---- | C] () -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/10 20:37:42 | 000,000,955 | ---- | C] () -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/02/10 20:37:25 | 000,000,017 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2011/02/10 20:37:23 | 000,000,926 | ---- | C] () -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/02/10 20:37:01 | 000,000,258 | ---- | C] () -- C:\Users\roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/10 20:37:01 | 000,000,240 | ---- | C] () -- C:\Users\roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/10 18:08:12 | 000,104,008 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2011/02/10 18:08:12 | 000,032,503 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2011/02/10 18:05:35 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA DVD PLAYER.lnk
[2011/02/10 18:03:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
[2011/02/10 18:00:42 | 000,014,596 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/02/10 17:59:30 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/10 17:52:41 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\TOSHIBA Direct.lnk
[2011/02/10 17:52:41 | 000,001,673 | ---- | C] () -- C:\Users\Public\Desktop\FREE Web Site.lnk
[2011/02/10 17:52:41 | 000,001,648 | ---- | C] () -- C:\Users\Public\Desktop\PhotoWorks.lnk
[2011/02/10 17:52:41 | 000,001,637 | ---- | C] () -- C:\Users\Public\Desktop\Get 15 Free Photo Prints.lnk
[2011/02/10 17:52:41 | 000,001,618 | ---- | C] () -- C:\Users\Public\Desktop\Lojack for Laptops.lnk
[2011/02/10 17:52:41 | 000,001,618 | ---- | C] () -- C:\Users\Public\Desktop\eMusic.lnk
[2011/02/10 17:52:41 | 000,001,609 | ---- | C] () -- C:\Users\Public\Desktop\Vongo.lnk
[2011/02/10 17:52:41 | 000,001,609 | ---- | C] () -- C:\Users\Public\Desktop\Voice & Video Calls.lnk
[2011/02/10 17:48:21 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office - 60 Day Trial.lnk
[2011/02/10 17:37:28 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/02/10 17:36:54 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/02/10 17:19:31 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 14:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 14:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 14:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 14:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 14:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 14:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 14:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/20 14:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/20 14:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/18 21:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 21:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 21:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 21:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 21:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 21:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 20:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,326,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/02/24 13:39:58 | 000,000,000 | ---D | M] -- C:\Users\roger\AppData\Roaming\TOSHIBA
[2011/02/27 02:40:44 | 000,019,810 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Edited by rt60, 27 February 2011 - 11:15 AM.

#2
RKinner

Posted 02 March 2011 - 01:18 PM

Malware Expert

Expert
24,625 posts

You are running two anti-viruses, Norton/Symantec & MSSE. You need to remove one since they fight each other. I vote to remove Symantec since it is probably an expired subscription.
Uninstall it then run the Norton Removal tool:
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

There should be an entry for McAfee SiteAdvisor in the Add/Remove Programs list. This is something you get foisted on you when you try and upgrade Adobe products so I would remove it.

Copy the text in the code box by highlighting and Ctrl + c



:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49362
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [jswtrayutil] File not found
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKCU..\RunOnce: [lKlDaCg08200] C:\ProgramData\lKlDaCg08200\lKlDaCg08200.exe ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

:Files
C:\ProgramData\lKlDaCg08200
     
:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

then run OTL (right click and Run As Administrator) and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL (right click and Run As Administrator) again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administratorto start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and right click and Run As Administrator. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Download and Save
http://support.kaspe.../tdsskiller.exe

Right click on it and Run As Administrator.

Copy and Paste the report it creates.

Ron

#3
rt60

Posted 02 March 2011 - 08:27 PM

Member

Topic Starter
Member
55 posts

- Uninstalled Symantec, but didn't run the Norton Removal Tool after re-start because virus is keeping IE from opening.
- Uninstalled McAfee SiteAdvisor using Add/Remove.
- Had to change OTL file from .exe to .scr before it would be allowed to open (same issue as IE).
- Changed IE from .exe to .scr also and was able to run the Norton Removal tool that way, then restarted.
- Add/Remove Program approach does not seem to have removed McAfee SiteAdvistor completely. It's gone from the list, but still appears on the toolbar.
- Performed the OTL fix.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HWSetup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jswtrayutil deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NDSTray.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lKlDaCg08200 not found.
File C:\ProgramData\lKlDaCg08200\lKlDaCg08200.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== FILES ==========
C:\ProgramData\lKlDaCg08200 folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: roger
->Temp folder emptied: 87314942 bytes
->Temporary Internet Files folder emptied: 56805908 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9063 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24191409 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8010249 bytes

Total Files Cleaned = 168.00 mb

OTL by OldTimer - Version 3.2.22.1 log created on 03022011_194601

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP000000030335F52FC90A6ABA not found!

Registry entries deleted on Reboot...

- Selected 'All' for the next running of OTL

OTL logfile created on: 3/2/2011 7:50:14 PM - Run 2
OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\roger\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 72.48 Gb Free Space | 65.69% Space Free | Partition Type: NTFS

Computer Name: ROGER-PC | User Name: roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/27 11:33:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\roger\Desktop\OTL.scr.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 21:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 19:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/01/22 17:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 19:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/06/16 00:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2006/11/06 20:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

========== Modules (SafeList) ==========

MOD - [2011/02/27 11:33:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\roger\Desktop\OTL.scr.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 16:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 19:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 20:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)

