Software > Computer viruses and spyware

Trojan HijackThis log

<< < (6/8) > >>

bato1994:
ESETscan log:

C:\Downloads\CheatEngine54.exe   probably a variant of Win32/Genetik trojan   deleted - quarantined
C:\Program Files\Cheat Engine\dbk32.sys   probably a variant of Win32/Genetik trojan   cleaned by deleting - quarantined
C:\Program Files\Image-Line\Toxic Biohazard\Toxic Biohazard.dll   probably a variant of Win32/Delf trojan   cleaned by deleting - quarantined
C:\Users\valued customer\Documents\Downloads\AirportTycoon3Setup-dm.exe   Win32/Adware.Trymedia application   cleaned by deleting - quarantined
C:\Users\valued customer\Downloads\FL Studio 8.0.0 XXL Producer RC3 (NEW)\FL Studio 8.0.0 XXL Producer RC3 (NEW).rar   probably a variant of Win32/Delf trojan   deleted - quarantined

evilfantasy:
If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

bato1994:
ComboFix 09-10-30.01 - BACKUP 31/10/2009 10:35.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.61.1033.18.3069.1818 [GMT 11:00]
Running from: c:\users\BACKUP\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
C:\restore
c:\users\valued customer\AppData\Roaming\BITS
c:\users\valued customer\AppData\Roaming\BITS\BITS.ini
c:\users\valued customer\AppData\Roaming\BITS\UPnP.ini
c:\users\valued customer\AppData\Roaming\inst.exe
c:\windows\struct~.ini
c:\windows\system32\gasfkylog.dat
c:\windows\system32\zip32.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2009-09-28 to 2009-10-31  )))))))))))))))))))))))))))))))
.

