Toshia laptop runnibg slow

**malopr** · 20-11-2010

I have a Toshiba Satellite L35, Windows XP Service Pack 3. I have 512 MB but only about 98 MN available. I did the read me first and here are the logs. I logged on safe mode administrator and on the desktop there is an icon for a desktop dailer which is not on my regular desktop.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 5157

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/20/2010 7:58:09 AM
mbam-log-2010-11-20 (07-58-09).txt

Scan type: Quick scan
Objects scanned: 146254
Time elapsed: 17 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-20 09:06:15
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-00A23T0 rev.01.01A01
Running: uj9qo92q.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\axtyipow.sys

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF73B50E0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF73B50F4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF73B5120]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF73B5176]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF73B50CC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF73B50A4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF73B50B8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF73B510A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF73B514C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF73B5136]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF73B51A0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF73B518C]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF73B5160]
Code 0C109B5F KeFindConfigurationNextEntry
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[468] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 62419A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[468] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 62419AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 05350000
.text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0535002C
.text C:\WINDOWS\Explorer.EXE[748] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0535001B
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 043E0000
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 043E00A4
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 043E0089
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 043E0FAF
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 043E006C
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 043E0036
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 043E00CB
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 043E0F83
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 043E00F0
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 043E0F57
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 043E0101
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 043E0051
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 043E0FE5
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 043E0F94
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 043E001B
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 043E0FCA
.text C:\WINDOWS\Explorer.EXE[748] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 043E0F72
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D30FCD
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D3005B
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D30FDE
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D30FEF
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D3004A
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D30000
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D30039
.text C:\WINDOWS\Explorer.EXE[748] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D30FB2
.text C:\WINDOWS\Explorer.EXE[748] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D20FDB
.text C:\WINDOWS\Explorer.EXE[748] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D20066
.text C:\WINDOWS\Explorer.EXE[748] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D2003A
.text C:\WINDOWS\Explorer.EXE[748] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D2000C
.text C:\WINDOWS\Explorer.EXE[748] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D2004B
.text C:\WINDOWS\Explorer.EXE[748] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D20029
.text C:\WINDOWS\Explorer.EXE[748] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\Explorer.EXE[748] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D00FDE
.text C:\WINDOWS\Explorer.EXE[748] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D00FB9
.text C:\WINDOWS\Explorer.EXE[748] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 00D00014
.text C:\WINDOWS\Explorer.EXE[748] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D1000A
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BB0011
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA005E
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0043
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F69
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F86
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA001E
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA0096
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA0085
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA0F11
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F22
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00C5
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0F97
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FD4
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F4E
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FB2
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FC3
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F33
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093002C
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930062
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FE5
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930FA5
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930047
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FB6
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920F9A
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FAB
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920011
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FE3
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC6
.text C:\WINDOWS\system32\svchost.exe[996] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0090000A
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0090002C
.text C:\WINDOWS\system32\svchost.exe[996] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 0090003D
.text C:\WINDOWS\system32\svchost.exe[996] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\system32\services.exe[1228] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00070FEF
.text C:\WINDOWS\system32\services.exe[1228] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00070011
.text C:\WINDOWS\system32\services.exe[1228] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00070000
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00060FA8
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00060FB9
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00060087
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00060076
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00060054
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000600B8
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00060F70
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000600DD
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00060F44
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00060F29
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00060065
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00060F8D
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0006001E
.text C:\WINDOWS\system32\services.exe[1228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00060F55
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00050028
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00050068
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00050FCD
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00050FDE
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00050FAB
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0005004D
.text C:\WINDOWS\system32\services.exe[1228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00050FBC
.text C:\WINDOWS\system32\services.exe[1228] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00040038
.text C:\WINDOWS\system32\services.exe[1228] msvcrt.dll!system 77C293C7 5 Bytes JMP 00040027
.text C:\WINDOWS\system32\services.exe[1228] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0004000C
.text C:\WINDOWS\system32\services.exe[1228] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00040FEF
.text C:\WINDOWS\system32\services.exe[1228] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00040FB7
.text C:\WINDOWS\system32\services.exe[1228] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00040FD2
.text C:\WINDOWS\system32\services.exe[1228] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006B0FEF
.text C:\WINDOWS\system32\lsass.exe[1240] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E90FE5
.text C:\WINDOWS\system32\lsass.exe[1240] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90000
.text C:\WINDOWS\system32\lsass.exe[1240] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90FD4
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CF0000
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CF007D
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CF0F7E
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CF0062
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CF0FAF
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CF0FCA
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CF0098
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CF0F52
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CF0F1A
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CF00B3
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CF0EFF
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CF0051
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CF0F63
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CF0FE5
.text C:\WINDOWS\system32\lsass.exe[1240] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CF0F35
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CE0FCA
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CE0F68
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CE0FDB
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CE0F8D
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CE0F9E
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [EE, 88]
.text C:\WINDOWS\system32\lsass.exe[1240] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CE0FAF
.text C:\WINDOWS\system32\lsass.exe[1240] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CD004E
.text C:\WINDOWS\system32\lsass.exe[1240] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CD0FB9
.text C:\WINDOWS\system32\lsass.exe[1240] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CD0022
.text C:\WINDOWS\system32\lsass.exe[1240] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\lsass.exe[1240] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CD0033
