Author Topic: Trojan HijackThis log (Read 21576 times)

bato1994 · « **on:** October 17, 2009, 10:39:17 PM »

I have a very severe trojan affecting my laptop.

Trojan:Win32/Alureon.gen!U

Its causing my computer to freeze after the welcome screen.
I ran my computer in safe mode but no luck. I have tried removing it with avast and some other programs but also no luck.

can somebody please help?

Im in urgent need of some help!

I ran this in safemode:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:32 PM, on 18/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Enhanced search Toolbar - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Enhanced search Toolbar - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [winlogen.exe] C:\Windows\winlogen.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c95e418ad821a6) (gupdate1c95e418ad821a6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 8868 bytes

ankur16 · « **Reply #1 on:** October 18, 2009, 12:33:05 PM »

1) Have "HijackThis" fix the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and close"HijackThis".Please close any open programs before doing this fix.

Quote

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [winlogen.exe] C:\Windows\winlogen.exe

2) Malwarebyte Antimalware is already installed in your system.Perform a full scan with it as follows.Make sure it is updated before performing a scan.

* Open Malwarebyte Antimalware.Under the "Scanner" tab, select "Perform Full Scan" and click "Scan".In the dialog box select all your drives except CD/DVD drives.

* Now click "Start Scan".

* The scan may take some time to finish,so please be patient.

* When the scan is complete, click OK, then Show Results to view the results.

* Make sure that everything is checked, and click Remove Selected.

* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

* Copy&Paste the entire report in your next reply.

PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

3) Next download RootRepeal.rar and unzip it to your Desktop. You'll need WinRAR to extract it

* Double click RootRepeal.exe to start the program
* Click on the Report tab at the bottom of the program window
* Click the Scan button
* In the Select Scan dialog, check:
o Drivers
o Files
o Processes
o SSDT
o Stealth Objects
o Hidden Services
* Click the OK button
* In the next dialog, select all drives showing
* Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running
* When the scan is complete, the Save Report button will become available
* Click this and save the report to your Desktop as RootRepeal.txt
* Go to File, then Exit to close the program
*Attach this log in your next post.

4) Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, allow it.

* Double click DDS.scr to run it and wait for the scan to finish
* When finished DDS.txt will open
* A small while later, a prompt will open. Answer Yes
* DDS will continue scanning
* When done, Attach.txt will open

Copy and paste the DDS.txt and attach Attach.txt

harry 48 · « **Reply #2 on:** October 18, 2009, 01:19:19 PM »

edit ; ankur16, did not see your post , harry

bato1994 · « **Reply #3 on:** October 19, 2009, 01:14:46 AM »

MalwareBytes LOG:

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1 (Safe Mode)

19/10/2009 6:45:22 PM
mbam-log-2009-10-19 (18-45-22).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 249765
Time elapsed: 43 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013 (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Files Infected:
C:\Downloads\KazulahSetup2.3.50.45.ZQman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Downloads\VLCSetup.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\valued customer\AppData\Local\VirtualStore\Windows\System32\28463\FMPB.006 (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.
C:\Users\valued customer\AppData\Local\VirtualStore\Windows\System32\28463\FMPB.007 (PUP.ArdamaxKeyLogger) -> Quarantined and deleted successfully.
C:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Backdoor.IRCBot) -> Quarantined and deleted successfully.

DDS TEXT:

DDS (Ver_09-10-13.01) - NTFSx86 NETWORK
Run by SYSTEM at 19:05:29.22 on Mon 19/10/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3069.2550 [GMT 11:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\config\systemprofile\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mURLSearchHooks: Enhanced search Toolbar: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - c:\program files\enhanced_search\tbEnha.dll
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Enhanced search Toolbar: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - c:\program files\enhanced_search\tbEnha.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Enhanced search Toolbar: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - c:\program files\enhanced_search\tbEnha.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [UsbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\orbit.lnk - c:\program files\orbitdownloader\orbitdm.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\drivers\AlfaFF.sys [2008-10-22 42608]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-6 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-4-19 114768]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-4-19 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-4-19 53328]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-10-22 49152]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
S2 gupdate1c95e418ad821a6;Google Update Service (gupdate1c95e418ad821a6);c:\program files\google\update\GoogleUpdate.exe [2008-12-15 133104]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-4 126976]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]

=============== Created Last 30 ================

2009-10-18 15:13   <DIR>   --d-----   c:\program files\Trend Micro
2009-10-17 17:33   <DIR>   --d-----   c:\windows\system32\config\system~1\appdata\roaming\Malwarebytes
2009-10-17 17:33   38,224   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 17:33   19,160   a-------   c:\windows\system32\drivers\mbam.sys
2009-10-17 17:33   <DIR>   --d-----   c:\programdata\Malwarebytes
2009-10-17 17:33   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-10-17 17:33   <DIR>   --d-----   c:\progra~2\Malwarebytes
2009-10-15 18:53   21,052   a-------   c:\windows\system32\SIntfNT.dll
2009-10-15 18:53   15,144   a-------   c:\windows\system32\SIntf32.dll
2009-10-15 18:53   12,067   a-------   c:\windows\system32\SIntf16.dll

==================== Find3M ====================

2009-09-21 15:17   209,788,507   a-------   c:\windows\DUMP737a.tmp
2009-09-14 14:36   615,992   a-------   c:\windows\system32\ci.dll
2009-09-12 10:29   318,976   a-------   c:\windows\winlogen.exe
2009-08-24 19:08   143,360   a-------   c:\windows\inf\infstrng.dat
2009-08-24 19:08   51,200   a-------   c:\windows\inf\infpub.dat
2009-08-24 18:58   86,016   a-------   c:\windows\inf\infstor.dat
2009-08-24 18:57   47,360   a-------   c:\windows\system32\drivers\pcouffin.sys
2009-08-15 03:29   104,960   a-------   c:\windows\system32\netiohlp.dll
2009-08-15 03:29   17,920   a-------   c:\windows\system32\netevent.dll
2009-08-15 01:16   17,920   a-------   c:\windows\system32\ROUTE.EXE
2009-08-15 01:16   9,728   a-------   c:\windows\system32\TCPSVCS.EXE
2009-08-15 01:16   11,264   a-------   c:\windows\system32\MRINFO.EXE
2009-08-15 01:16   27,136   a-------   c:\windows\system32\NETSTAT.EXE
2009-08-15 01:16   19,968   a-------   c:\windows\system32\ARP.EXE
2009-08-15 01:16   10,240   a-------   c:\windows\system32\finger.exe
2009-08-15 01:16   8,704   a-------   c:\windows\system32\HOSTNAME.EXE
2009-07-25 06:23   411,368   a-------   c:\windows\system32\deploytk.dll
2008-11-22 21:03   665,600   a-------   c:\windows\inf\drvindex.dat
2008-01-21 13:43   174   a--sh---   c:\program files\desktop.ini
2007-05-06 17:32   389,120   a-------   c:\program files\DaShRelease.exe
2006-11-02 23:42   287,440   a-------   c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 23:42   287,440   a-------   c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 23:42   30,674   a-------   c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 23:42   30,674   a-------   c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 20:20   287,440   a-------   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 20:20   287,440   a-------   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 20:20   30,674   a-------   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 20:20   30,674   a-------   c:\windows\inf\perflib\0000\perfc.dat
2003-08-05 00:36   171,008   a-------   c:\program files\ePSXe.exe
2008-12-18 18:43   16,384   a--sh---   c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-12-18 18:43   32,768   a--sh---   c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-12-18 18:43   16,384   a--sh---   c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 19:06:15.19 ===============

[Saving space, attachment deleted by admin]

ankur16 · « **Reply #4 on:** October 19, 2009, 09:23:38 AM »

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let me know what you have decided to do in your next post.

bato1994 · « **Reply #5 on:** October 19, 2009, 11:53:15 PM »

Ok. continue with the process.

ankur16 · « **Reply #6 on:** October 20, 2009, 10:04:43 AM »

Bato, sorry for the delay, as per your decision we will move ahead from here.

1) Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2) Please download combofix from one of these webpages .

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe directly to your Desktop

a) Click Start>>Run. (Alternatively Press windows logo and r simultaneously )

b) Type "notepad" without quotes.Click ok.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are performing below portion of the instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

a). Close any open browsers.
b. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

KillAll::

DDS::

File::
c:\windows\winlogen.exe

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.Now drag CFScript.txt into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply.

bato1994 · « **Reply #7 on:** October 20, 2009, 11:44:36 PM »

I cannot drag CFScript to ComboFix. Its not working.
When I drag it, it brings up a blue box thats named : Administrator. Then it starts scanning my computer and stops and says : PEV.cfxxe has stopped working.

ankur16 · « **Reply #8 on:** October 23, 2009, 08:03:49 AM »

Delete all of these files/folders (if found)

*Delete the ComboFix.exe file

*C:\ComboFix folder,

*C:\QooBox folder,

*C:\WINDOWS\nircmd.exe,

* C:\combofix.txt

*C:\ComboFix-quarantined-files.txt

Restart the computer and download a new copy of ComboFix to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now try to drag and drop the CFScript again.

bato1994 · « **Reply #9 on:** October 23, 2009, 08:14:56 PM »

still not working.
BTW. I downloaded ComboFix from my other laptop and put it on a USB. Then put ComboFix on the infected laptop's desktop.
I am running in safe mode with networking, but i have a modem so I cannot use the internet with the infected laptop.

ankur16 · « **Reply #10 on:** October 24, 2009, 11:41:23 AM »

Download Dr.Web CureIt and save it to your desktop.

Note: Be sure to update Dr Web from your good computer before transferring it over to the infected one.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe and then click Start
* An information notice will appear, click OK.
* This starts a short scan that will scan the files currently running in memory.
* If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
* If or when something is found, click the Yes button when it asks you if you want to cure it.

* Once the short scan has finished, Click Settings > Change Settings
* Under the Scanning tab UNcheck Heuristic analysis and click OK
* Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
* Click Yes to all if it asks if you want to cure/move any file(s).
* When the scan is done.
* In the Dr.Web CureIt menu on top left, click File and choose Save report list.
* Save the DrWeb.csv report to your Desktop.
* Exit Dr.Web Cureit.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply

bato1994 · « **Reply #11 on:** October 25, 2009, 04:39:48 AM »

I have good news and bad news.
Bad news: The scan froze when it finished and I was forced to restart the computer.

Then the computer booted running chkdsk. Once that finished, I finally got passed the welcome screen then this sign popped up : "Administrator: Winlogen" in a CMD.

Good news: I clicked the cross to get out of it and windows finished loading properly.

Could be better: Now I am left with half the stuff I had previously (before the infection)

I still have a feeling something is still there - maybe a backdoor?

Mixed feelings. Not sure. Post back to tell me if its safe to start downloading and surfing the web.

bato1994 · « **Reply #12 on:** October 26, 2009, 12:05:32 AM »

I can post HijackThis Logs and others. Only If you want me to.

ankur16 · « **Reply #13 on:** October 26, 2009, 07:38:07 AM »

Try combofix one more time.

Delete all of these files/folders (if found)

*Delete the ComboFix.exe file

*C:\ComboFix folder,

*C:\QooBox folder,

*C:\WINDOWS\nircmd.exe,

* C:\combofix.txt

*C:\ComboFix-quarantined-files.txt

Restart the computer and download a new copy of ComboFix to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Now try to drag and drop the CFScript again. as follows.

* IMPORTANT !!! Save ComboFix.exe directly to your Desktop

a) Click Start>>Run. (Alternatively Press windows logo and r simultaneously )

b) Type "notepad" without quotes.Click ok.

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are performing below portion of the instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.

a). Close any open browsers.
b. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:

Quote

KillAll::

DDS::

File::
c:\windows\winlogen.exe

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.Now drag CFScript.txt into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply.

bato1994 · « **Reply #14 on:** October 27, 2009, 11:03:18 PM »

When I drag the script into combofix, it doesnt bring up a log. $:-\$

evilfantasy · « **Reply #15 on:** October 27, 2009, 11:55:11 PM »

What does it do?

bato1994 · « **Reply #16 on:** October 28, 2009, 12:35:08 AM »

It just brings up a ComboFix scan.

evilfantasy · « **Reply #17 on:** October 28, 2009, 09:47:34 AM »

Ok. Are you letting it run or stopping it?

bato1994 · « **Reply #18 on:** October 28, 2009, 10:50:34 PM »

I let it run until it eventually stops and restarts when done. After reboot nothing else happens. No logs show up.

evilfantasy · « **Reply #19 on:** October 28, 2009, 11:13:50 PM »

Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

* Download OTL by OldTimer to your desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output
* Check the boxes beside LOP Check and Purity Check.
* Copy all of the text in the below Code box and then paste it under Custom Scan:

Code: [Select]

msconfig
drivers32
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.

* Click the Run Scan button.

* When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.
* Copy the contents of both log files, one at a time, and post them with your next reply. (It may take two posts to get them both in.)

bato1994 · « **Reply #20 on:** October 29, 2009, 01:24:56 AM »

MBAM didnt find any infections.

OTL logfile created on: 29/10/2009 6:13:54 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.03% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.61 Gb Total Space | 66.59 Gb Free Space | 37.71% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 177.48 Gb Free Space | 95.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIELFAGHIURA
Current User Name: valued customer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (acssrv [Auto | Running]) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Authentec memory manager [Auto | Running]) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [Auto | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-010708-104812 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate1c95e418ad821a6 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service [Auto | Running]) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (VideoAcceleratorService [Auto | Running]) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (afw [System | Running]) -- C:\Windows\System32\DRIVERS\afw.sys (Agnitum Ltd.)
DRV - (afwcore [On_Demand | Running]) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (AlfaFF [Boot | Running]) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (ATSWPDRV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (Pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTHDMIAzAudService [On_Demand | Running]) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (SandBox [System | Running]) -- C:\Windows\System32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (SCREAMINGBDRIVER [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (se45bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45bus.sys (MCCI)
DRV - (se45mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45mdfl.sys (MCCI)
DRV - (se45mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45mdm.sys (MCCI)
DRV - (se45nd5 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45nd5.sys (MCCI)
DRV - (se45unic [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45unic.sys (MCCI)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (StillCam [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (tosporte [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfbd [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp [On_Demand | Running]) -- C:\Windows\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\Windows\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfec [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (UVCFTR [On_Demand | Running]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (WINUSB [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WinUSB.SYS (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
MOD - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 11:07:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 17:30:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 17:30:32 | 00,000,000 | ---D | M]