2009-10-31 00:07 . 2009-10-31 00:17   --------   d-----w-   c:\users\BACKUP\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\valued customer\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Maja\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-30 23:35 . 2008-04-16 00:53   312344   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2009-10-30 23:35 . 2008-03-12 06:38   28728   ----a-w-   c:\windows\system32\drivers\msahci.sys
2009-10-30 23:35 . 2008-03-12 06:38   21560   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-10-30 10:05 . 2009-10-30 10:05   --------   d-----w-   c:\programdata\Sports Interactive
2009-10-30 10:04 . 2009-10-30 10:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Sports Interactive
2009-10-30 10:00 . 2009-09-04 06:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2009-10-30 09:55 . 2009-10-30 09:57   --------   d--h--w-   c:\program files\Zero G Registry
2009-10-30 09:55 . 2009-10-30 09:55   --------   d-----w-   c:\program files\Sports Interactive
2009-10-30 09:55 . 2009-10-30 09:55   --------   d--h--w-   c:\users\BACKUP\InstallAnywhere
2009-10-30 09:30 . 2009-10-30 09:31   --------   d-----w-   c:\users\BACKUP\AppData\Local\Google
2009-10-30 09:01 . 2009-10-30 09:01   --------   d-----w-   c:\users\BACKUP\AppData\Local\Mozilla
2009-10-30 08:24 . 2009-10-30 08:24   --------   d-----w-   c:\users\BACKUP\AppData\Local\Opera
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Malwarebytes
2009-10-30 08:21 . 2009-10-30 08:21   67528   ----a-w-   c:\users\BACKUP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Local\Toshiba
2009-10-30 08:21 . 2009-10-31 00:17   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Orbit
2009-10-30 05:04 . 2009-10-30 05:04   --------   d-----w-   c:\program files\ESET
2009-10-29 04:58 . 2009-10-30 09:14   --------   d-----w-   c:\windows\system32\config\systemprofile\Tracing
2009-10-28 20:38 . 2009-10-28 20:38   --------   d-----w-   C:\Microsoft
2009-10-27 10:41 . 2009-04-06 00:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2009-10-27 10:40 . 2009-02-10 05:12   307224   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2009-10-27 10:37 . 2009-02-18 06:27   29208   ----a-w-   c:\windows\system32\drivers\afw.sys
2009-10-27 10:37 . 2009-10-27 10:37   --------   d-----w-   c:\program files\Agnitum
2009-10-27 10:36 . 2009-10-27 10:36   --------   d-----w-   c:\programdata\Agnitum
2009-10-27 10:08 . 2009-10-27 10:18   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\BitTorrent
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ATI
2009-10-26 11:21 . 2009-10-26 11:21   --------   d-----w-   C:\Sun
2009-10-26 08:21 . 2009-09-30 23:29   195440   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-26 05:35 . 2009-10-26 05:35   --------   d-----w-   c:\users\Default\AppData\Local\Apple
2009-10-25 11:28 . 2009-09-15 09:54   52368   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-10-25 11:28 . 2009-09-15 09:54   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-10-25 11:28 . 2009-09-15 09:55   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-10-25 11:28 . 2009-09-15 09:55   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-10-25 11:28 . 2009-09-15 09:53   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-10-25 11:28 . 2009-09-15 09:59   1279968   ----a-w-   c:\windows\system32\aswBoot.exe
2009-10-25 11:28 . 2009-09-15 09:55   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-10-25 11:25 . 2009-10-25 11:25   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\GrabPro
2009-10-25 11:23 . 2009-10-25 11:23   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Toshiba
2009-10-25 11:23 . 2009-10-30 09:15   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Orbit
2009-10-25 10:55 . 2009-10-26 08:41   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2009-10-25 10:49 . 2009-09-04 12:24   61440   ----a-w-   c:\windows\system32\msasn1.dll
2009-10-25 10:49 . 2009-09-14 09:44   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2009-10-25 10:42 . 2009-10-25 10:42   0   ----a-w-   c:\windows\nsreg.dat
2009-10-25 10:42 . 2009-10-25 10:42   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-10-25 02:46 . 2009-10-25 02:46   --------   d-----w-   c:\windows\system32\config\systemprofile\DoctorWeb
2009-10-18 04:13 . 2009-10-18 04:13   --------   d-----w-   c:\program files\Trend Micro
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\programdata\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-15 07:53 . 2009-10-15 07:53   21052   ----a-w-   c:\windows\system32\SIntfNT.dll
2009-10-15 07:53 . 2009-10-15 07:53   15144   ----a-w-   c:\windows\system32\SIntf32.dll
2009-10-15 07:53 . 2009-10-15 07:53   12067   ----a-w-   c:\windows\system32\SIntf16.dll
2009-10-11 11:03 . 2009-10-11 11:03   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 09:21 . 2008-12-16 05:35   --------   d-----w-   c:\program files\Bonjour
2009-10-30 05:45 . 2008-12-16 07:52   --------   d-----w-   c:\program files\UltraStar Deluxe
2009-10-30 05:29 . 2009-03-08 00:01   --------   d-----w-   c:\program files\Cheat Engine
2009-10-29 04:59 . 2009-04-26 00:10   --------   d-----w-   c:\program files\Orbitdownloader
2009-10-27 05:26 . 2008-10-21 14:40   --------   d-----w-   c:\program files\Google
2009-10-26 09:22 . 2009-01-18 09:53   --------   d-----w-   c:\program files\Opera
2009-10-26 09:00 . 2008-05-06 04:31   --------   d-----w-   c:\program files\Common Files\Adobe
2009-10-26 04:42 . 2008-10-21 13:20   67528   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 11:11 . 2009-03-18 04:37   --------   d-----w-   c:\programdata\Microsoft Help
2009-10-25 11:10 . 2009-03-18 04:42   --------   d-----w-   c:\program files\Microsoft Works
2009-10-24 03:00 . 2006-11-02 13:02   1356   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-10-21 06:10 . 2008-05-06 04:14   --------   d-----w-   c:\program files\Java
2009-10-11 11:05 . 2009-06-16 06:49   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2009-10-11 11:03 . 2008-12-16 02:07   --------   d-----w-   c:\program files\Yahoo!
2009-10-11 11:02 . 2009-07-10 12:36   --------   d-----w-   c:\program files\Freebies Hack Engine
2009-09-21 04:17 . 2008-10-21 13:13   209788507   ----a-w-   c:\windows\DUMP737a.tmp
2009-09-21 03:54 . 2009-09-21 03:54   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-09-14 07:57 . 2009-09-14 07:57   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\vlc
2009-09-14 03:36 . 2009-09-14 03:36   615992   ----a-w-   c:\windows\system32\ci.dll
2009-09-13 00:24 . 2008-12-01 01:47   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Orbit
2009-09-12 12:56 . 2008-12-06 00:37   --------   d-----w-   c:\users\valued customer\AppData\Roaming\uTorrent
2009-09-12 06:39 . 2009-08-24 07:57   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Vso
2009-09-11 12:31 . 2009-06-23 11:08   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-10 17:30 . 2009-10-25 10:50   213504   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 06:44 . 2009-10-30 09:59   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2009-09-04 06:44 . 2009-10-30 09:59   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2009-09-04 06:29 . 2009-10-30 09:59   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   235344   ----a-w-   c:\windows\system32\d3dx11_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   5501792   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2009-08-27 13:32 . 2009-10-25 10:50   833024   ----a-w-   c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-25 10:50   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-25 10:50   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-08-24 08:08 . 2009-08-24 07:57   47360   ----a-w-   c:\users\valued customer\AppData\Roaming\pcouffin.sys
2009-08-24 07:57 . 2009-08-24 07:57   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2009-08-17 12:33 . 2009-08-17 12:33   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-10 10:50   897608   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 10:50   104960   ----a-w-   c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 10:50   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 10:50   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 10:50   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 10:50   19968   ----a-w-   c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 10:50   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 10:50   10240   ----a-w-   c:\windows\system32\finger.exe
2009-08-05 14:22 . 2009-10-25 10:50   3597896   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:22 . 2009-10-25 10:50   3546184   ----a-w-   c:\windows\system32\ntoskrnl.exe
2007-05-06 06:32 . 2009-05-10 04:59   389120   ----a-w-   c:\program files\DaShRelease.exe
2003-08-04 13:36 . 2009-05-10 03:01   171008   ----a-w-   c:\program files\ePSXe.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]
2009-06-22 22:53   2211352   ----a-w-   c:\program files\Enhanced_search\tbEnha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}"= "c:\program files\Enhanced_search\tbEnha.dll" [2009-06-22 2211352]