.text C:\WINDOWS\system32\lsass.exe[1240] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\lsass.exe[1240] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CC000A
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0241000A
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02410FCA
.text C:\WINDOWS\system32\svchost.exe[1408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02410FE5
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD0F26
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F37
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F52
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0F79
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0FA5
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0EEE
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD0F0B
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0EB1
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0EC2
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0EA0
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0F8A
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0011
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD0FC0
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FDB
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD0ED3
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0FC3
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0076
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC0FD4
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0065
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0FE5
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AC0040
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC002F
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0F90
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0025
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0000
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FEF
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FAB
.text C:\WINDOWS\system32\svchost.exe[1408] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AB0FC6
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A40000
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A40FDB
.text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A40011
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A30F8D
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A30082
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A30065
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A30054
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A30FB2
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A30F68
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A300AE
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A300E6
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A30F4D
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A30F32
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A30039
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A30FDE
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A30093
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A30FCD
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A3001E
.text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A300CB
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A20FD1
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A20F80
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A20022
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A20011
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A20F9B
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A2003D
.text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A20FAC
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10FB5
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10040
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A10FC6
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A1001B
.text C:\WINDOWS\system32\svchost.exe[1512] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10FE3
.text C:\WINDOWS\system32\svchost.exe[1512] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A00000
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02830FEF
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0283000A
.text C:\WINDOWS\System32\svchost.exe[1704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02830FD4
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02820000
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02820F79
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02820F94
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0282006E
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02820FA5
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02820047
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 028200A6
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02820F5E
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02820F28
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02820F43
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028200E6
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02820FC0
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0282001B
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02820089
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02820FE5
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02820036
.text C:\WINDOWS\System32\svchost.exe[1704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 028200C1
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02810036
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02810087
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0281001B
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02810FE5
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02810076
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0281000A
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02810FCA
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A1, 8A]
.text C:\WINDOWS\System32\svchost.exe[1704] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02810047
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02700FAD
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!system 77C293C7 5 Bytes JMP 02700038
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02700FD2
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02700FEF
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02700027
.text C:\WINDOWS\System32\svchost.exe[1704] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0270000C
.text C:\WINDOWS\System32\svchost.exe[1704] WS2_32.dll!socket 71AB4211 5 Bytes JMP 026F0000
.text C:\WINDOWS\System32\svchost.exe[1704] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 026E000A
.text C:\WINDOWS\System32\svchost.exe[1704] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 026E0FEF
.text C:\WINDOWS\System32\svchost.exe[1704] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 026E0FCA
.text C:\WINDOWS\System32\svchost.exe[1704] WININET.dll!InternetOpenUrlW 3D9A6D5F 5 Bytes JMP 026E0FAF
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008D0000
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008D0011
.text C:\WINDOWS\system32\svchost.exe[1760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008D0FDB
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C0000
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0F4D
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C0042
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C0F68
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C0025
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0F94
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C0073
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C0F21
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C0EE4
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C0EFF
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C0098
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C0F83
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C0F3C
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0FAF
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C0FD4
.text C:\WINDOWS\system32\svchost.exe[1760] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C0F10
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B0047
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B0098
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B0036
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B0011
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B007D
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 008B0FDB
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [AB, 88]
.text C:\WINDOWS\system32\svchost.exe[1760] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B0062
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A0F88
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A0FAD
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A0FD2
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A001D
.text C:\WINDOWS\system32\svchost.exe[1760] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0FE3
.text C:\WINDOWS\system32\svchost.exe[1760] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0089000A
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00AA0FEF
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00AA0000
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00AA0FCA
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A4000A
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A40098
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40087
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A40076
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40065
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40FCD
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A40F6B
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A400B3
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A400DF
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40F46
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40F2B
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A40054
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40FEF
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40F88
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40FDE
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40025
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A400CE
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A30FDB
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A30FAC
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A30022
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A30011
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A30069
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A30000
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A3004E
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A3003D
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A20F86
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A20FA1
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A20FC6
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A20011
.text C:\WINDOWS\system32\svchost.exe[1856] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A20FD7
.text C:\WINDOWS\system32\svchost.exe[1856] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A10000