========== Driver Services (SafeList) ==========

DRV - [2011/03/02 19:49:11 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF5263EF-3F11-48E0-8105-5DA3BD90D158}\MpKsld165a2be.sys -- (MpKsld165a2be)
DRV - [2011/03/02 19:43:15 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF5263EF-3F11-48E0-8105-5DA3BD90D158}\MpKsl0aafb203.sys -- (MpKsl0aafb203)
DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/01/25 19:24:56 | 000,764,416 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/04/30 16:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 00:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 00:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 19:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/27 11:27:08 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/03/02 19:46:15 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.64.126.27 68.64.126.28
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/02 19:46:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/02 19:16:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/27 11:33:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\roger\Desktop\OTL.scr.exe
[2011/02/27 11:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2011/02/27 11:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/02/24 14:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/02/24 13:39:58 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\TOSHIBA
[2011/02/24 03:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/02/24 03:01:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011/02/24 03:01:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011/02/24 03:00:59 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011/02/24 03:00:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011/02/24 03:00:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011/02/24 03:00:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011/02/24 03:00:56 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011/02/24 03:00:56 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011/02/24 03:00:56 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011/02/24 03:00:56 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011/02/24 03:00:55 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011/02/24 03:00:48 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011/02/24 03:00:48 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011/02/24 03:00:47 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011/02/24 03:00:47 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2011/02/24 03:00:47 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011/02/18 21:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/15 03:01:49 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2011/02/15 03:01:49 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2011/02/15 03:01:49 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2011/02/14 11:47:30 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2011/02/14 11:43:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/02/13 03:54:29 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2011/02/13 03:54:29 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2011/02/13 03:54:27 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2011/02/13 03:54:27 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2011/02/13 03:54:27 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2011/02/13 03:54:27 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2011/02/13 03:54:27 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2011/02/13 03:54:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2011/02/13 03:54:27 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2011/02/13 03:54:26 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2011/02/13 03:54:26 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2011/02/13 03:54:26 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2011/02/13 03:54:26 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2011/02/13 03:54:26 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011/02/13 03:54:26 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2011/02/13 03:54:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2011/02/13 03:54:26 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2011/02/13 03:54:26 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2011/02/13 03:54:25 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011/02/13 03:54:25 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011/02/13 03:54:25 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011/02/13 03:54:25 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011/02/13 03:54:25 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011/02/13 03:52:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2011/02/13 03:47:46 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011/02/13 03:47:46 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2011/02/13 03:47:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/02/13 03:47:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/02/13 03:47:42 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/02/13 03:47:42 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/02/13 03:13:49 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2011/02/13 03:13:48 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2011/02/13 03:13:47 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2011/02/13 03:13:47 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2011/02/13 03:13:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2011/02/13 03:13:46 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2011/02/13 03:06:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2011/02/13 03:06:38 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2011/02/13 03:04:13 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2011/02/13 03:04:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2011/02/12 17:43:05 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2011/02/12 17:43:02 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2011/02/12 17:42:51 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2011/02/12 16:44:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2011/02/12 16:44:03 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2011/02/12 16:43:51 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2011/02/12 16:43:28 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011/02/12 16:43:25 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/02/12 16:43:13 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2011/02/12 16:43:13 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2011/02/12 16:43:13 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2011/02/12 16:43:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2011/02/12 16:43:13 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2011/02/12 16:43:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2011/02/12 16:43:13 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2011/02/12 16:42:26 | 002,038,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/12 16:42:22 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2011/02/12 16:42:22 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2011/02/12 16:42:22 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2011/02/12 16:42:15 | 003,548,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/12 16:42:14 | 003,600,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/12 16:42:04 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2011/02/12 16:41:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2011/02/12 16:41:53 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/02/12 16:41:53 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2011/02/12 16:41:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2011/02/12 16:41:45 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/12 16:41:35 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2011/02/12 16:41:35 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2011/02/12 16:41:29 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2011/02/12 16:41:24 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011/02/12 16:41:21 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2011/02/12 16:41:16 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2011/02/12 16:41:11 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/02/12 16:41:11 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/02/12 16:41:03 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2011/02/12 16:40:43 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2011/02/12 16:40:42 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2011/02/12 16:40:41 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2011/02/12 16:40:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2011/02/12 16:40:37 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/02/12 16:40:31 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2011/02/12 16:40:17 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2011/02/12 16:40:16 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2011/02/12 16:40:16 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2011/02/12 16:40:16 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2011/02/12 16:40:14 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2011/02/12 16:40:14 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2011/02/12 16:40:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2011/02/12 16:40:14 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2011/02/12 16:40:14 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2011/02/12 16:40:02 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2011/02/12 16:39:54 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/02/12 16:39:54 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2011/02/12 16:39:54 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2011/02/12 16:39:54 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2011/02/12 16:39:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2011/02/12 16:39:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/02/12 16:39:54 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2011/02/12 16:39:51 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2011/02/12 16:39:47 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/12 16:39:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2011/02/12 16:39:35 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2011/02/12 16:39:35 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2011/02/12 16:39:35 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2011/02/12 16:39:27 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/02/12 16:39:26 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/02/12 16:39:24 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2011/02/12 16:39:18 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2011/02/12 16:39:13 | 002,452,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/02/12 16:39:09 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/12 16:39:09 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/12 16:39:09 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/02/12 16:39:08 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/12 16:39:08 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/12 16:39:08 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/02/12 16:39:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/12 16:39:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2011/02/12 16:39:08 