[HKEY_CLASSES_ROOT\clsid\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 04:41   118784   ----a-w-   c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-27 428032]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-26 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TOSHIBA Face Recognition Watcher.lnk
backup=c:\windows\pss\TOSHIBA Face Recognition Watcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^valued customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gueinywcf.lnk]
path=c:\users\valued customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gueinywcf.lnk
backup=c:\windows\pss\gueinywcf.lnk.Startup
backupExtension=.Startup

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [22/10/2008 1:35 AM 42608]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [27/10/2009 9:37 PM 29208]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/10/2009 10:28 PM 114768]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [27/10/2009 9:41 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [27/10/2009 9:37 PM 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/10/2009 10:28 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/10/2009 10:28 PM 53328]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [22/10/2008 1:35 AM 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 6:19 PM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [4/12/2007 11:03 AM 126976]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [27/10/2009 9:40 PM 307224]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [6/05/2008 4:29 PM 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 9:29 AM 3658752]
S2 gupdate1c95e418ad821a6;Google Update Service (gupdate1c95e418ad821a6);c:\program files\Google\Update\GoogleUpdate.exe [15/12/2008 10:13 AM 133104]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [6/04/2009 2:19 PM 23064]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C608BE1D-4122-966D-51A3-9C926A1FBB57}]
c:\windows\winlogen.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004Core.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004UA.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {2B67C494-3621-41ED-8FE8-9A49DF5A6D17} = 203.12.160.35 203.12.160.36
FF - ProfilePath - c:\users\BACKUP\AppData\Roaming\Mozilla\Firefox\Profiles\qdyvq2ed.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\BACKUP\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 11:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


c:\windows\TEMP\TMP000000488DC9FB925FF027D2 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2540)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2009-10-31 11:24 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-31 00:24

Pre-Run: 67,105,726,464 bytes free
Post-Run: 66,662,764,544 bytes free

- - End Of File - - 9AF556F107381F34A86C329E134C57A1

evilfantasy:
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C


--- Code: ---KillAll::