[2009/10/25 21:42:17 | 00,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\mozilla\Extensions
[2009/10/25 21:42:17 | 00,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/29 16:35:53 | 00,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\mozilla\Firefox\Profiles\n7fmhzyl.default\extensions
[2009/10/25 21:44:41 | 00,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\mozilla\Firefox\Profiles\n7fmhzyl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/29 16:35:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/28 17:30:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/13 23:09:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/05 22:02:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/25 09:20:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/29 10:08:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/28 17:30:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/28 17:30:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/02 08:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/11/11 18:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/07/25 06:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 05:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/10/28 17:30:28 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/10/03 16:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/04/24 21:29:18 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/15 22:17:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/15 22:17:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/24 21:29:28 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/04/24 21:29:12 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/02 08:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/04/26 20:02:56 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/26 20:02:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/31 16:40:01 | 00,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/04/26 20:02:56 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/26 20:02:56 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/26 20:02:56 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/26 20:02:56 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/26 20:02:57 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/26 20:02:57 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

bato1994 · « **Reply #21 on:** October 29, 2009, 01:30:43 AM »

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (Enhanced search Toolbar) - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Enhanced search Toolbar) - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Enhanced search Toolbar) - {ABB88E4E-75F4-4FDC-8F42-D101484C4B3F} - C:\Program Files\Enhanced_search\tbEnha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe File not found
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe - (Orbitdownloader.com)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk - C:\PROGRA~1\Toshiba\SMARTF~1\SMARTF~1.EXE - File not found
MsConfig - StartUpFolder: C:^Users^valued customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gueinywcf.lnk - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: FingerPrintNotifer - hkey= - key= - C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Internet Security Services - hkey= - key= - c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: OxigenClientAdmin - hkey= - key= - C:\Program Files\Oxigen\bin\Oxigen.exe ()
MsConfig - StartUpReg: OxigenTrayIcon - hkey= - key= - C:\Program Files\Oxigen\bin\OxiTray.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoboForm - hkey= - key= - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe File not found
MsConfig - StartUpReg: SpeedBitVideoAccelerator - hkey= - key= - C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TrackerChecker2 - hkey= - key= - C:\Program Files\Tracker Checker 2\Tracker Checker 2.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\*.tmp files]
[2009/10/27 21:36:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2009/10/17 17:33:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/27 15:50:19 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\ATI
[2009/10/27 21:08:35 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\BitTorrent
[2009/10/25 22:25:25 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\GrabPro
[2009/10/25 21:33:05 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Macromedia
[2009/10/17 17:33:48 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
[2009/10/25 21:42:14 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla
[2009/10/25 22:23:04 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Orbit
[2009/10/19 19:08:02 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\WinRAR
[2009/10/11 22:03:26 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!
[2009/10/25 21:55:02 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Adobe
[2009/10/27 15:50:19 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\ATI
[2009/10/25 21:42:14 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla
[2009/10/25 22:23:45 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Toshiba
[2009/10/27 21:37:12 | 00,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2009/10/17 17:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 15:13:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/29 18:12:09 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2009/10/29 07:38:52 | 00,000,000 | ---D | C] -- C:\Microsoft
[2009/10/28 17:35:24 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/27 21:41:04 | 00,704,384 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys
[2009/10/27 21:40:23 | 00,307,224 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afwcore.sys
[2009/10/27 21:37:46 | 00,029,208 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afw.sys
[2009/10/27 16:09:54 | 00,312,344 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/27 16:09:54 | 00,028,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys
[2009/10/26 22:21:10 | 00,000,000 | ---D | C] -- C:\Sun
[2009/10/26 19:21:58 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/26 15:44:37 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Documents\Bluetooth
[2009/10/25 22:28:59 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/10/25 22:28:59 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/10/25 22:28:57 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/10/25 22:28:57 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/10/25 22:28:57 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/10/25 22:28:26 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/10/25 22:28:26 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/10/25 22:28:00 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Desktop\New Folder
[2009/10/25 21:50:55 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/25 21:50:51 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/25 21:50:42 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/25 21:50:41 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/25 21:50:40 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/25 21:50:39 | 01,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/25 21:50:36 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/25 21:50:34 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/25 21:50:34 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/25 21:50:33 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/25 21:50:33 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/25 21:50:32 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/25 21:50:31 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/25 21:50:31 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/25 21:50:30 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/25 21:50:30 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/25 21:50:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/25 21:50:29 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/25 21:50:21 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/25 21:50:20 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/25 21:49:52 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/25 21:49:50 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/25 21:42:52 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Windows\system32\config\systemprofile\Documents\avast_home_setup.exe
[2009/10/21 17:17:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/21 17:17:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/21 17:17:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/21 17:17:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/21 17:17:22 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/21 17:16:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/17 17:33:44 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/17 17:33:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/10 15:59:32 | 00,389,120 | ---- | C] (Henrik Rydgård Inc.) -- C:\Program Files\DaShRelease.exe