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/02/12 16:39:07 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/12 16:39:07 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/02/12 16:38:59 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2011/02/12 16:38:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/02/12 16:38:56 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2011/02/12 16:38:54 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2011/02/12 16:38:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/02/12 16:37:58 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2011/02/12 16:37:58 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2011/02/12 16:37:54 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2011/02/12 16:37:54 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2011/02/12 16:37:54 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2011/02/12 16:37:54 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2011/02/12 16:37:54 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2011/02/12 16:37:54 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2011/02/12 16:37:53 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2011/02/12 16:37:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2011/02/12 16:37:53 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2011/02/12 16:37:43 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/12 16:37:43 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2011/02/12 16:37:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/12 16:37:43 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2011/02/12 16:37:36 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2011/02/12 16:37:23 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2011/02/12 16:37:23 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2011/02/12 16:37:21 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2011/02/12 16:37:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2011/02/12 16:37:21 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2011/02/12 16:37:16 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2011/02/12 16:37:11 | 000,595,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2011/02/12 16:37:11 | 000,220,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2011/02/12 16:37:11 | 000,098,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011/02/12 16:37:09 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2011/02/12 16:37:09 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2011/02/12 16:37:06 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2011/02/12 16:36:56 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2011/02/12 16:36:56 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2011/02/12 16:36:56 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2011/02/12 16:36:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2011/02/12 16:36:54 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2011/02/12 16:36:40 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2011/02/12 16:36:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2011/02/12 16:36:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2011/02/12 16:36:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2011/02/12 02:16:18 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/02/12 01:59:43 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Adobe
[2011/02/12 00:04:15 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Microsoft Games
[2011/02/10 21:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011/02/10 21:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/10 20:42:35 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2011/02/10 20:42:35 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2011/02/10 20:42:18 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Macromedia
[2011/02/10 20:42:16 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2011/02/10 20:42:16 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2011/02/10 20:42:16 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2011/02/10 20:41:50 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2011/02/10 20:41:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2011/02/10 20:41:13 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Adobe
[2011/02/10 20:40:04 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Google
[2011/02/10 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Toshiba
[2011/02/10 20:38:24 | 000,000,000 | ---D | C] -- C:\Users\roger\Documents\My Google Gadgets
[2011/02/10 20:38:15 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Google
[2011/02/10 20:37:43 | 000,000,000 | R--D | C] -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/10 20:37:43 | 000,000,000 | R--D | C] -- C:\Users\roger\Searches
[2011/02/10 20:37:43 | 000,000,000 | R--D | C] -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/10 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Identities
[2011/02/10 20:37:23 | 000,000,000 | R--D | C] -- C:\Users\roger\Contacts
[2011/02/10 20:37:21 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\VirtualStore
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\AppData\Local\Temporary Internet Files
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Templates
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Start Menu
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\SendTo
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Recent
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\PrintHood
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\NetHood
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Documents\My Videos
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Documents\My Pictures
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Documents\My Music
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\My Documents
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Local Settings
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\AppData\Local\History
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Cookies
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\Application Data
[2011/02/10 20:37:03 | 000,000,000 | -HSD | C] -- C:\Users\roger\AppData\Local\Application Data
[2011/02/10 20:37:01 | 000,000,000 | --SD | C] -- C:\Users\roger\AppData\Roaming\Microsoft
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Videos
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Saved Games
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Pictures
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Music
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Links
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Favorites
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Downloads
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Documents
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\Desktop
[2011/02/10 20:37:01 | 000,000,000 | R--D | C] -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/10 20:37:01 | 000,000,000 | -H-D | C] -- C:\Users\roger\AppData
[2011/02/10 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Temp
[2011/02/10 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Local\Microsoft
[2011/02/10 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\roger\AppData\Roaming\Media Center Programs
[2011/02/10 18:10:17 | 000,020,352 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys
[2011/02/10 18:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Jumpstart
[2011/02/10 18:08:12 | 000,764,416 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2011/02/10 18:08:12 | 000,764,416 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2011/02/10 18:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2011/02/10 18:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2011/02/10 18:06:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2011/02/10 18:05:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Toshiba Shared
[2011/02/10 18:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER
[2011/02/10 18:04:29 | 000,285,184 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tos_sps32.sys
[2011/02/10 18:03:20 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2011/02/10 18:00:54 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2011/02/10 17:53:13 | 000,920,088 | ---- | C] (Intel® Corporation) -- C:\Windows\System32\igxpun.exe
[2011/02/10 17:53:13 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2011/02/10 17:53:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2011/02/10 17:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2011/02/10 17:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/02/10 17:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/02/10 17:45:01 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2011/02/10 17:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/02/10 17:44:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/02/10 17:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/02/10 17:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/02/10 17:38:23 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/10 17:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/10 17:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
[2011/02/10 17:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2011/02/10 17:34:21 | 000,000,000 | ---D | C] -- C:\WORKSSETUP
[2011/02/10 17:26:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/02/10 17:21:11 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/03/02 19:50:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/02 19:48:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/02 19:48:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/02 19:48:49 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/02 19:48:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/02 19:48:34 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/02 19:47:46 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/02 19:47:46 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/02 19:46:15 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/03/02 19:39:06 | 000,000,239 | ---- | M] () -- C:\Users\roger\Desktop\background change, redirects, McAfee, pop-ups.scr.url
[2011/03/02 19:18:06 | 000,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache
[2011/03/01 13:58:53 | 000,000,215 | ---- | M] () -- C:\Users\roger\Desktop\Netflix Action & Adventure.url
[2011/02/27 11:33:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\roger\Desktop\OTL.scr.exe
[2011/02/20 02:43:17 | 000,000,192 | ---- | M] () -- C:\Users\roger\Desktop\Netflix.exe.url
[2011/02/18 23:26:51 | 000,006,024 | ---- | M] () -- C:\Windows\machine.ver
[2011/02/18 21:16:19 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/02/13 09:20:54 | 000,326,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/10 21:01:16 | 000,003,584 | ---- | M] () -- C:\Users\roger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 20:39:41 | 000,000,104 | ---- | M] () -- C:\Users\roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2011/02/10 20:39:23 | 000,000,104 | ---- | M] () -- C:\Users\roger\Desktop\Internet - Shortcut.lnk
[2011/02/10 20:37:25 | 000,000,017 | RHS- | M] () -- C:\Windows\System32\drivers\fbd.sys
[2011/02/10 18:30:56 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011/02/10 18:03:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
[2011/02/10 18:00:42 | 000,014,596 | ---- | M] () -- C:\Windows\System32\results.xml
[2011/02/10 17:19:31 | 000,000,004 | RHS- | M] () -- C:\Windows\System32\drivers\taishop.sys