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1020] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00407740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1020] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [004077A0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 135):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF7A10000 \WINDOWS\system32\KDCOM.DLL
0xF7920000 \WINDOWS\system32\BOOTVID.dll
0xF74C1000 ACPI.sys
0xF7A12000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF74B0000 pci.sys
0xF7510000 isapnp.sys
0xF7924000 compbatt.sys
0xF7928000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7AD8000 pciide.sys
0xF7790000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7492000 pcmcia.sys
0xF7520000 MountMgr.sys
0xF7473000 ftdisk.sys
0xF792C000 ACPIEC.sys
0xF7AD9000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7798000 PartMgr.sys
0xF7530000 VolSnap.sys
0xF745B000 atapi.sys
0xF7429000 KR10N.sys
0xF7411000 \WINDOWS\system32\drivers\SCSIPORT.SYS
0xF7540000 disk.sys
0xF7550000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73F1000 fltmgr.sys
0xF73DF000 sr.sys
0xF7382000 mfehidk.sys
0xF736B000 KSecDD.sys
0xF72DE000 Ntfs.sys
0xF72B1000 NDIS.sys
0xF7297000 Mup.sys
0xF7640000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF70E8000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF70D4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7810000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF70B0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7818000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF79C0000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0xF7650000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7660000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7670000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF708D000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7820000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7065000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7680000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7828000 \SystemRoot\system32\drivers\qkbfiltr.sys
0xF7830000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7A24000 \SystemRoot\system32\drivers\qmofiltr.sys
0xF7035000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A26000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7838000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7018000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF6FA4000 \SystemRoot\system32\DRIVERS\ar5211.sys
0xF79C8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7B0B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF6F90000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xF7690000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF79D0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6F79000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76B0000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7840000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6F40000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76C0000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF6F1C000 \SystemRoot\system32\drivers\mfeavfk.sys
0xF6ED1000 \SystemRoot\system32\drivers\mfefirek.sys
0xF7850000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7858000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76D0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A2C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6E4B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7A2E000 \SystemRoot\system32\drivers\BoiHwSetup.sys
0xF7A04000 \SystemRoot\system32\DRIVERS\tbiosdrv.sys
0xF76F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7720000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF29D8000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF29B4000 \SystemRoot\system32\drivers\portcls.sys
0xF7730000 \SystemRoot\system32\drivers\drmk.sys
0xF27F9000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7860000 \SystemRoot\System32\Drivers\Modem.SYS
0xF27BE000 \SystemRoot\system32\DRIVERS\MOBK.sys
0xF7A32000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B05000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A34000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7880000 \SystemRoot\System32\drivers\vga.sys
0xF7A36000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A38000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF2785000 \SystemRoot\System32\Drivers\meiudf.sys
0xF2774000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF7888000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7890000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6F6D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2739000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF26E0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF26CD000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xF26A7000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF267F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF265D000 \SystemRoot\System32\drivers\afd.sys
0xF7750000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF2632000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF25C2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7760000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7770000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF2582000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A5A000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF27E9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF78A0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7BF5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF03D1000 \SystemRoot\system32\DRIVERS\tdudf.sys
0xF2984000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF78B8000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF03FA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF03F6000 \SystemRoot\system32\DRIVERS\netdevio.sys
0xF005C000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEFF57000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0131000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7A98000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xEFA99000 \SystemRoot\system32\DRIVERS\srv.sys
0xEF490000 \SystemRoot\System32\Drivers\HTTP.sys
0xF7A5C000 \SystemRoot\system32\DRIVERS\psi_mf.sys
0xEF501000 \SystemRoot\system32\drivers\cfwids.sys
0xEECAC000 \??\C:\DOCUME~1\David\LOCALS~1\Temp\axtyipow.sys
0xEEC83000 \SystemRoot\system32\drivers\mfeapfk.sys
0xEF741000 \SystemRoot\system32\drivers\mfebopk.sys
0xEEC58000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 47):
0 System Idle Process
4 System
1032 C:\WINDOWS\system32\smss.exe
1144 csrss.exe
1172 C:\WINDOWS\system32\winlogon.exe
1228 C:\WINDOWS\system32\services.exe
1240 C:\WINDOWS\system32\lsass.exe
1396 C:\WINDOWS\system32\ati2evxx.exe
1408 C:\WINDOWS\system32\svchost.exe
1512 svchost.exe
1704 C:\WINDOWS\system32\svchost.exe
1760 svchost.exe
1856 svchost.exe
576 C:\WINDOWS\system32\ati2evxx.exe
740 C:\WINDOWS\system32\spoolsv.exe
748 C:\WINDOWS\explorer.exe
936 C:\WINDOWS\system32\acs.exe
996 svchost.exe
1556 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
1572 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1596 C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
1612 C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
1620 C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
1636 C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
1644 C:\WINDOWS\system32\TPSMain.exe
1652 C:\TOSHIBA\IVP\ISM\pinger.exe
1660 C:\WINDOWS\RTHDCPL.exe
1732 C:\WINDOWS\agrsmmsg.exe
1780 C:\Program Files\McAfee.com\Agent\mcagent.exe
1876 C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
1892 C:\WINDOWS\system32\ctfmon.exe
1964 C:\WINDOWS\system32\RAMASST.exe
1936 C:\Program Files\Secunia\PSI\psi.exe
1832 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2016 C:\Program Files\Bonjour\mDNSResponder.exe
228 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
292 C:\WINDOWS\system32\DVDRAMSV.exe
468 C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
1020 C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
1084 C:\Program Files\McAfee Online Backup\MOBKbackup.exe
1052 C:\TOSHIBA\IVP\swupdate\swupdtmr.exe
1132 C:\WINDOWS\system32\TODDSrv.exe
2348 C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
2544 C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
4008 alg.exe
3344 C:\WINDOWS\system32\TPSBattM.exe
2628 C:\Documents and Settings\David\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600BEVT-00A23T0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