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\*.tmp files]
[2009/10/29 18:11:44 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2009/10/29 17:46:09 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/29 17:46:09 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/29 17:26:00 | 00,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
[2009/10/29 17:24:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/29 15:53:05 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/29 15:53:05 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/29 15:53:05 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/29 15:47:54 | 00,001,649 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2009/10/29 15:46:35 | 00,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2009/10/29 15:46:35 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/29 15:46:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/29 15:46:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/29 07:50:33 | 03,122,188 | -H-- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\IconCache.db
[2009/10/27 21:08:39 | 00,000,751 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\BitTorrent.lnk
[2009/10/27 15:49:24 | 03,436,844 | R--- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
[2009/10/26 22:26:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
[2009/10/26 20:22:50 | 00,000,725 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2009/10/26 20:01:18 | 00,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/10/26 19:28:17 | 00,073,621 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Brisbane Lions LOGO.jpg
[2009/10/26 17:28:13 | 00,001,630 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Media Center.lnk
[2009/10/26 15:42:54 | 00,000,000 | ---- | M] () -- C:\rasphone.pbk
[2009/10/26 15:42:12 | 00,067,528 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/25 22:34:42 | 01,620,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/25 22:28:59 | 00,001,816 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/10/25 22:28:56 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/10/25 22:27:22 | 00,001,752 | ---- | M] () -- C:\Windows\System32\rasphone.pbk
[2009/10/25 22:23:56 | 00,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/10/25 21:52:26 | 00,000,600 | ---- | M] () -- C:\Windows\PUTTY.RND
[2009/10/25 21:49:12 | 00,001,649 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\CCleaner.lnk
[2009/10/25 21:43:03 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Windows\system32\config\systemprofile\Documents\avast_home_setup.exe
[2009/10/25 21:42:18 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/10/25 19:49:42 | 00,003,900 | ---- | M] () -- C:\Windows\System32\gasfkylog.dat
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/24 14:00:38 | 00,001,356 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2009/10/15 18:53:28 | 00,021,052 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2009/10/15 18:53:28 | 00,015,144 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2009/10/15 18:53:28 | 00,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009/10/03 05:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/27 21:37:48 | 00,000,049 | ---- | C] () -- C:\Windows\transp.gif
[2009/10/27 21:08:39 | 00,000,751 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\BitTorrent.lnk
[2009/10/27 15:59:27 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/10/27 15:49:59 | 03,436,844 | R--- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
[2009/10/26 20:22:50 | 00,000,725 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2009/10/26 20:01:18 | 00,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/10/26 19:28:15 | 00,073,621 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Brisbane Lions LOGO.jpg
[2009/10/26 17:28:13 | 00,001,630 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Media Center.lnk
[2009/10/26 15:42:54 | 00,000,000 | ---- | C] () -- C:\rasphone.pbk
[2009/10/25 22:30:54 | 03,122,188 | -H-- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\IconCache.db
[2009/10/25 22:28:59 | 00,001,816 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/10/25 22:28:26 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/10/25 22:27:22 | 00,001,752 | ---- | C] () -- C:\Windows\System32\rasphone.pbk
[2009/10/25 21:52:26 | 00,000,600 | ---- | C] () -- C:\Windows\PUTTY.RND
[2009/10/25 21:49:12 | 00,001,649 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\CCleaner.lnk
[2009/10/25 21:42:18 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/25 13:49:40 | 00,003,900 | ---- | C] () -- C:\Windows\System32\gasfkylog.dat
[2009/10/21 17:17:28 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/21 17:17:28 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/21 17:17:28 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/21 17:17:28 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/15 18:53:28 | 00,021,052 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/10/15 18:53:28 | 00,015,144 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/10/15 18:53:28 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/07/18 10:25:57 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/03 18:46:02 | 00,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/02 18:08:44 | 00,000,000 | ---- | C] () -- C:\Windows\AudioDVD.INI
[2009/06/05 17:15:53 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/05/18 19:37:54 | 00,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/05/18 19:37:54 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/05/18 19:37:54 | 00,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/05/18 19:37:54 | 00,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009/05/13 20:35:08 | 00,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/05/13 20:35:08 | 00,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/05/13 20:35:08 | 00,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/05/13 20:35:07 | 02,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/05/10 14:01:56 | 00,171,008 | ---- | C] () -- C:\Program Files\ePSXe.exe
[2009/05/05 10:59:44 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/05/02 12:40:03 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/02 12:40:01 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/02 12:40:00 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/02 12:40:00 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/29 21:59:49 | 00,000,000 | ---- | C] () -- C:\Windows\LiveBilliardsDemo.INI
[2009/04/09 10:56:57 | 00,000,568 | ---- | C] () -- C:\Windows\ss4200utility.ini
[2009/04/07 14:29:46 | 00,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009/03/29 14:48:10 | 00,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2009/03/15 18:42:22 | 00,192,512 | ---- | C] () -- C:\Windows\System32\ssresources.dll
[2009/03/15 18:42:22 | 00,020,481 | ---- | C] () -- C:\Windows\System32\SystemsHook.dll
[2009/02/04 20:50:32 | 00,024,576 | ---- | C] () -- C:\Windows\System32\nsis_loader.dll
[2008/12/31 17:04:42 | 00,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/09 22:24:28 | 00,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/12/08 20:41:54 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/01 15:32:56 | 00,000,006 | -HS- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\desktop.ini
[2008/11/22 16:12:55 | 00,001,151 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/10/23 02:58:00 | 25,089,272 | ---- | C] () -- C:\Windows\System32\TrueAccessCoInst.dll
[2008/10/22 01:32:02 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/10/22 01:32:02 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/10/22 01:32:02 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/10/22 01:32:02 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/10/22 01:32:02 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/10/22 01:32:02 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/10/22 00:20:23 | 00,067,528 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/05/06 16:08:19 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/06 16:07:54 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/06 15:32:46 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/03/29 03:41:32 | 00,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/29 15:14:04 | 00,223,744 | ---- | C] () -- C:\Windows\System32\b4fm.dll
[2007/12/24 01:02:16 | 00,126,976 | ---- | C] () -- C:\Windows\gdf.dll
[2007/12/22 10:46:32 | 00,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/07/11 02:10:12 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/03 00:02:10 | 00,001,356 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/03 00:01:48 | 00,000,006 | -HS- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\desktop.ini
[2006/11/02 23:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 23:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:23:31 | 00,000,442 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 21:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 18:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/13 22:06:10 | 00,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2005/07/23 15:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/10/29 15:46:35 | 00,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/29 17:24:00 | 00,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/26 22:26:00 | 00,000,896 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
[2009/10/29 17:26:00 | 00,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
[2009/10/29 15:46:25 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/29 15:43:53 | 00,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %PROGRAMFILES%\*. >