========== Files Created - No Company Name ==========

[2011/03/02 19:39:06 | 000,000,239 | ---- | C] () -- C:\Users\roger\Desktop\background change, redirects, McAfee, pop-ups.scr.url
[2011/03/02 19:18:06 | 000,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache
[2011/03/01 13:58:53 | 000,000,215 | ---- | C] () -- C:\Users\roger\Desktop\Netflix Action & Adventure.url
[2011/02/28 18:43:33 | 000,000,405 | ---- | C] () -- C:\Users\roger\Documents\User's Guide.lnk
[2011/02/28 17:29:37 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/24 03:00:50 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 03:00:50 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/24 03:00:50 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/20 02:43:16 | 000,000,192 | ---- | C] () -- C:\Users\roger\Desktop\Netflix.exe.url
[2011/02/18 23:26:51 | 000,006,024 | ---- | C] () -- C:\Windows\machine.ver
[2011/02/18 21:16:19 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/02/18 21:15:38 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/02/13 03:54:29 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/13 03:54:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/02/13 03:54:26 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/02/12 16:42:23 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/02/12 16:37:11 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/02/10 21:01:13 | 000,003,584 | ---- | C] () -- C:\Users\roger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 20:45:10 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/10 20:45:08 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/10 20:39:41 | 000,000,104 | ---- | C] () -- C:\Users\roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet - Shortcut.lnk
[2011/02/10 20:39:23 | 000,000,104 | ---- | C] () -- C:\Users\roger\Desktop\Internet - Shortcut.lnk
[2011/02/10 20:37:44 | 000,000,960 | ---- | C] () -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/10 20:37:42 | 000,000,955 | ---- | C] () -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/02/10 20:37:25 | 000,000,017 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2011/02/10 20:37:23 | 000,000,926 | ---- | C] () -- C:\Users\roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/02/10 20:37:01 | 000,000,258 | ---- | C] () -- C:\Users\roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/02/10 20:37:01 | 000,000,240 | ---- | C] () -- C:\Users\roger\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/10 18:08:12 | 000,104,008 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2011/02/10 18:08:12 | 000,032,503 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2011/02/10 18:03:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_Apfiltr_01001.Wdf
[2011/02/10 18:00:42 | 000,014,596 | ---- | C] () -- C:\Windows\System32\results.xml
[2011/02/10 17:37:28 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2011/02/10 17:36:54 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/02/10 17:19:31 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 14:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 14:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 14:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 14:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 14:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 14:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 14:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/20 14:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/20 14:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/18 21:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 21:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 21:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 21:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 21:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 21:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 20:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 19:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,326,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 17:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 00:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