Done!

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/11/2010 5:25:31 AM
System Uptime: 11/20/2010 8:04:51 AM (4 hours ago)

Motherboard: TOSHIBA | | Satellite L35
Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | U23 | 1466/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 135.647 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 9/11/2010 5:25:36 AM - System Checkpoint
RP2: 9/11/2010 5:43:15 AM - Software Distribution Service 3.0
RP3: 9/11/2010 6:00:36 AM - Software Distribution Service 3.0
RP4: 9/11/2010 7:02:10 AM - Software Distribution Service 3.0
RP5: 9/11/2010 7:40:46 AM - Software Distribution Service 3.0
RP6: 9/11/2010 8:02:54 AM - Software Distribution Service 3.0
RP7: 9/11/2010 8:42:11 AM - Removed Microsoft Office OneNote 2003
RP8: 9/11/2010 8:43:35 AM - Removed Microsoft Office Standard Edition 2003
RP9: 9/11/2010 11:03:53 AM - Installed McAfee Virtual Technician
RP10: 9/11/2010 11:43:20 AM - Removed McAfee Virtual Technician
RP11: 9/11/2010 12:18:30 PM - Removed Toshiba Registration
RP12: 9/11/2010 12:44:36 PM - Removed Adobe Reader 7.0
RP13: 9/11/2010 12:45:19 PM - Installed Adobe Reader 9.3.4.
RP14: 9/11/2010 6:01:21 PM - Installed WOT for Internet Explorer
RP15: 9/11/2010 6:13:36 PM - Installed QuickTime
RP16: 9/11/2010 6:19:13 PM - Installed Windows XP -- Software Updates KB952011.
RP17: 9/11/2010 6:23:02 PM - Installed Java(TM) 6 Update 20
RP18: 9/12/2010 7:54:00 AM - Installed iTunes
RP19: 9/15/2010 7:30:11 PM - Software Distribution Service 3.0
RP20: 9/15/2010 8:09:04 PM - Removed Java(TM) 6 Update 20
RP21: 9/15/2010 8:10:22 PM - Installed Java(TM) 6 Update 20
RP22: 9/26/2010 7:42:34 AM - Installed Java(TM) 6 Update 21
RP23: 9/26/2010 8:38:09 AM - Software Distribution Service 3.0
RP24: 10/3/2010 4:39:12 AM - Removed Adobe Reader 9.3.4.
RP25: 10/3/2010 11:19:54 AM - Software Distribution Service 3.0
RP26: 10/3/2010 11:30:22 AM - Installed Java(TM) 6 Update 20
RP27: 10/3/2010 11:54:19 AM - Installed QuickTime
RP28: 10/4/2010 11:15:52 AM - Software Distribution Service 3.0
RP29: 10/4/2010 12:20:28 PM - Software Distribution Service 3.0
RP30: 10/24/2010 7:02:29 AM - Installed Java(TM) 6 Update 22
RP31: 10/24/2010 7:05:07 AM - Software Distribution Service 3.0
RP32: 10/24/2010 7:24:18 AM - Removed J2SE Runtime Environment 5.0 Update 7
RP33: 10/24/2010 7:26:22 AM - Removed Java(TM) 6 Update 20
RP34: 11/20/2010 5:09:36 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility
Atheros Wireless LAN MiniPCI/PCIe card Driver
ATI Control Panel
ATI Display Driver
Bonjour
CD/DVD Drive Acoustic Silencer
DAL Scanner
Desktop Dialer
DVD-RAM Driver
ESET Online Scanner v3
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Format SDK (KB910998)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
InterVideo WinDVD for TOSHIBA
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware
McAfee Online Backup
McAfee Total Protection
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Office 2003 Trial Assistant
QuickTime
RealPlayer Basic
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Secunia PSI
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
Toshiba Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
Toshiba Touchpad Utility
Toshiba Utility
TOSHIBA Zooming Utility
Touch and Launch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WOT for Internet Explorer