File::
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll

DirLook::
c:\program files\Zero G Registry
c:\users\BACKUP\InstallAnywhere


--- End code ---

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

bato1994:
ComboFix 09-10-30.01 - BACKUP 31/10/2009 14:26.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.61.1033.18.3069.1597 [GMT 11:00]
Running from: c:\users\BACKUP\Desktop\ComboFix.exe
Command switches used :: c:\users\BACKUP\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\SIntf16.dll"
"c:\windows\system32\SIntf32.dll"
"c:\windows\system32\SIntfNT.dll"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SIntf16.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntfNT.dll

.
(((((((((((((((((((((((((   Files Created from 2009-09-28 to 2009-10-31  )))))))))))))))))))))))))))))))
.

2009-10-31 03:50 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\valued customer\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Public\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Maja\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-10-31 03:26 . 2008-03-12 06:38   28728   ----a-w-   c:\windows\system32\drivers\msahci.sys
2009-10-31 03:26 . 2008-04-16 00:53   312344   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2009-10-31 03:26 . 2008-03-12 06:38   21560   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-10-31 03:06 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\Tracing
2009-10-31 02:30 . 2009-10-31 02:31   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Vso
2009-10-30 10:05 . 2009-10-30 10:05   --------   d-----w-   c:\programdata\Sports Interactive
2009-10-30 10:04 . 2009-10-30 10:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Sports Interactive
2009-10-30 10:00 . 2009-09-04 06:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2009-10-30 09:55 . 2009-10-30 09:57   --------   d--h--w-   c:\program files\Zero G Registry
2009-10-30 09:55 . 2009-10-30 09:55   --------   d-----w-   c:\program files\Sports Interactive
2009-10-30 09:55 . 2009-10-30 09:55   --------   d--h--w-   c:\users\BACKUP\InstallAnywhere
2009-10-30 09:30 . 2009-10-30 09:31   --------   d-----w-   c:\users\BACKUP\AppData\Local\Google
2009-10-30 09:01 . 2009-10-30 09:01   --------   d-----w-   c:\users\BACKUP\AppData\Local\Mozilla
2009-10-30 08:24 . 2009-10-30 08:24   --------   d-----w-   c:\users\BACKUP\AppData\Local\Opera
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Malwarebytes
2009-10-30 08:21 . 2009-10-30 08:21   67528   ----a-w-   c:\users\BACKUP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Local\Toshiba
2009-10-30 08:21 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Orbit
2009-10-30 05:04 . 2009-10-30 05:04   --------   d-----w-   c:\program files\ESET
2009-10-29 04:58 . 2009-10-30 09:14   --------   d-----w-   c:\windows\system32\config\systemprofile\Tracing
2009-10-28 20:38 . 2009-10-28 20:38   --------   d-----w-   C:\Microsoft
2009-10-27 10:41 . 2009-04-06 00:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2009-10-27 10:40 . 2009-02-10 05:12   307224   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2009-10-27 10:37 . 2009-02-18 06:27   29208   ----a-w-   c:\windows\system32\drivers\afw.sys
2009-10-27 10:37 . 2009-10-27 10:37   --------   d-----w-   c:\program files\Agnitum
2009-10-27 10:36 . 2009-10-27 10:36   --------   d-----w-   c:\programdata\Agnitum
2009-10-27 10:08 . 2009-10-27 10:18   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\BitTorrent
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ATI
2009-10-26 11:21 . 2009-10-26 11:21   --------   d-----w-   C:\Sun
2009-10-26 08:21 . 2009-09-30 23:29   195440   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-26 05:35 . 2009-10-26 05:35   --------   d-----w-   c:\users\Default\AppData\Local\Apple
2009-10-25 11:28 . 2009-09-15 09:54   52368   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-10-25 11:28 . 2009-09-15 09:54   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-10-25 11:28 . 2009-09-15 09:55   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-10-25 11:28 . 2009-09-15 09:55   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-10-25 11:28 . 2009-09-15 09:53   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-10-25 11:28 . 2009-09-15 09:59   1279968   ----a-w-   c:\windows\system32\aswBoot.exe
2009-10-25 11:28 . 2009-09-15 09:55   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-10-25 11:25 . 2009-10-25 11:25   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\GrabPro
2009-10-25 11:23 . 2009-10-25 11:23   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Toshiba
2009-10-25 11:23 . 2009-10-30 09:15   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Orbit
2009-10-25 10:55 . 2009-10-26 08:41   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2009-10-25 10:49 . 2009-09-04 12:24   61440   ----a-w-   c:\windows\system32\msasn1.dll