< End of report >

OTL Extras logfile created on: 3/2/2011 7:50:14 PM - Run 2
OTL by OldTimer - Version 3.2.22.1 Folder = C:\Users\roger\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 72.48 Gb Free Space | 65.69% Space Free | Partition Type: NTFS

Computer Name: ROGER-PC | User Name: roger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2EC00458-417F-4B9B-8DEB-78164E9D1133}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38A6F34C-4585-433A-8F67-E5964AF6FE71}" = protocol=17 | dir=in | app=c:\users\roger\appdata\local\temp\7zs5b87.tmp\symnrt.exe |
"{413D6BA7-7C36-400F-9005-62474C808B5B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4E71DA1C-C679-4320-9FED-2B5C47EE5F60}" = protocol=6 | dir=in | app=c:\users\roger\appdata\local\temp\7zs5b87.tmp\symnrt.exe |
"{9FAD32BA-5FC6-4763-8239-18921DFF3ED1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Picasa2" = Picasa 2
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2011 7:32:37 PM | Computer Name = roger-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/10/2011 9:55:05 PM | Computer Name = roger-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/11/2011 11:35:17 PM | Computer Name = roger-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/12/2011 12:14:43 AM | Computer Name = roger-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18000 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: e50 Start Time: 01cbca6af651a562 Termination Time: 0

Error - 2/12/2011 1:14:36 PM | Computer Name = roger-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/13/2011 10:21:40 AM | Computer Name = roger-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/16/2011 11:40:31 PM | Computer Name = roger-PC | Source = HTTP | ID = 15016
Description =

Error - 2/16/2011 11:41:23 PM | Computer Name = roger-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/17/2011 10:03:14 PM | Computer Name = roger-PC | Source = HTTP | ID = 15016
Description =

Error - 2/17/2011 10:04:11 PM | Computer Name = roger-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/17/2011 10:12:31 PM | Computer Name = roger-PC | Source = DCOM | ID = 10010
Description =

Error - 2/18/2011 1:03:28 AM | Computer Name = roger-PC | Source = DCOM | ID = 10010
Description =

Error - 2/18/2011 9:14:02 PM | Computer Name = roger-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:41:34 AM on 2/18/2011 was unexpected.

Error - 2/18/2011 9:14:06 PM | Computer Name = roger-PC | Source = HTTP | ID = 15016
Description =

Error - 2/18/2011 9:15:06 PM | Computer Name = roger-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 2/18/2011 9:16:38 PM | Computer Name = roger-PC | Source = DCOM | ID = 10010
Description =

< End of report >

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5939

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

3/2/2011 8:51:32 PM
mbam-log-2011-03-02 (20-51-32).txt

Scan type: Full scan (C:\|)
Objects scanned: 255320
Time elapsed: 51 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\g043oqxanu (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

- Upon starting ComboFix, there was never a prompt to install a Recovery Console (though it may have auto-installed?).

ComboFix 11-03-02.01 - roger 03/02/2011 20:58:46.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2038.1028 [GMT -5:00]
Running from: c:\users\roger\Desktop\george.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys

.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-03-03 02:04 . 2011-03-03 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-03 00:57 . 2011-03-03 00:57 -------- d-----w- c:\programdata\Malwarebytes
2011-03-03 00:57 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-03 00:57 . 2011-03-03 00:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-03 00:57 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-03 00:49 . 2011-03-03 00:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF5263EF-3F11-48E0-8105-5DA3BD90D158}\MpKsld165a2be.sys
2011-03-03 00:46 . 2011-03-03 00:46 -------- d-----w- C:\_OTL
2011-03-03 00:43 . 2011-03-03 00:43 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF5263EF-3F11-48E0-8105-5DA3BD90D158}\MpKsl0aafb203.sys
2011-03-02 15:24 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF5263EF-3F11-48E0-8105-5DA3BD90D158}\mpengine.dll
2011-02-27 16:02 . 2011-02-27 16:02 -------- d-----w- c:\program files\Common Files\McAfee
2011-02-27 16:02 . 2011-02-28 16:14 -------- d-----w- c:\program files\McAfee
2011-02-24 19:26 . 2011-02-27 16:02 -------- d-----w- c:\programdata\McAfee
2011-02-24 08:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 08:01 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-19 02:29 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-19 02:29 . 2011-02-19 02:28 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1896A26C-68C8-4F78-BCA8-D76C3015C4F5}\gapaengine.dll
2011-02-19 02:15 . 2011-02-19 02:16 -------- d-----w- c:\program files\Microsoft Security Client
2011-02-19 01:36 . 2011-02-02 22:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{64F69D8B-C33B-48D3-93D4-E491904CAE5D}\mpengine.dll
2011-02-15 08:01 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-15 08:01 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-15 08:01 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-15 08:01 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-15 08:01 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-14 16:47 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-14 16:47 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-14 16:47 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-14 16:47 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-14 16:47 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-14 16:44 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-02-14 16:43 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-02-14 16:05 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-13 08:52 . 2011-02-13 08:52 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-02-13 08:47 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-02-13 08:47 . 2010-04-14 17:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-02-13 08:47 . 2008-04-23 04:41 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-02-13 08:47 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-02-13 08:47 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-02-13 08:47 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2011-02-13 08:36 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-02-13 08:30 . 2011-02-13 08:30 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-02-13 08:13 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-02-13 08:13 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-02-13 08:13 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-02-13 08:13 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-02-13 08:13 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-02-13 08:13 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-02-13 08:06 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-02-13 08:06 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-02-13 08:04 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-13 08:04 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-02-13 08:04 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-12 22:43 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-02-12 22:43 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-02-12 22:42 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2011-02-12 21:44 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2011-02-12 21:44 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-02-12 21:44 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2011-02-12 21:42 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-02-12 21:41 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-02-12 21:40 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2011-02-12 21:39 . 2009-03-03 04:40 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2011-02-12 21:38 . 2008-08-02 03:26 36864 ----a-w- c:\windows\system32\cdd.dll
2011-02-12 21:38 . 2008-08-02 01:01 625152 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-02-12 21:38 . 2008-06-26 03:29 565248 ----a-w- c:\windows\system32\emdmgmt.dll
2011-02-12 21:38 . 2008-06-26 03:29 45056 ----a-w- c:\windows\system32\dataclen.dll
2011-02-12 21:38 . 2008-05-20 02:07 148480 ----a-w- c:\windows\system32\drivers\nwifi.sys
2011-02-12 21:38 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2011-02-12 21:38 . 2008-05-10 01:33 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2011-02-12 21:38 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-12 21:38 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-12 21:36 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-02-12 07:16 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-11 02:12 . 2011-02-15 08:25 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-11 01:50 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-02-11 01:50 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-02-11 01:42 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-02-11 01:42 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-02-11 01:42 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-02-11 01:42 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2011-02-11 01:42 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2011-02-11 01:42 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2011-02-11 01:42 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2011-02-11 01:41 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2011-02-11 01:41 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2011-02-11 01:37 . 2011-02-11 01:37 17 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-02-11 01:37 . 2011-02-11 01:37 -------- d-----w- c:\users\roger
2011-02-10 23:10 . 2007-09-01 01:43 20352 ----a-w- c:\windows\system32\drivers\jswpslwf.sys
2011-02-10 23:10 . 2011-02-10 23:10 -------- d-----w- c:\program files\Jumpstart
2011-02-10 23:08 . 2011-02-10 23:08 -------- d-----w- c:\program files\Atheros
2011-02-10 23:08 . 2008-01-26 00:24 764416 ----a-w- c:\windows\system32\drivers\athr.sys
2011-02-10 23:08 . 2008-01-26 00:24 764416 ----a-w- c:\windows\system32\athr.sys
2011-02-10 23:07 . 2011-02-10 23:10 -------- d-----w- c:\programdata\Atheros
2011-02-10 23:06 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-02-10 23:05 . 2011-02-10 23:06 -------- d-----w- c:\program files\Common Files\Toshiba Shared
2011-02-10 23:04 . 2008-01-21 23:42 285184 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-02-10 23:03 . 2011-02-10 23:03 -------- d-----w- c:\program files\Apoint2K
2011-02-10 23:00 . 2007-09-13 23:09 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-02-10 22:53 . 2011-02-10 22:53 -------- d-----w- c:\windows\system32\Lang
2011-02-10 22:53 . 2007-09-20 18:58 920088 ----a-w- c:\windows\system32\igxpun.exe
2011-02-10 22:53 . 2006-11-10 17:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2011-02-10 22:48 . 2011-02-10 22:48 -------- d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2011-02-10 22:48 . 2011-02-10 22:48 -------- d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2011-02-10 22:45 . 2008-11-10 16:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2011-02-10 22:45 . 2006-10-27 03:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-02-10 22:44 . 2011-02-18 02:09 -------- d-----w- c:\program files\Microsoft.NET
2011-02-10 22:44 . 2011-02-10 22:44 -------- d-----w- c:\windows\PCHEALTH
2011-02-10 22:42 . 2011-02-15 08:08 -------- d-----w- c:\programdata\Microsoft Help
2011-02-10 22:38 . 2011-02-10 22:38 -------- d-----r- C:\MSOCache
2011-02-10 22:36 . 2011-02-13 08:37 -------- d-----w- c:\program files\Microsoft Works
2011-02-10 22:34 . 2011-02-10 22:45 -------- d-----w- C:\WORKSSETUP
2011-02-10 22:19 . 2011-02-10 22:19 4 --sh--r- c:\windows\system32\drivers\taishop.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-19 1862144]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 135664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2010-11-24 88176]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S1 MpKsl0aafb203;MpKsl0aafb203;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF5263EF-3F11-48E0-8105-5DA3BD90D158}\MpKsl0aafb203.sys [2011-03-03 28752]
S1 MpKsld165a2be;MpKsld165a2be;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF5263EF-3F11-48E0-8105-5DA3BD90D158}\MpKsld165a2be.sys [2011-03-03 28752]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MPKSLD165A2BE
.
Contents of the 'Scheduled Tasks' folder