[2009/10/27 21:37:12 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/01/11 10:46:45 | 00,000,000 | ---D | M] -- C:\Program Files\3 Mobile
[2009/05/01 22:04:38 | 00,000,000 | ---D | M] -- C:\Program Files\Acoustica Mixcraft 4
[2009/08/30 14:51:25 | 00,000,000 | ---D | M] -- C:\Program Files\Acoustica Shared Effects
[2009/06/02 16:58:02 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/10/27 21:37:12 | 00,000,000 | ---D | M] -- C:\Program Files\Agnitum
[2009/05/13 23:32:00 | 00,000,000 | ---D | M] -- C:\Program Files\All Sound Recorder XP 210
[2009/04/19 15:37:31 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/08/30 14:48:21 | 00,000,000 | ---D | M] -- C:\Program Files\Antares Audio Technologies
[2008/12/16 16:35:06 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/06 17:58:21 | 00,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2008/10/22 01:09:04 | 00,000,000 | ---D | M] -- C:\Program Files\ATI
[2008/10/22 01:10:30 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/08/27 17:14:48 | 00,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/06/16 18:02:38 | 00,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2009/06/21 11:01:29 | 00,000,000 | ---D | M] -- C:\Program Files\Babylon
[2008/12/07 10:34:32 | 00,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/04/11 13:44:11 | 00,000,000 | ---D | M] -- C:\Program Files\BitDefender
[2008/12/01 13:37:30 | 00,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2009/06/15 22:18:07 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/12/08 20:19:01 | 00,000,000 | ---D | M] -- C:\Program Files\Camtech
[2009/01/01 17:39:37 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/07/20 21:06:00 | 00,000,000 | ---D | M] -- C:\Program Files\Chat Republic Games
[2009/07/20 22:56:49 | 00,000,000 | ---D | M] -- C:\Program Files\Cheat Engine
[2009/07/11 00:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/12/06 12:51:49 | 00,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/05/27 17:25:29 | 00,000,000 | ---D | M] -- C:\Program Files\Counter-Strike 1.6
[2008/12/19 12:19:37 | 00,000,000 | ---D | M] -- C:\Program Files\Crazy-World
[2009/07/18 10:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/07/18 10:44:37 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2009/07/18 10:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2009/05/15 14:04:37 | 00,000,000 | ---D | M] -- C:\Program Files\DAP Premium
[2009/04/21 18:23:48 | 00,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2009/06/26 18:58:31 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/12/01 13:37:27 | 00,000,000 | ---D | M] -- C:\Program Files\DNA
[2009/05/05 11:05:42 | 00,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.72
[2009/06/25 14:06:57 | 00,000,000 | ---D | M] -- C:\Program Files\Enhanced_search
[2009/01/22 13:12:30 | 00,000,000 | ---D | M] -- C:\Program Files\FlashGet Network
[2009/08/15 12:03:04 | 00,000,000 | ---D | M] -- C:\Program Files\Footy Fanatic FX
[2009/10/11 22:02:35 | 00,000,000 | ---D | M] -- C:\Program Files\Freebies Hack Engine
[2008/12/03 19:07:16 | 00,000,000 | ---D | M] -- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
[2009/10/27 16:26:47 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/01/10 21:10:44 | 00,000,000 | ---D | M] -- C:\Program Files\Google Earth Pro 4.2
[2009/03/28 12:57:17 | 00,000,000 | ---D | M] -- C:\Program Files\Google Hacks
[2009/07/19 00:23:28 | 00,000,000 | ---D | M] -- C:\Program Files\Graboid
[2009/07/04 12:00:49 | 00,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2009/07/18 10:47:43 | 00,000,000 | ---D | M] -- C:\Program Files\Hasbro Interactive
[2008/11/22 16:17:50 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/12/06 19:10:50 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2008/12/16 18:11:05 | 00,000,000 | ---D | M] -- C:\Program Files\HyCam2
[2009/04/06 17:58:23 | 00,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2009/05/05 11:00:02 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/10/22 00:16:12 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/10/28 17:57:53 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/10/22 01:32:02 | 00,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/06/15 22:18:39 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/06/15 22:19:00 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/12/23 13:39:13 | 00,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2009/10/21 17:10:57 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/08/12 19:12:50 | 00,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/06/08 13:28:22 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/04/15 15:52:13 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/12/09 17:46:37 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire Accelerator 4.10
[2009/07/21 18:25:42 | 00,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2009/01/05 23:20:14 | 00,000,000 | ---D | M] -- C:\Program Files\Makayama Interactive
[2009/10/17 17:33:47 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/20 22:00:52 | 00,000,000 | ---D | M] -- C:\Program Files\Media Manager
[2009/05/16 19:55:59 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/03/20 17:32:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/04/04 12:45:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/09/11 23:31:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/25 22:10:05 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/18 15:40:27 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/01/21 13:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/10/29 17:59:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/13 12:31:23 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/05/06 16:20:42 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/28 12:24:00 | 00,000,000 | ---D | M] -- C:\Program Files\NaturalSoft
[2009/03/29 17:01:09 | 00,000,000 | ---D | M] -- C:\Program Files\Nero 9
[2009/10/26 20:22:51 | 00,000,000 | ---D | M] -- C:\Program Files\Opera
[2009/10/29 15:59:53 | 00,000,000 | ---D | M] -- C:\Program Files\Orbitdownloader
[2008/12/22 19:17:56 | 00,000,000 | ---D | M] -- C:\Program Files\Outsim
[2009/04/08 18:12:30 | 00,000,000 | ---D | M] -- C:\Program Files\Oxigen
[2009/04/08 18:10:38 | 00,000,000 | ---D | M] -- C:\Program Files\OxigenInstall
[2009/05/10 16:27:57 | 00,000,000 | ---D | M] -- C:\Program Files\Pcsx2
[2009/03/26 08:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\Play89
[2009/03/23 17:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\Pool Station
[2009/06/15 22:17:36 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/04/24 21:23:26 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2008/10/22 01:06:40 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/06/16 18:02:34 | 00,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/04/05 11:50:16 | 00,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/07/10 23:45:27 | 00,000,000 | ---D | M] -- C:\Program Files\SharpHacker's Registration Hack
[2009/03/29 14:24:13 | 00,000,000 | ---D | M] -- C:\Program Files\SopCast
[2009/04/21 19:56:46 | 00,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Accelerator
[2008/12/13 08:26:07 | 00,000,000 | ---D | M] -- C:\Program Files\Super DVD Creator 8.0
[2008/10/22 00:18:38 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2008/12/22 20:02:04 | 00,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2009/07/10 12:55:08 | 00,000,000 | ---D | M] -- C:\Program Files\Tracker Checker 2
[2009/10/18 15:13:19 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/12/21 12:26:46 | 00,000,000 | ---D | M] -- C:\Program Files\TrueSuite Access Manager
[2009/04/05 10:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2008/10/22 01:29:21 | 00,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2009/10/29 16:24:30 | 00,000,000 | ---D | M] -- C:\Program Files\UltraStar Deluxe
[2006/11/03 00:01:55 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/06/16 23:03:01 | 00,000,000 | ---D | M] -- C:\Program Files\Unity
[2009/04/06 10:37:54 | 00,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/03/29 15:27:09 | 00,000,000 | ---D | M] -- C:\Program Files\uusee
[2008/12/08 21:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/03/21 08:34:00 | 00,000,000 | ---D | M] -- C:\Program Files\VoiceSync
[2009/08/24 19:08:25 | 00,000,000 | ---D | M] -- C:\Program Files\VSO
[2009/08/30 14:48:21 | 00,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2008/12/22 20:01:15 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp
[2008/01/21 13:35:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 13:35:15 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 13:35:09 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/21 13:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/03/20 17:34:09 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/20 17:31:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/01/21 13:35:16 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2008/10/22 01:31:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2009/08/15 18:38:43 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/31 10:50:58 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mobile Device Handbook
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 13:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 13:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/12/09 18:19:40 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/03/23 16:27:02 | 00,000,000 | ---D | M] -- C:\Program Files\XAimer
[2009/10/11 22:03:26 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/01/24 13:42:57 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:AC6124CA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:13EDD51B
< End of report >