2009-10-25 10:49 . 2009-09-14 09:44   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2009-10-25 10:42 . 2009-10-25 10:42   0   ----a-w-   c:\windows\nsreg.dat
2009-10-25 10:42 . 2009-10-25 10:42   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-10-25 02:46 . 2009-10-25 02:46   --------   d-----w-   c:\windows\system32\config\systemprofile\DoctorWeb
2009-10-18 04:13 . 2009-10-18 04:13   --------   d-----w-   c:\program files\Trend Micro
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\programdata\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-11 11:03 . 2009-10-11 11:03   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 09:21 . 2008-12-16 05:35   --------   d-----w-   c:\program files\Bonjour
2009-10-30 05:45 . 2008-12-16 07:52   --------   d-----w-   c:\program files\UltraStar Deluxe
2009-10-30 05:29 . 2009-03-08 00:01   --------   d-----w-   c:\program files\Cheat Engine
2009-10-29 04:59 . 2009-04-26 00:10   --------   d-----w-   c:\program files\Orbitdownloader
2009-10-27 05:26 . 2008-10-21 14:40   --------   d-----w-   c:\program files\Google
2009-10-26 09:22 . 2009-01-18 09:53   --------   d-----w-   c:\program files\Opera
2009-10-26 09:00 . 2008-05-06 04:31   --------   d-----w-   c:\program files\Common Files\Adobe
2009-10-26 04:42 . 2008-10-21 13:20   67528   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 11:11 . 2009-03-18 04:37   --------   d-----w-   c:\programdata\Microsoft Help
2009-10-25 11:10 . 2009-03-18 04:42   --------   d-----w-   c:\program files\Microsoft Works
2009-10-24 03:00 . 2006-11-02 13:02   1356   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-10-21 06:10 . 2008-05-06 04:14   --------   d-----w-   c:\program files\Java
2009-10-11 11:05 . 2009-06-16 06:49   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2009-10-11 11:03 . 2008-12-16 02:07   --------   d-----w-   c:\program files\Yahoo!
2009-10-11 11:02 . 2009-07-10 12:36   --------   d-----w-   c:\program files\Freebies Hack Engine
2009-09-21 04:17 . 2008-10-21 13:13   209788507   ----a-w-   c:\windows\DUMP737a.tmp
2009-09-21 03:54 . 2009-09-21 03:54   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-09-14 07:57 . 2009-09-14 07:57   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\vlc
2009-09-14 03:36 . 2009-09-14 03:36   615992   ----a-w-   c:\windows\system32\ci.dll
2009-09-13 00:24 . 2008-12-01 01:47   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Orbit
2009-09-12 12:56 . 2008-12-06 00:37   --------   d-----w-   c:\users\valued customer\AppData\Roaming\uTorrent
2009-09-12 06:39 . 2009-08-24 07:57   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Vso
2009-09-11 12:31 . 2009-06-23 11:08   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-10 17:30 . 2009-10-25 10:50   213504   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 06:44 . 2009-10-30 09:59   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2009-09-04 06:44 . 2009-10-30 09:59   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2009-09-04 06:29 . 2009-10-30 09:59   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   235344   ----a-w-   c:\windows\system32\d3dx11_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   5501792   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2009-08-27 13:32 . 2009-10-25 10:50   833024   ----a-w-   c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-25 10:50   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-25 10:50   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-08-24 08:08 . 2009-08-24 07:57   47360   ----a-w-   c:\users\valued customer\AppData\Roaming\pcouffin.sys
2009-08-24 07:57 . 2009-08-24 07:57   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2009-08-17 12:33 . 2009-08-17 12:33   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-10 10:50   897608   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 10:50   104960   ----a-w-   c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 10:50   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 10:50   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 10:50   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 10:50   19968   ----a-w-   c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 10:50   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 10:50   10240   ----a-w-   c:\windows\system32\finger.exe
2009-08-05 14:22 . 2009-10-25 10:50   3597896   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:22 . 2009-10-25 10:50   3546184   ----a-w-   c:\windows\system32\ntoskrnl.exe
2007-05-06 06:32 . 2009-05-10 04:59   389120   ----a-w-   c:\program files\DaShRelease.exe
2003-08-04 13:36 . 2009-05-10 03:01   171008   ----a-w-   c:\program files\ePSXe.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Zero G Registry ----