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 01:44]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-11 01:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-02 21:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d??l/?????;? ;?X ;?? ;??

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-03-02 21:07:13
ComboFix-quarantined-files.txt 2011-03-03 02:07

Pre-Run: 77,680,668,672 bytes free
Post-Run: 77,407,694,848 bytes free

- - End Of File - - 8BB6C7B6B8E24D2D3DE77B3A59D43591

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A205
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 151):
0x81C47000 \SystemRoot\system32\ntkrnlpa.exe
0x81C14000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80472000 \SystemRoot\system32\PSHED.dll
0x80483000 \SystemRoot\system32\BOOTVID.dll
0x8048B000 \SystemRoot\system32\CLFS.SYS
0x804CC000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8071C000 \SystemRoot\System32\drivers\partmgr.sys
0x8072B000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8072E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80738000 \SystemRoot\system32\drivers\volmgr.sys
0x80747000 \SystemRoot\System32\drivers\volmgrx.sys
0x80791000 \SystemRoot\system32\drivers\intelide.sys
0x80798000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807A6000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807D3000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E3000 \SystemRoot\system32\drivers\atapi.sys
0x805AC000 \SystemRoot\system32\drivers\ataport.SYS
0x807EB000 \SystemRoot\system32\drivers\msahci.sys
0x805CA000 \SystemRoot\system32\drivers\fltmgr.sys
0x82207000 \SystemRoot\system32\drivers\fileinfo.sys
0x82217000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82220000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82291000 \SystemRoot\system32\drivers\ndis.sys
0x8239C000 \SystemRoot\system32\drivers\msrpc.sys
0x82809000 \SystemRoot\system32\drivers\NETIO.SYS
0x82843000 \SystemRoot\System32\drivers\tcpip.sys
0x8292D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82A0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82B1D000 \SystemRoot\system32\drivers\volsnap.sys
0x82B56000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x82B5B000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x82BA6000 \SystemRoot\System32\Drivers\spldr.sys
0x82BAE000 \SystemRoot\System32\Drivers\mup.sys
0x82BBD000 \SystemRoot\System32\drivers\ecache.sys
0x82BE4000 \SystemRoot\system32\drivers\disk.sys
0x82948000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82BF5000 \SystemRoot\system32\drivers\crcdisk.sys
0x8297E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82989000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82992000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B40F000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8BA46000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BAE5000 \SystemRoot\System32\drivers\watchdog.sys
0x8BAF2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8BAFD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8BB3B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BB4A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BB5C000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8BC03000 \SystemRoot\system32\DRIVERS\athr.sys
0x8BCC4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BCD4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BCE2000 \SystemRoot\system32\drivers\tifm21.sys
0x8BD2E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BD48000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BD4C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BD5F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BD6A000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8BD92000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BD9D000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8BDA2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BDBB000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BDC2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8BB74000 \SystemRoot\system32\DRIVERS\storport.sys
0x8BDF0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8BBB5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8BBCC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8BBD7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x829A1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x829B5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x829CA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8BDFB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x823C7000 \SystemRoot\system32\DRIVERS\ks.sys
0x829DA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x829E4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8BE01000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8BE35000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C000000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8BE46000 \SystemRoot\system32\drivers\portcls.sys
0x8BE73000 \SystemRoot\system32\drivers\drmk.sys
0x8BE98000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8C1F5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BFB4000 \SystemRoot\system32\drivers\modem.sys
0x8BFC1000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8C1F7000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x8C1F8000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x8BFE8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C1F9000 \SystemRoot\System32\Drivers\Null.SYS
0x8BFF1000 \SystemRoot\System32\Drivers\Beep.SYS
0x829F1000 \SystemRoot\System32\drivers\vga.sys
0x8C20A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C22B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C233000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C23B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C246000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C254000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C25D000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C273000 \SystemRoot\system32\DRIVERS\smb.sys
0x8C287000 \SystemRoot\system32\drivers\afd.sys
0x8C2CF000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8C301000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8C317000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
0x8C31C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C32A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C33D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C379000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C383000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF5263EF-3F11-48E0-8105-5DA3BD90D158}\MpKsl0aafb203.sys
0x8C389000 \SystemRoot\System32\Drivers\dfsc.sys
0x8C3A0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8C3AD000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8C3B8000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x92EC0000 \SystemRoot\System32\win32k.sys
0x8C3C2000 \SystemRoot\System32\drivers\Dxapi.sys
0x8C3CC000 \SystemRoot\system32\DRIVERS\monitor.sys
0x930E0000 \SystemRoot\System32\TSDDD.dll
0x93100000 \SystemRoot\System32\cdd.dll
0x8C3DB000 \SystemRoot\system32\drivers\luafv.sys
0x82969000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA5A01000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA5A2B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5A35000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA5A48000 \SystemRoot\system32\drivers\spsys.sys
0xA5AF7000 \SystemRoot\system32\drivers\HTTP.sys
0xA5B64000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA5B81000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA5B9A000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA5BAF000 \SystemRoot\system32\drivers\mrxdav.sys
0xA5BCF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6A0D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA6A46000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA6A5E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA6A86000 \SystemRoot\System32\DRIVERS\srv.sys
0xA6AEC000 \SystemRoot\system32\drivers\peauth.sys
0xA6BCA000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA6BD4000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA6BE0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA6BF6000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0xA6AE2000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0xA6AE4000 \??\C:\Users\roger\AppData\Local\Temp\catchme.sys
0xA6A00000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0xA6AD4000 \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABE3A384-C45A-43D6-808F-007AAD10531A}\MpKsl3cb9ad6a.sys
0x77860000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
484 C:\Windows\System32\smss.exe
552 csrss.exe
596 C:\Windows\System32\wininit.exe
604 csrss.exe
644 C:\Windows\System32\services.exe
660 C:\Windows\System32\lsass.exe
668 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\winlogon.exe
860 C:\Windows\System32\svchost.exe
904 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
948 C:\Windows\System32\svchost.exe
980 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1148 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\audiodg.exe
1316 C:\Windows\System32\SLsvc.exe
1352 C:\Windows\System32\svchost.exe
1508 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\dwm.exe
1780 C:\Windows\System32\spoolsv.exe
1788 C:\Windows\System32\taskeng.exe
1856 C:\Windows\System32\svchost.exe
116 C:\Windows\System32\agrsmsvc.exe
268 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
992 C:\Toshiba\IVP\ISM\pinger.exe
1428 C:\Windows\System32\svchost.exe
1876 C:\Toshiba\IVP\swupdate\swupdtmr.exe
2040 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
1684 C:\Windows\System32\TODDSrv.exe
2056 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2084 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2152 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
2188 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2212 C:\Windows\System32\svchost.exe
2244 C:\Windows\System32\SearchIndexer.exe
2504 C:\Windows\System32\taskeng.exe
2888 C:\Windows\System32\igfxtray.exe
2912 C:\Windows\System32\hkcmd.exe
2936 C:\Windows\System32\igfxpers.exe
2952 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
2960 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
2968 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
3008 C:\Program Files\Apoint2K\Apoint.exe
3176 C:\Program Files\Toshiba\Utilities\KeNotify.exe
3184 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
3192 C:\Windows\RtHDVCpl.exe
3200 C:\Program Files\Microsoft Security Client\msseces.exe
3208 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
3216 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3308 C:\Windows\System32\igfxsrvc.exe
3932 C:\Program Files\Apoint2K\ApMsgFwd.exe
1600 WmiPrvSE.exe
3600 C:\Windows\System32\wuauclt.exe
172 C:\Windows\explorer.exe
3040 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
664 C:\Program Files\Internet Explorer\iexplore.exe
3712 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
2804 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
2668 C:\Windows\System32\rundll32.exe
3444 C:\Windows\System32\SearchProtocolHost.exe
3468 C:\Windows\System32\SearchFilterHost.exe
320 C:\Users\roger\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB213M