==== Event Viewer Messages From Past Week ========

11/20/2010 7:13:58 AM, error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 7:13:58 AM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 7:13:58 AM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/20/2010 7:13:58 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/20/2010 7:13:58 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/20/2010 7:13:58 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/20/2010 7:13:58 AM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/20/2010 7:13:58 AM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/20/2010 7:13:57 AM, error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 7:13:57 AM, error: Service Control Manager [7034] - The McAfee Online Backup service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 7:13:53 AM, error: Service Control Manager [7034] - The DVD-RAM_Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 7:13:52 AM, error: Service Control Manager [7034] - The ConfigFree Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 7:13:51 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 7:13:50 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/20/2010 7:13:15 AM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 7:13:06 AM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
11/20/2010 6:04:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/20/2010 6:01:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/20/2010 6:00:43 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/20/2010 5:55:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
11/20/2010 5:54:28 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk mfetdi2k MOBKFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The McAfee Network Agent service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2010 5:54:28 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/20/2010 5:45:08 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McNASvc service.
11/20/2010 4:59:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
11/20/2010 4:59:53 AM, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

DDS (Ver_10-11-10.01) - NTFSx86
Run by David at 12:37:16.04 on Sat 11/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.155 [GMT -8:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSMain.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Documents and Settings\David\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101120054726.dl l
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Toshiba Hotkey Utility] "c:\program files\toshiba\windows utilities\Hotkey.exe" /lang en
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPSMain] TPSMain.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\david\startm~1\programs\startup\secuni ~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ram asst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284208842545
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1286219470468
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-31 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-9-11 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\ MOBK.sys [2010-9-11 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-11 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-11 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-11 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-11 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-11 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-11 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-11 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-6-28 98816]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-11 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-11 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-11 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-11 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\ mfendisk.sys [2010-9-11 88544]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-7-7 14904]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-9-11 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-11 84264]

=============== Created Last 30 ================

2010-11-20 13:33:54 -------- d-----w- c:\windows\pss
2010-10-24 14:46:02 -------- d-----w- c:\program files\ESET
2010-10-24 13:51:50 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-24 13:51:47 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-24 13:51:44 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-24 13:50:45 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

==================== Find3M ====================

2010-09-18 19:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

============= FINISH: 12:39:00.56 ===============

thanks for all your help

**broni** · 20-11-2010

You left this topic in the middle of cleaning process: http://www.d-a-l.com/help/spyware-ad...le-notice.html
If it'll happen again, you may not be able to receive any more help in malware forum.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================== ====================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: AVG - Download tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**malopr** · 21-11-2010

sorry about that it wont happen again

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as David on 11/20/2010 at 17:02:48.

Services Stopped:

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\David\Desktop\rkill.com

Rkill completed on 11/20/2010 at 17:02:53.

ComboFix 10-11-20.03 - David 11/20/2010 16:51:55.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.208 [GMT -8:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2010-10-21 to 2010-11-21 )))))))))))))))))))))))))))))))
.