2009-10-30 09:57 . 2009-10-30 09:57   2730   ----a-w-   c:\program files\Zero G Registry\.com.zerog.registry.xml

---- Directory of c:\users\BACKUP\InstallAnywhere ----



(((((((((((((((((((((((((((((   SnapShot@2009-10-31_00.17.20   )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-30 23:20 . 2009-10-31 00:16   16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-30 23:20 . 2009-10-31 04:03   16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-30 23:20 . 2009-10-31 00:16   32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-31 04:03 . 2009-10-31 04:03   32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-30 23:20 . 2009-10-31 04:03   16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-30 23:20 . 2009-10-31 00:16   16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-31 03:55 . 2009-10-31 03:55   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-30 23:19 . 2009-10-31 00:13   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-31 03:55 . 2009-10-31 03:55   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-30 23:19 . 2009-10-31 00:13   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-31 04:02   600378              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-30 23:27   600378              c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-30 23:27   105852              c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-31 04:02   105852              c:\windows\System32\perfc009.dat
- 2008-11-22 03:52 . 2009-10-30 12:13   1576152              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-11-22 03:52 . 2009-10-31 03:54   1576152              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]
2009-06-22 22:53   2211352   ----a-w-   c:\program files\Enhanced_search\tbEnha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}"= "c:\program files\Enhanced_search\tbEnha.dll" [2009-06-22 2211352]

[HKEY_CLASSES_ROOT\clsid\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 04:41   118784   ----a-w-   c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-27 428032]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-26 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TOSHIBA Face Recognition Watcher.lnk
backup=c:\windows\pss\TOSHIBA Face Recognition Watcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^valued customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gueinywcf.lnk]
path=c:\users\valued customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gueinywcf.lnk
backup=c:\windows\pss\gueinywcf.lnk.Startup
backupExtension=.Startup

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [22/10/2008 1:35 AM 42608]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [27/10/2009 9:37 PM 29208]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/10/2009 10:28 PM 114768]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [27/10/2009 9:41 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [27/10/2009 9:37 PM 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/10/2009 10:28 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/10/2009 10:28 PM 53328]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [22/10/2008 1:35 AM 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 6:19 PM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [4/12/2007 11:03 AM 126976]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [27/10/2009 9:40 PM 307224]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [6/05/2008 4:29 PM 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 9:29 AM 3658752]
S2 gupdate1c95e418ad821a6;Google Update Service (gupdate1c95e418ad821a6);c:\program files\Google\Update\GoogleUpdate.exe [15/12/2008 10:13 AM 133104]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [6/04/2009 2:19 PM 23064]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
WindowsMobile   REG_MULTI_SZ      wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ      WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C608BE1D-4122-966D-51A3-9C926A1FBB57}]
c:\windows\winlogen.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004Core.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004UA.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {2B67C494-3621-41ED-8FE8-9A49DF5A6D17} = 203.12.160.35 203.12.160.36
FF - ProfilePath - c:\users\BACKUP\AppData\Roaming\Mozilla\Firefox\Profiles\qdyvq2ed.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\BACKUP\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 15:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(712)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-10-31 15:11 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-31 04:10
ComboFix2.txt  2009-10-31 00:24

Pre-Run: 63,394,865,152 bytes free
Post-Run: 63,393,566,720 bytes free

- - End Of File - - 69AC117622EC5265288E0F4E46A8C670

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version