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

2011/03/02 21:14:31.0289 3664 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/02 21:14:31.0507 3664 ================================================================================
2011/03/02 21:14:31.0507 3664 SystemInfo:
2011/03/02 21:14:31.0507 3664
2011/03/02 21:14:31.0507 3664 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/02 21:14:31.0507 3664 Product type: Workstation
2011/03/02 21:14:31.0507 3664 ComputerName: ROGER-PC
2011/03/02 21:14:31.0507 3664 UserName: roger
2011/03/02 21:14:31.0507 3664 Windows directory: C:\Windows
2011/03/02 21:14:31.0507 3664 System windows directory: C:\Windows
2011/03/02 21:14:31.0507 3664 Processor architecture: Intel x86
2011/03/02 21:14:31.0507 3664 Number of processors: 1
2011/03/02 21:14:31.0507 3664 Page size: 0x1000
2011/03/02 21:14:31.0507 3664 Boot type: Normal boot
2011/03/02 21:14:31.0507 3664 ================================================================================
2011/03/02 21:14:32.0115 3664 Initialize success
2011/03/02 21:14:42.0801 2832 ================================================================================
2011/03/02 21:14:42.0801 2832 Scan started
2011/03/02 21:14:42.0801 2832 Mode: Manual;
2011/03/02 21:14:42.0801 2832 ================================================================================
2011/03/02 21:14:43.0379 2832 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/02 21:14:43.0566 2832 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/02 21:14:43.0753 2832 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/02 21:14:43.0925 2832 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/02 21:14:44.0081 2832 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/02 21:14:44.0283 2832 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/02 21:14:44.0502 2832 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/03/02 21:14:44.0720 2832 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/02 21:14:44.0923 2832 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/02 21:14:45.0095 2832 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/02 21:14:45.0282 2832 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/02 21:14:45.0453 2832 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/02 21:14:45.0641 2832 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/02 21:14:45.0812 2832 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/02 21:14:45.0999 2832 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/03/02 21:14:46.0202 2832 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/02 21:14:46.0374 2832 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/02 21:14:46.0701 2832 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/02 21:14:46.0873 2832 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/02 21:14:47.0076 2832 athr (ca6078dda7cf80fec230d9478bbe6c1b) C:\Windows\system32\DRIVERS\athr.sys
2011/03/02 21:14:47.0294 2832 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/02 21:14:47.0513 2832 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/02 21:14:47.0700 2832 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/02 21:14:47.0887 2832 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/02 21:14:48.0059 2832 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/02 21:14:48.0246 2832 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/02 21:14:48.0417 2832 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/02 21:14:48.0636 2832 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/02 21:14:48.0792 2832 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/02 21:14:48.0979 2832 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/02 21:14:49.0229 2832 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/02 21:14:49.0400 2832 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
2011/03/02 21:14:49.0603 2832 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
2011/03/02 21:14:49.0821 2832 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/02 21:14:50.0009 2832 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/02 21:14:50.0165 2832 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/02 21:14:50.0414 2832 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/02 21:14:50.0617 2832 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/02 21:14:50.0789 2832 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/02 21:14:51.0054 2832 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/02 21:14:51.0210 2832 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/02 21:14:51.0428 2832 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/02 21:14:51.0912 2832 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/02 21:14:52.0146 2832 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/02 21:14:52.0317 2832 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/02 21:14:52.0551 2832 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/02 21:14:52.0770 2832 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/02 21:14:52.0973 2832 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/02 21:14:53.0175 2832 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/02 21:14:53.0394 2832 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/02 21:14:53.0597 2832 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/02 21:14:53.0799 2832 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/02 21:14:53.0971 2832 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/02 21:14:54.0143 2832 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/02 21:14:54.0299 2832 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/02 21:14:54.0470 2832 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/02 21:14:54.0657 2832 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/02 21:14:54.0720 2832 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/02 21:14:54.0891 2832 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/03/02 21:14:55.0110 2832 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/02 21:14:55.0281 2832 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/02 21:14:55.0453 2832 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/02 21:14:55.0625 2832 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/02 21:14:55.0812 2832 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/02 21:14:55.0983 2832 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/02 21:14:56.0155 2832 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/03/02 21:14:56.0327 2832 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/02 21:14:56.0498 2832 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/02 21:14:56.0717 2832 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/02 21:14:57.0013 2832 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/03/02 21:14:57.0185 2832 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/02 21:14:57.0450 2832 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/02 21:14:57.0684 2832 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/02 21:14:57.0855 2832 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/02 21:14:58.0027 2832 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/02 21:14:58.0230 2832 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/02 21:14:58.0386 2832 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/02 21:14:58.0557 2832 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/02 21:14:58.0620 2832 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/02 21:14:58.0760 2832 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/02 21:14:58.0916 2832 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/02 21:14:59.0072 2832 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/02 21:14:59.0259 2832 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
2011/03/02 21:14:59.0431 2832 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/02 21:14:59.0587 2832 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/02 21:14:59.0774 2832 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2011/03/02 21:14:59.0930 2832 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2011/03/02 21:15:00.0117 2832 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/02 21:15:00.0336 2832 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/02 21:15:00.0523 2832 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
2011/03/02 21:15:00.0679 2832 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/02 21:15:00.0741 2832 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/02 21:15:00.0913 2832 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/02 21:15:01.0085 2832 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/02 21:15:01.0287 2832 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/02 21:15:01.0459 2832 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/02 21:15:01.0631 2832 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/02 21:15:01.0818 2832 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/02 21:15:01.0974 2832 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/02 21:15:02.0145 2832 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/02 21:15:02.0317 2832 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/02 21:15:02.0489 2832 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/02 21:15:02.0676 2832 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/02 21:15:02.0816 2832 MpKsl3cb9ad6a (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABE3A384-C45A-43D6-808F-007AAD10531A}\MpKsl3cb9ad6a.sys
2011/03/02 21:15:02.0972 2832 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/02 21:15:03.0144 2832 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/02 21:15:03.0300 2832 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/02 21:15:03.0471 2832 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/02 21:15:03.0643 2832 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/02 21:15:03.0815 2832 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/02 21:15:03.0971 2832 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/02 21:15:04.0142 2832 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/02 21:15:04.0314 2832 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/02 21:15:04.0501 2832 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/02 21:15:04.0688 2832 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/02 21:15:04.0875 2832 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/02 21:15:05.0078 2832 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/02 21:15:05.0250 2832 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/02 21:15:05.0936 2832 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/02 21:15:06.0513 2832 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/02 21:15:06.0654 2832 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/02 21:15:06.0747 2832 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/02 21:15:06.0981 2832 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/02 21:15:07.0169 2832 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/02 21:15:07.0340 2832 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/02 21:15:07.0371 2832 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/02 21:15:07.0543 2832 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/02 21:15:07.0730 2832 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/02 21:15:07.0777 2832 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/02 21:15:07.0933 2832 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/02 21:15:08.0136 2832 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/02 21:15:08.0307 2832 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/03/02 21:15:08.0495 2832 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/02 21:15:08.0651 2832 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/02 21:15:08.0885 2832 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/02 21:15:09.0072 2832 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/02 21:15:09.0228 2832 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/02 21:15:09.0384 2832 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/02 21:15:09.0555 2832 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/02 21:15:09.0727 2832 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/02 21:15:09.0992 2832 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/02 21:15:10.0148 2832 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/02 21:15:10.0226 2832 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/02 21:15:10.0351 2832 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/02 21:15:10.0445 2832 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/02 21:15:10.0601 2832 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/02 21:15:10.0803 2832 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/02 21:15:11.0006 2832 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/02 21:15:11.0271 2832 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/02 21:15:11.0443 2832 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/02 21:15:11.0630 2832 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/02 21:15:11.0802 2832 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/02 21:15:11.0880 2832 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/02 21:15:12.0083 2832 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/02 21:15:12.0254 2832 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/02 21:15:12.0410 2832 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/02 21:15:12.0566 2832 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/02 21:15:12.0753 2832 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/02 21:15:12.0800 2832 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/02 21:15:12.0878 2832 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/02 21:15:13.0019 2832 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/02 21:15:13.0190 2832 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/02 21:15:13.0377 2832 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/02 21:15:13.0549 2832 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/02 21:15:13.0767 2832 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/02 21:15:13.0955 2832 RTL8169 (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/03/02 21:15:14.0142 2832 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/02 21:15:14.0360 2832 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/02 21:15:14.0532 2832 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/02 21:15:14.0703 2832 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/02 21:15:14.0875 2832 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/02 21:15:15.0031 2832 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/02 21:15:15.0234 2832 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/02 21:15:15.0390 2832 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/02 21:15:15.0561 2832 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/02 21:15:15.0733 2832 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/02 21:15:15.0920 2832 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/02 21:15:16.0076 2832 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/02 21:15:16.0248 2832 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/02 21:15:16.0435 2832 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/02 21:15:16.0622 2832 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/02 21:15:16.0809 2832 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/03/02 21:15:16.0981 2832 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/02 21:15:17.0153 2832 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/02 21:15:17.0340 2832 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/02 21:15:17.0418 2832 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/02 21:15:17.0558 2832 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/02 21:15:17.0636 2832 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/02 21:15:17.0855 2832 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2011/03/02 21:15:18.0057 2832 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/02 21:15:18.0213 2832 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/02 21:15:18.0369 2832 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/03/02 21:15:18.0541 2832 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/02 21:15:18.0713 2832 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/02 21:15:18.0884 2832 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/02 21:15:19.0056 2832 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/02 21:15:19.0259 2832 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
2011/03/02 21:15:19.0586 2832 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2011/03/02 21:15:19.0805 2832 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/02 21:15:19.0976 2832 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/02 21:15:20.0148 2832 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/02 21:15:20.0319 2832 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/03/02 21:15:20.0491 2832 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/02 21:15:20.0678 2832 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/02 21:15:20.0928 2832 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/02 21:15:21.0099 2832 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/02 21:15:21.0271 2832 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/02 21:15:21.0443 2832 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/02 21:15:21.0614 2832 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/02 21:15:21.0817 2832 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/03/02 21:15:22.0020 2832 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/02 21:15:22.0191 2832 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/02 21:15:22.0363 2832 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/02 21:15:22.0535 2832 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/02 21:15:22.0706 2832 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/02 21:15:22.0909 2832 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/02 21:15:23.0096 2832 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/02 21:15:23.0268 2832 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/02 21:15:23.0439 2832 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/02 21:15:23.0611 2832 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/02 21:15:23.0767 2832 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/02 21:15:23.0954 2832 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/02 21:15:24.0110 2832 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/02 21:15:24.0173 2832 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/02 21:15:24.0329 2832 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/02 21:15:24.0531 2832 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/02 21:15:24.0703 2832 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/02 21:15:24.0734 2832 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/02 21:15:24.0937 2832 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/02 21:15:25.0109 2832 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/02 21:15:25.0405 2832 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/02 21:15:25.0514 2832 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/02 21:15:25.0670 2832 ================================================================================
2011/03/02 21:15:25.0670 2832 Scan finished
2011/03/02 21:15:25.0670 2832 ================================================================================
2011/03/02 21:17:12.0374 3636 Deinitialize success