2010-11-20 13:59 . 2010-11-20 14:01 -------- d-----w- c:\documents and settings\Administrator
2010-10-24 14:46 . 2010-10-24 14:46 -------- d-----w- c:\program files\ESET
2010-10-24 13:51 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll
2010-10-24 13:51 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-24 13:51 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-24 13:50 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-10-14 06:28 . 2010-09-11 19:03 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-14 06:28 . 2010-09-11 19:03 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-10-14 06:28 . 2010-09-11 19:03 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-14 06:28 . 2010-09-11 19:03 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-10-14 06:28 . 2010-09-11 19:03 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-14 06:28 . 2010-09-11 19:03 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-14 06:28 . 2010-09-11 19:03 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-14 06:28 . 2010-09-11 19:03 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-14 06:28 . 2010-06-01 03:32 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-14 06:28 . 2010-06-01 03:32 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-09-18 19:23 . 2006-08-21 17:02 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2006-08-21 17:02 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2006-08-21 17:02 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2006-08-21 17:02 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 11:50 . 2010-09-12 01:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 09:29 . 2010-09-26 14:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-11 12:25 . 2010-09-11 12:25 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-09-10 05:58 . 2006-08-21 17:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2006-08-21 17:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2006-08-21 17:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51 . 2006-08-21 17:01 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2006-08-21 17:03 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2006-08-21 17:02 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2006-08-21 17:02 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-08-21 17:02 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-09-11 12:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2006-08-21 17:02 617472 ----a-w- c:\windows\system32\comctl32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\MO BK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\MO BK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\MO BK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"NDSTray.exe"="NDSTray.exe" [BU]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-08-01 1773568]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 89541]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

c:\documents and settings\David\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-7-21 965176]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-8-21 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 15:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [9/11/2010 11:03 AM 84072]
R1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\ MOBK.sys [9/11/2010 11:05 AM 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/11/2010 11:03 AM 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/11/2010 11:03 AM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [9/11/2010 11:03 AM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [9/11/2010 11:03 AM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\Mcafee\SystemCore\mfevtps.exe [9/11/2010 11:03 AM 141792]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [4/13/2010 7:11 PM 229688]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [6/28/2006 10:50 AM 98816]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [9/11/2010 11:03 AM 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [9/11/2010 11:03 AM 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\ mfendisk.sys [9/11/2010 11:03 AM 88544]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [9/11/2010 11:03 AM 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/11/2010 11:03 AM 84264]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 6:05 AM 14904]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-11-20 16:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4031329935-1746841742-1217294077-1006\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1804)
c:\windows\system32\WININET.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2010-11-20 17:02:09
ComboFix-quarantined-files.txt 2010-11-21 01:02

Pre-Run: 145,574,445,056 bytes free
Post-Run: 145,544,400,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B61DBF67495CDF39119FCC24DC225D94

**broni** · 21-11-2010

I don't see much there...

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**malopr** · 21-11-2010

Here are the two logs

OTL logfile created on: 11/21/2010 5:36:14 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 184.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 135.55 Gb Free Space | 90.94% Space Free | Partition Type: NTFS

Computer Name: DAVIDSLAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/21 05:29:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/09/30 13:10:36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/07/21 03:43:54 | 000,965,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2010/04/13 19:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/01 09:57:06 | 001,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\TOSHIBA\Windows Utilities\Hotkey.exe
PRC - [2006/05/25 17:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2006/03/16 12:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2005/12/05 21:06:10 | 001,077,322 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2005/09/26 10:22:28 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2005/07/12 16:14:42 | 000,040,960 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2005/05/31 20:00:12 | 000,282,624 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2005/05/31 19:59:58 | 000,045,056 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005/04/26 15:13:20 | 000,122,880 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/01/17 15:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/12/29 23:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/08/27 23:37:00 | 000,155,648 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/27 23:33:00 | 000,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/10/20 08:37:58 | 000,475,136 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe

========== Modules (SafeList) ==========

MOD - [2010/11/21 05:29:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/24 13:57:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/13 19:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 09:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/05/25 17:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2005/09/26 10:22:28 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2005/07/12 16:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 15:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/27 23:33:00 | 000,110,592 | ---- | M] (Matsu****a Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\David\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22:28:54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/07 06:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/13 19:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2009/01/21 06:49:40 | 000,118,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/09/06 15:04:12 | 004,377,600 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/21 11:09:25 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/28 10:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/04/07 15:18:46 | 000,193,056 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/04/01 16:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/18 06:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 17:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/01/12 15

18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/12/11 22:40:44 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/24 14:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/10 20:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/06/02 02:33:00 | 000,102,384 | ---- | M] (Matsu****a Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005/05/05 13:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2005/01/11 09:05:46 | 000,204,160 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\KR10N.sys -- (KR10N)
DRV - [2004/08/03 14:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/01/29 13:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 12:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home - Welcome to Toshiba
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FA A-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/20 05:15:54 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2004/08/03 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101120054726.dl l (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsu****a Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\David\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1284208842545 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1286219470468 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Toshiba.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Toshiba.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/21 09:25:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/21 05:29:49 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/11/20 16:48:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/20 16:46:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/20 16:46:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/20 16:46:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/20 16:46:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/20 16:46:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/20 16:46:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/20 05:33:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/10/24 06:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/24 05:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Desktop\Unused Desktop Shortcuts