bato1994 · « **Reply #22 on:** October 29, 2009, 01:32:49 AM »

OTL Extras logfile created on: 29/10/2009 6:13:54 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.03% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.61 Gb Total Space | 66.59 Gb Free Space | 37.71% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 177.48 Gb Free Space | 95.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIELFAGHIURA
Current User Name: valued customer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6198:TCP" = 6198:TCP:*:Enabled:Jetbrowse
"3126:TCP" = 3126:TCP:*:Enabled:Jetbrowse
"3128:TCP" = 3128:TCP:*:Enabled:Jetbrowse

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FAD44A-D94D-472F-BF52-DE21EFFC76FE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{04D7B9AE-2F02-43D9-8FF9-8B74D36A946E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08430BAC-51E4-4DDA-AA6F-E005D652857F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0F071424-C7C2-4433-980A-AFCA6C1A3848}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F7E58B0-C390-4B6F-AD5D-BC9DBDA148A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{109AAC1A-7DC2-4732-8EF4-BA85EF62226E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1A6276DD-6928-48AB-8848-8E5608880697}" = lport=137 | protocol=17 | dir=in | app=system |
"{1D5D98FF-56EF-4DFD-8502-7241E58CA1B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2000F4B8-D761-4D23-9C7A-F3A2FA6B3A40}" = lport=5358 | protocol=6 | dir=in | app=system |
"{21607F9F-11F8-4CBA-A09B-F5355677DE8C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{21F7C426-D934-4BAA-B9E2-9AF28B6BE5BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2391368C-A09D-4B50-AE34-D17BA94BF9CF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{285E620A-6992-40DC-8FB7-2BBE1EA053F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29CCD269-9283-4DF9-9A3D-C9606EA756C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CAF18B5-5B4A-4751-8F92-5175BCCA470A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DEE2CF7-FE6C-449F-8822-5851A709A2F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32B16349-B7A8-41B1-B742-32C47E8993BD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{36E1CAA2-49F5-427C-B8A1-AE767B46B342}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B60C9EF-7CA4-4EE6-8B41-46D86E582001}" = rport=5358 | protocol=6 | dir=out | app=system |
"{3C3A3CFD-121A-4F2E-B5DC-0FE644C44F52}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3C6FCF75-E490-4DF0-8923-7078E81B6376}" = lport=139 | protocol=6 | dir=in | app=system |
"{42388898-0AF6-4531-998C-C2AB8D50CF78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48FC22A5-AE5F-4B2A-BDF4-3505659C7A00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C4D2804-2463-46C9-9281-CBFBCFF8C786}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5155EFF3-5C4F-4266-8C45-1E9D662E4979}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54B53881-CBB8-4344-9B45-85D650042D75}" = rport=5357 | protocol=6 | dir=out | app=system |
"{58C7ADB3-3E8E-4AB6-893F-ACA3D4A0D995}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5A838718-132C-499D-B3B9-827E5A11C575}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AC4B9F7-B873-4C56-85B0-9B9762EDC331}" = lport=3390 | protocol=6 | dir=in | app=system |
"{60808892-B129-4C95-BCE0-0BC83B674A38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6542CE81-D36E-464A-BC57-81770FA3E2CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{66311B68-8839-4814-8ABC-417496AC51B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{665B3027-7AF7-4C19-A6AF-341AF7AC28F6}" = lport=5357 | protocol=6 | dir=in | app=system |
"{69D3F0CE-7722-4B21-A60E-8A2006358AF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D0D9A2C-0FBB-4D98-99FE-15E2756A79FC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74FB9979-CB25-4AFA-AAB0-543EEAEBC80C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D1016D2-E1A0-41B4-98C7-3B337BB51128}" = rport=445 | protocol=6 | dir=out | app=system |
"{7DE6FD53-F338-4623-B59F-A0586A161C36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FCF92F7-6604-4BF9-864B-5574AB11FA46}" = lport=6112 | protocol=6 | dir=in | name=utorrent |
"{85CAC53B-387F-4CBB-83E1-F009D084407B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{89343FC4-2AD4-4378-A760-0ADB7E33BE6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C7368D6-D071-45DC-9D2E-1565895AF027}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8FF29A96-C299-4BFC-927F-E68D280FF32B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9384DB64-DFC4-4F2F-8AC2-8DA4CDCC9C69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96126140-8B46-4A4E-8F17-69E674A27B40}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{997F3DBB-3BF7-4880-BD19-013078BABD57}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9E332BD4-28EC-4EB9-8626-17B1B13BC998}" = lport=10244 | protocol=6 | dir=in | app=system |
"{9F360063-8E88-4BBA-9FE5-AA28C9C72313}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A2313FE9-E6FC-4B79-9ECB-6A8179B0E0ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A772A78B-C237-4924-961E-49631498CBBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8E38D47-D4F1-4EEE-937B-74849E99A5D6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AA7A6302-66B4-42A5-9761-92AF78E0ED12}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACD9E333-0B56-4BF1-9F67-368F226B0EDE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B15A0A71-BB69-4EB8-A7C0-4A591FFECFD1}" = lport=6881 | protocol=6 | dir=in | name=bittorrent |
"{BEEBE2F6-EFA1-42D6-8F45-9E35C1B7F5A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2D90D96-BEAB-4650-9AF3-044889E8E072}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3A321B0-A0BC-4DB3-9BB2-77539FBC6841}" = rport=137 | protocol=17 | dir=out | app=system |
"{C6FBAB7F-6664-4AD4-AACA-3A7E96C702EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C97CCBDA-12D9-456A-9838-DB915BEED114}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CB2691FD-D9B3-4503-8632-C78F2B97AC20}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFBBEBBF-9A84-48A4-974F-297AD8FDF5F8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D4DA7FCF-442A-495B-A032-64900DB4595A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D6B973AA-2AFA-42CC-A9A5-6DA1877CC761}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8436147-65D8-4160-A442-CBB38225300A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DC6DE619-C26F-46FE-84E6-906878457775}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E73C9539-F035-4FD9-A55B-ED38B1699531}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E988F0F8-1A4A-447F-8FFC-C9DE9D3B3D52}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EAB1B3AC-54C6-4243-8156-43B54B815EEF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC165FDF-652D-4A72-AD4E-2B8D72935A42}" = lport=3390 | protocol=6 | dir=in | app=system |
"{F3C6BF74-6162-47B2-971B-C81F0AEAAD6E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{F5A8BC32-CB80-4C60-99F8-3465CD23CEF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F80F357D-338F-4DCF-96B2-DBA6A345AAB8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FD48B0AD-2966-4E17-A424-67C12E662B59}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003D9E86-BEB7-4496-B6F2-86723FF3B591}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00B0860F-567F-48FD-BB44-6B1D26AB1CD7}" = protocol=1 | dir=out | [email protected],-28544 |
"{0373AFF8-27FF-43F0-8F7E-E4446AA8265F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03935043-A22F-4764-B7F0-BCEFECC44E5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{03D39896-5479-4D97-8F13-C40DEC81F890}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{054B4EB0-6079-4049-9515-38D38315D755}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{06B76319-6A11-477B-AC5F-545D718FB615}" = protocol=6 | dir=in | app=c:\downloads\pes2009.exe |
"{0721C4E1-4B9A-4237-B8CE-A854CC81E4E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09379208-364E-4666-88A3-DE3EB11AF280}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09695FEC-17AF-45FB-B885-1FD695483E7D}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{0AF55769-198A-4C43-B5CC-D2D83C91705B}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{0BC82451-A4DB-4201-AB41-9FDD4275769F}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{0D9D4E8D-CBD1-483C-BB49-8B285D330639}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EEB466B-8EEE-46B0-9484-C93B5F5EF892}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{0F814524-1FF9-4E7F-8953-9DFF1CC6D207}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1718BD6A-371F-44F6-889F-DB8A8A6D8E0B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1A07D97E-2B7D-4DD4-AB21-3FB7513ED11D}" = protocol=6 | dir=in | app=c:\users\valued customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1AF76756-A571-46E9-B13D-131736D43780}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{1C85FB1B-1AF1-4B70-83BB-2E2888360E58}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1E548B41-C0A3-4E63-AC25-BB7875EE68A9}" = protocol=58 | dir=in | [email protected],-148 |
"{23509809-5C0D-407C-834B-CEBBA5EE065C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{25866670-41DD-4824-8616-F1F956942367}" = protocol=58 | dir=out | [email protected],-28546 |
"{295A9215-5AFC-4DB1-8D5E-00FD4DCBF72B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{29C33AD1-A7C6-409D-8F75-EF2EAE82A657}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F04E077-832F-41D4-AA63-18382ACE9F27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FE4FD66-3E71-46AD-85B9-74249EB59468}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31E0B289-08E0-4E37-AA1F-10AA21F4EFCB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3409FFBC-4CF8-4D9E-8B75-D01275F237D9}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{35CF1D8B-A690-468F-AEB2-1C8880DD3D84}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{3CAA937E-8E4E-4E05-8D47-95E557D4AF57}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3CE734C8-0B79-4C3A-ABE1-30139708D5AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D1DA201-90EB-4025-8B58-B6E6CF4DC6C1}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{3D205531-DEA5-40CE-B2A3-737F306DD4AD}" = protocol=6 | dir=in | app=c:\users\valued customer\appdata\local\temp\rar$ex00.813\pes2009.exe |
"{40ED2CF0-9329-4031-995C-F3D47DEDBE22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{422198AE-F271-4B6F-91AE-D42041B76BBB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{424D942A-496E-4D0F-AFD9-4566AF4838FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4441B5ED-D2F6-4998-820A-F184F84D337F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{45858AD6-4983-4E5A-9F59-F994179758E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{49EAC377-84C2-418F-AB09-5715755109AD}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{4A29C4AF-8E94-47D3-BCE7-5D68903AF384}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4D86431B-1580-45B2-B02C-10713FC6D8A1}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4E2A5C91-C749-483D-BF19-812A3BBFF676}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4F3E0253-D398-4423-A58A-1847049EF67C}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{4F95606E-BD4C-4700-98BC-99A2017DE0C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{53B0F648-DA98-4A07-BF32-88D146661946}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{5455A4CF-D974-40FC-8432-6E771BA12A98}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{554D2880-9FEF-4C4C-A4BB-D08E08263219}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{55759A88-ABAE-4E94-81B7-5965973DB1A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{567995E2-4DFC-483A-BA6B-E9BA0C4149A6}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{58F68995-9F14-40C9-8B52-DDC67FAC8F7C}" = protocol=1 | dir=in | [email protected],-28543 |