This last scan said "none detected" when it finished.

Thanks so much!

#4
RKinner

Posted 02 March 2011 - 10:33 PM

Malware Expert

Expert
24,625 posts

Forgot this was Vista. No Recovery Console in Vista.

Logs look pretty decent. If you are still having problems with .exe files then try unhookexec.inf:

http://www.symantec....-050614-0532-99

To get rid of McAfee:

Copy the text in the code box by highlighting and Ctrl + c


:OTL
PRC - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
MOD - [2011/01/04 17:38:44 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
SRV - [2010/11/24 11:07:58 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/02/27 11:27:08 | 000,000,000 | ---D | M]
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)


:Files
C:\Program Files\Common Files\McAfee
C:\Program Files\McAfee
C:\ProgramData\McAfee
     
:Commands
[emptytemp]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Right click IE or Firefox and Run As Administrator then go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

How is it running now?

Ron

#5
rt60

Posted 05 March 2011 - 10:17 PM

Member

Topic Starter
Member
55 posts

- .exe files seem to be working okay now, after running the previous fixes.

OTL log:

All processes killed
========== OTL ==========
Process McSACore.exe killed successfully!
Service McAfee SiteAdvisor Service stopped successfully!
Service McAfee SiteAdvisor Service deleted successfully!
c:\Program Files\McAfee\SiteAdvisor\McSACore.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7082FAA-CB62-4872-9106-E42DD88EDE45}\ not found.
C:\Program Files\McAfee\SiteAdvisor\Scripts folder moved successfully.
C:\Program Files\McAfee\SiteAdvisor\Download folder moved successfully.
C:\Program Files\McAfee\SiteAdvisor\Components folder moved successfully.
C:\Program Files\McAfee\SiteAdvisor folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ deleted successfully.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
File c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll not found.
========== FILES ==========
C:\Program Files\Common Files\McAfee\Installer folder moved successfully.
C:\Program Files\Common Files\McAfee folder moved successfully.
C:\Program Files\McAfee folder moved successfully.
C:\ProgramData\McAfee\SiteAdvisor\saupkeep.dll folder moved successfully.
C:\ProgramData\McAfee\SiteAdvisor\sasshmod.dll folder moved successfully.
C:\ProgramData\McAfee\SiteAdvisor\SACore folder moved successfully.
C:\ProgramData\McAfee\SiteAdvisor\mcsacore.exe folder moved successfully.
C:\ProgramData\McAfee\SiteAdvisor\mcbrwctl.dll folder moved successfully.
C:\ProgramData\McAfee\SiteAdvisor folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\SecurityScanner folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SSScheduler folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom\McCHSvc folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\PartnerCustom folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McUICnt folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\McInst folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\Common\McCHSvc folder moved successfully.
C:\ProgramData\McAfee\MCLOGS\Common folder moved successfully.
C:\ProgramData\McAfee\MCLOGS folder moved successfully.
C:\ProgramData\McAfee folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: roger
->Temp folder emptied: 293976 bytes
->Temporary Internet Files folder emptied: 74360690 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 680 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58214 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 71.00 mb

OTL by OldTimer - Version 3.2.22.2 log created on 03052011_204636

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\~DF78B.tmp not found!
File\Folder C:\Windows\temp\~DF793.tmp not found!

Registry entries deleted on Reboot...

- ESET Scan: No Threats Found

Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=9659cd626196d942b1f335b559f7180f
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-03-06 02:59:34
# local_time=2011-03-05 09:59:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776574 100 100 379260 135984178 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=119552
# found=0
# cleaned=0
# scan_time=3734

It's running SO much better!

#6
RKinner

Posted 06 March 2011 - 12:45 AM

Malware Expert

Expert
24,625 posts

We need to clean up System Restore.
The best way is to follow Jim's procedure here http://aumha.net/vie...581099691bf108f
tho it hasn't been updated for Vista or Win 7 yet so To create a Restore Point try this:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Now Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator,
cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

You do not have the latest Java (Java™ 6 Update 24). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it. Don't let them install the yahoo toolbar or remove it afterward.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 3

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Flash Player recently came out with a new version which fixes an exploit hole. See http://aumha.net/vie...&st=0&sk=t&sd=a Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past. Uncheck the option to add McAfee Security Scan to the download. You do not need it.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password!

Ron