========== Files - Modified Within 30 Days ==========

[2010/11/21 05:29:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/11/21 04:19:00 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/21 04:18:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/21 04:18:08 | 467,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/20 16:48:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/20 16:44:57 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\David\Desktop\rkill.com
[2010/11/20 16:43:48 | 003,912,769 | R--- | M] () -- C:\Documents and Settings\David\Desktop\ComboFix.exe
[2010/11/20 16:25:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/20 12:36:22 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\David\Desktop\dds.scr
[2010/11/20 12:33:49 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\David\Desktop\MBRCheck.exe
[2010/11/20 08:13:15 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\David\Desktop\uj9qo92q.exe
[2010/11/20 04:55:42 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/20 04:55:42 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/20 04:52:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/24 06:18:12 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/24 06:10:27 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/24 05:38:32 | 000,002,838 | ---- | M] () -- C:\WINDOWS\machine.ver

========== Files Created - No Company Name ==========

[2010/11/20 16:48:20 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/20 16:48:15 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/20 16:46:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/20 16:46:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/20 16:46:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/20 16:46:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/20 16:46:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/20 16:44:55 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\David\Desktop\rkill.com
[2010/11/20 16:43:48 | 003,912,769 | R--- | C] () -- C:\Documents and Settings\David\Desktop\ComboFix.exe
[2010/11/20 12:36:18 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\David\Desktop\dds.scr
[2010/11/20 12:33:41 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\David\Desktop\MBRCheck.exe
[2010/11/20 08:13:04 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\David\Desktop\uj9qo92q.exe
[2010/11/20 08:06:08 | 000,001,606 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/20 06:07:11 | 467,841,024 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/11 07:29:11 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/09/09 11:29:20 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/09/09 11:29:20 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/09/09 11:29:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/09/09 11:29:20 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/09/09 11:29:20 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/09/09 11:29:20 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/09/09 11:28:14 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/09/09 11:28:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/09/09 11:28:14 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/09/09 11:28:14 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/09/09 11:25:07 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/21 15:44:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/21 10:54:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/08/21 10:53:47 | 000,011,122 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2006/08/21 10:53:47 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2006/08/21 09:30:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/21 09:22:29 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/21 09:06:11 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/08/21 02:18:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/01 09

40 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/12/08 10

50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/08/24 14:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys

========== LOP Check ==========

[2010/09/11 07:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/09/11 11:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/09/12 06:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006/09/09 12:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\InterVideo
[2010/09/11 11:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\MSNInstaller
[2006/08/21 10:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\toshiba

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/08/21 09:25:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/20 16:25:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/11/20 16:48:21 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/11/20 17:02:11 | 000,012,528 | ---- | M] () -- C:\ComboFix.txt
[2006/08/21 09:25:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/11/21 04:18:08 | 467,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2006/08/21 09:25:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/08/21 11:10:02 | 000,001,186 | -H-- | M] () -- C:\IPH.PH
[2006/08/21 09:25:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/11 06:08:53 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/21 04:18:07 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2010/11/20 17:02:53 | 000,000,392 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/08/21 09:25:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
[2003/06/18 16:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.d ll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfil terpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/12/08 15:04:46 | 000,045,056 | ---- | M] (TOSHIBA) -- C:\WINDOWS\cfdemo.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/08/21 02:17:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/08/21 02:17:25 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/21 02:17:25 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/09/11 06:17:01 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/09/11 04:27:50 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2002/05/05 19:19:46 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/20 16:43:48 | 003,912,769 | R--- | M] () -- C:\Documents and Settings\David\Desktop\ComboFix.exe
[2010/11/20 12:33:49 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\David\Desktop\MBRCheck.exe
[2010/11/21 05:29:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/09/11 09:03:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\TFC.exe
[2010/11/20 08:13:15 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\David\Desktop\uj9qo92q.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/09/26 07:51:27 | 000,819,184 | ---- | M] () -- C:\Documents and Settings\David\My Documents\docrepair-setup.exe
[2010/09/12 06:48:46 | 074,840,872 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\David\My Documents\iTunesSetup.exe
[2010/09/11 09:05:00 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\David\My Documents\mbam-setup-1.46.exe
[2010/09/11 10:18:39 | 001,373,616 | ---- | M] () -- C:\Documents and Settings\David\My Documents\MCPR.exe
[2010/09/11 17:05:10 | 000,755,552 | ---- | M] (Secunia) -- C:\Documents and Settings\David\My Documents\PSISetup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/03 13:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >
[2006/08/21 02:19:33 | 000,004,128 | ---- | M] () -- C:\WINDOWS\Driver Cache\INFCACHE.1