"{59FCFDFF-2687-48BD-A825-9A4864B3B357}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{5E783496-4A22-4157-9533-D545EE62FDE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6063C993-325B-4CC9-8DE2-A2E61D58060B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659B25F2-3ED8-4820-8B9F-F3366FCB4C3D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{66EBFF9A-E2A7-4C98-9180-5172D7DB2194}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{680859C0-7F1D-4AF9-809C-E358F6808705}" = protocol=6 | dir=out | app=system |
"{68C49170-FEE2-4232-9379-4B4FB0327903}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{692E45DF-2615-493F-BC0E-C363FD6F9711}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A8E5F24-C194-4DBF-902F-D6166030068E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6C68CE57-3961-4659-AAA5-240756361435}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CA5AC68-BCF3-4115-A0E6-92214D7DEE3F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DD90E75-51AB-4A8D-B2D0-E40EDBE97B5B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{700E781F-9FDB-4098-B5B3-84679146B3CA}" = protocol=6 | dir=in | app=c:\users\valued customer\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{708308CD-DE17-4CDA-95A1-4EB204EE34BB}" = protocol=6 | dir=in | app=c:\users\valued customer\saved games\pes 2009\pes2009.exe |
"{7515C6A3-AEA4-44E4-AB9E-1335AD5788C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75FF60DB-7CAF-4BB7-AF66-E7240BA412B1}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{764502F5-181E-4291-80B8-CC2DE88979AA}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{774F2E63-A1A3-4992-B460-882F49D699B2}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{7BEECACF-C403-4FD2-A7FB-DD5347E282E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D6F8888-E971-4106-B7B9-F1BCB2335D63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{7DDF7F36-F5E7-4E74-BC12-685F3561BF51}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{81089108-9800-41EA-8E66-DA90DE593F86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{81DF561F-6193-4E17-81A3-902DA594105A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{832148F5-D430-4A7B-AFA0-C5B987877D7B}" = protocol=6 | dir=in | app=c:\program files\voipcheap\voipcheap.exe |
"{8C7FEEDF-6BEB-48D6-983E-74EFEA2EC563}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8CE9450F-0D21-4005-B79C-CA31A0C4A59C}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{8D673A33-A50C-4BBC-887D-15137CEB0B57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90730AA4-04FE-4CA1-A238-EDB48273A077}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9223AEC1-3F33-4371-92E9-BCA17650566D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{92A04052-F204-4165-8289-94A1ADA77863}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{93077BBB-835F-4476-A261-75C5F3B19313}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95EBDFD6-F0EB-4018-8E79-1F391565F2F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B9BE57A-341A-424C-9B08-D29D1E5F18FE}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{9BA5A975-E6A8-4DDF-8829-894F7A106DF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D8B3946-9E6F-475D-84B7-13B47C3723FB}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A0FDDDE3-B143-4E73-A7E3-1CD85EE824FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2361C12-25E6-4D55-805A-1AA20192CABF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2FA941E-AF57-4DD5-8281-795D462F19E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A301988C-E56D-49DA-B99A-7358142234C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A48463CD-CAF5-4080-8435-26B960766295}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A50C92D7-E095-4073-A4BC-15F2194B4582}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5E5B98E-4151-4A25-9E1A-4CD4EF52083B}" = protocol=6 | dir=in | app=c:\users\valued customer\saved games\pes 2009\pes2009.exe |
"{A80518E7-B445-47A3-B320-89F8103ABDF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A86DE86D-4D6D-4DAE-A955-C75E7376E9BA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A8A630E5-85D8-478F-8911-2B26557A0EE2}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{AA1B2183-AD48-44BE-83A0-F6834E749A80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC527F38-DA64-4A80-A030-1E121DC464F3}" = protocol=17 | dir=in | app=c:\users\valued customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{AE555191-CE06-40F2-8360-93D0F8E20FF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AED36327-C1E1-4778-9147-99480064EE09}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AF2740B5-EB29-4E96-B3B6-EBFFCAD51FFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0DA40BE-752C-4F13-BCAC-8E856AF84550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1559035-027B-4C4A-9DD7-89B730907F4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B17EA51E-1A06-4657-8985-FE03F45565FA}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{B2668096-402A-4D0C-8B4B-0E3AB22A2A1A}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{B55189BE-8C46-4BB2-AE0E-86238225F13A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6D7ED46-2700-42D6-9068-F85543E24149}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{BEAA13AA-476C-456F-84A1-250CEEC99BFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFEDB629-329A-404E-B435-17B444AAE16B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0B40721-069A-49F0-9CE4-850EEFC5EB9E}" = protocol=17 | dir=in | app=c:\program files\voipcheap\voipcheap.exe |
"{C15BE407-F411-4309-B590-7F220B9B1D94}" = protocol=17 | dir=in | app=c:\users\valued customer\appdata\local\temp\rar$ex00.813\pes2009.exe |
"{C1C9B5E2-4C56-4A7D-AE75-17164A92672F}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{C3F40C87-C717-45E6-80A8-CC2F3B72E6B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C594E898-BFB5-4292-82C8-D6315139385C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C73E0222-BE8C-48EE-A3B8-615BADB69B31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C74A33BB-B539-40F6-986C-EC2A62F27399}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC0E43A0-63B3-430D-93F5-589825CED4A1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D12F7660-46CE-473F-BB22-9577216E1B37}" = protocol=17 | dir=in | app=c:\downloads\pes2009.exe |
"{D47FDE34-D79C-45A9-9E1A-4D0A3AEA8DBC}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{D6D06201-F9AF-4072-B735-F3865CB29239}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{D73CD224-41E9-440C-AE28-F5B47BFCEC49}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{D95B14C3-4949-44D2-8001-603CB5272AE4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DD4A2597-93DE-4E68-B07A-26C303CE8E43}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD88697C-A958-49DA-813F-952A6A5DCD5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE4038B6-32BD-46E4-9249-6B645F33D8BF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E0FCA68F-0E53-42BD-BAD1-C682AF88AC25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{E27371CA-A16A-44D9-8B26-B12A38F8A6B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E2E693A1-01F3-4C8F-838D-505A1B9AA46C}" = protocol=17 | dir=in | app=c:\users\valued customer\saved games\pes 2009\pes2009.exe |
"{E41786A3-50B6-4237-A6A0-ABE06BFE21D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{E504E7C4-73B9-4E4D-BFAB-6B98004312EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5983B69-467A-4940-8B38-5CF82C98F511}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E78165F8-1428-4D7B-8A6F-F858C006D5BF}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{EC3FE113-B270-4978-A8C3-164C6EE34D92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0D50891-A122-4F37-84B1-B80E0CE3A6FD}" = protocol=17 | dir=in | app=c:\users\valued customer\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{F2C44492-B7C8-4FC5-8175-0B34E99BF21F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F427CCD8-B519-4433-B315-02333F3A3654}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5817369-E72C-4197-AFF7-EF6A56E9BE69}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F6B4BD23-4F34-488B-AD41-F59984D58B4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F82FF177-189E-4612-870A-84085BBA35A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F87E5D3C-0177-4383-8601-912789614FE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9C73C67-12FC-491E-997F-268B402548E1}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{F9D05FD1-5C42-43E3-A11B-0C41FD4F8F5B}" = protocol=58 | dir=in | [email protected],-28545 |
"{FA5585F9-D723-416C-AE7A-1147DCF2A83A}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{FB403CD5-0372-43C8-ACD0-E077652528A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC955A24-5D26-4B3B-8DB6-DF4404C9E82A}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{FDB9C9BD-52F3-4A98-AC69-E2C169D0F4CF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FE5B0019-DF88-4845-BF5B-937A2F63D264}" = protocol=17 | dir=in | app=c:\users\valued customer\saved games\pes 2009\pes2009.exe |
"{FECCD3A5-2B7E-4F0A-AB24-9FAC72898214}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{13FE2A77-98C2-4FD3-87FE-4EFD2A848517}C:\users\valued customer\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"TCP Query User{28B1612E-5E23-4B74-8565-46796AE6E2E8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{293088A1-4481-471A-83E9-2F08263E0050}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{2A8B1E38-2CC7-40D2-8B0D-2C7C4AB62459}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{35C8B397-A046-4277-8864-4038C94A41A4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{5E91463A-82E7-428E-AF3C-073B1BEE0DB7}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{7AD9BEAD-7107-4C5F-9255-81AA46F90A3A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{96140E6E-90CF-4DE5-B7C3-7BDCEE1FD465}C:\users\valued customer\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\valued customer\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C70401A1-F40D-4FA8-98E4-B3AE03A199F3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{C754C5F6-F948-41BF-A37D-A14F2A0B0B13}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D11ACB6A-658D-49E6-9023-FFCA9D508299}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D7CC3F27-053A-4D96-8655-9E26D463C8EE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E03BF076-E90E-4A1E-B26F-C59295D78EAB}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{E24B3F7F-0B83-4D96-B140-06508A0792A9}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{E6427DCB-A473-4439-AD87-735D11DE784F}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{102E5BDC-6F6C-40CD-A7EE-76C1FDB0B158}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{1B4AC94B-1160-4D82-B69A-11C50A08C9DD}C:\users\valued customer\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\valued customer\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1DA45D99-C191-461C-AD58-D7B1FDBE270B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{4274A518-2285-4A1A-9A9E-BE6E83216310}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{4E645DC0-D49E-4045-BC1A-57B0C959C7C1}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{665BC4C8-093C-40BB-A905-1BCE704DDE7F}C:\users\valued customer\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"UDP Query User{84AE13A8-BCDF-4ACC-B0A1-064A5DCAEE49}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{85B69161-25E5-4045-99AE-82B643F42136}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{91613BC5-4B74-4A74-9E52-95D0C9D57847}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9385CE6C-593A-4F7A-8CAE-5F6E6AFE1046}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9A9EB343-6DBC-4C23-BC89-9D09D27872E9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{ABAEB9D7-D881-42DD-938E-B95B86984DE1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{BCB5ECBE-56E8-44E2-A240-BCFCF0A4DAD5}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{DF59A2BC-3CF2-416A-97B8-9722FDCE3D48}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F42970F9-7BED-46DE-B4E0-16D4740A1A5B}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