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/09/11 04:27:48 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\David\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/21 05:04:01 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\David\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2005/08/01 13:24:00 | 001,003,215 | ---- | M] () -- C:\WINDOWS\Installer\ms_office_trial.exe
[2005/10/03 11:51:04 | 004,673,840 | ---- | M] () -- C:\WINDOWS\Installer\welcomeTour.exe

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 00:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 00:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 00:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 00:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 00:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 00:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 00:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

OTL Extras logfile created on: 11/21/2010 5:36:14 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\David\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 184.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 135.55 Gb Free Space | 90.94% Space Free | Partition Type: NTFS

Computer Name: DAVIDSLAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAf ee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{05832D65-6EDB-4D32-BA78-BCD0E2B91C02}" = Atheros Wireless LAN MiniPCI/PCIe card Driver
"{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529DDE6B-4F31-438B-B218-F36266ABD8C0}" = TOSHIBA Disc Creator
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{71D658CF-4E0D-4DA8-AA67-8C0B6F1C01FE}" = Atheros Client Utility
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0A05EB3-1A5E-45EF-B2AB-E3ABD2B86130}" = Toshiba Hotkey Utility
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ATI Display Driver" = ATI Display Driver
"Desktop Dialer" = Desktop Dialer
"ESET Online Scanner" = ESET Online Scanner v3
"ie8" = Windows Internet Explorer 8
"InstallShield_{099D12EC-0321-4CAC-A0CC-33D020156FCD}" = Toshiba Utility
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{F77890F3-774A-4CBE-A2E3-7BB0DC71D1FA}" = Toshiba Touchpad Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee Total Protection
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Power Saver" = TOSHIBA Power Saver
"RealPlayer 6.0" = RealPlayer Basic
"Secunia PSI" = Secunia PSI
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"DAL Scanner" = DAL Scanner

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2010 10:02:49 AM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2010 10:02:49 AM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2010 10:02:49 AM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2010 10:02:49 AM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2010 10:02:49 AM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2010 10:02:50 AM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The server name or address could not be resolved

Error - 11/20/2010 10:02:50 AM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2010 10:02:50 AM | Computer Name = DAVIDSLAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 11/20/2010 12:09:54 PM | Computer Name = DAVIDSLAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2010 12:11:10 PM | Computer Name = DAVIDSLAPTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

[ System Events ]
Error - 9/15/2010 11:19:06 PM | Computer Name = DAVIDSLAPTOP | Source = Service Control Manager | ID = 7034
Description = The McAfee Validation Trust Protection Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 9/18/2010 11:03:20 AM | Computer Name = DAVIDSLAPTOP | Source = DCOM | ID = 10010
Description = The server {6DFC2D17-579D-4C1C-93B7-B05B7DCCD766} did not register
with DCOM within the required timeout.

Error - 9/18/2010 11:03:22 AM | Computer Name = DAVIDSLAPTOP | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 9/26/2010 10:53:55 AM | Computer Name = DAVIDSLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McNASvc service.

Error - 9/26/2010 10:54:26 AM | Computer Name = DAVIDSLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McMPFSvc service.

Error - 9/26/2010 10:55:00 AM | Computer Name = DAVIDSLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McNASvc service.

Error - 9/26/2010 10:55:31 AM | Computer Name = DAVIDSLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McMPFSvc service.

Error - 9/26/2010 10

04 AM | Computer Name = DAVIDSLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McNASvc service.

Error - 9/26/2010 10

35 AM | Computer Name = DAVIDSLAPTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the McMPFSvc service.

< End of report >

**broni** · 21-11-2010

446.00 Mb Total Physical Memory

You could definitely use another 512MB of RAM. That would make your computer working much better.

================================================== ========================

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" =-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================== ========================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

**malopr** · 21-11-2010

McAfee will not let me download Security Check *potentially dangerous download detected

**broni** · 22-11-2010

Disable McAfee and try again.

**malopr** · 22-11-2010

here is the security check log no log from eset. lapyop is runnig a little better

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee Total Protection
McAfee Online Backup
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee Online Backup MOBKbackup.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

**broni** · 22-11-2010

As I said before, adding more RAM will help.

Other than that....

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): Safe Browsing Tool | WOT Web of Trust. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): PSI - Consumer - Products. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: How did I get infected?

12. Please, let me know, how your computer is doing.

Toshia laptop runnibg slow

Toshia laptop runnibg slow

Similar Threads

laptop running slow

Slow Laptop

Slow Laptop

Slow Laptop

Laptop slow beyond tolerance