bato1994 · « **Reply #23 on:** October 29, 2009, 01:33:59 AM »

Continued...

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04FE63AC-AC7B-4C80-83AA-CCACA48C0C19}" = PS_AIO_04_C5300_Software
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09725E0F-6406-4500-8296-DBF6E697E9D7}" = C5300
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3AD56302-2ADE-4A1C-864A-CB9FFF040576}" = PS_AIO_04_C5300_ProductContext
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{489CA990-9FFB-495A-B5F6-027199E65405}" = PS_AIO_04_C5300_Software_Min
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C57747-551F-4e4f-AB60-13358DC4F00A}" = HP Photosmart C5300 All-In-One Driver Software 11.0 Rel .4
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.2.188
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AF10D7E4-D29A-45DA-8050-B116097B69B5}" = Safari
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BCC09E9C-3340-473D-A4FE-8580992CA77A}" = HPPhotoSmartDiscLabelContent1
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C485E390-78F5-4D5B-B56A-20A4C59B022A}" = FM Tuner Utility
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9933E93-8653-447E-9A19-9BCF658E3AE9}" = C5300_Help
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6D532B2-22E1-43AA-B4B7-34D772314859}" = Oxigen Client v5.01.0000
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FE24D361-A3E8-11DE-88F3-005056806466}" = Google Earth Plug-in
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF2D46CF-122C-47D8-9846-037C59E7144D}" = Google Web Accelerator
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Collab" = Collab
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler (remove only)
"Enhanced_search Toolbar" = Enhanced_search Toolbar
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Basic)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Nero 9 Lite_is1" = Nero 9.0.9.4 Lite
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"Play89" = Play89
"PoiZone" = PoiZone
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.0.3
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"TVUPlayer" = TVUPlayer 2.4.5.1
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Videora iPod Converter" = Videora iPod Converter 4.07
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 21/09/2009 1:02:41 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 21/09/2009 1:04:14 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/10/2009 7:10:38 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/10/2009 7:10:47 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/10/2009 7:10:52 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 14/10/2009 6:50:13 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 14/10/2009 6:50:27 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 14/10/2009 6:55:49 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 23/10/2009 11:40:33 PM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 23/10/2009 11:40:44 PM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

[ Application Events ]
Error - 28/10/2009 4:37:46 PM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 28/10/2009 4:40:44 PM | Computer Name = DanielFaghiura | Source = VSS | ID = 8193
Description =

Error - 29/10/2009 12:46:29 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 29/10/2009 12:46:40 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 29/10/2009 12:46:49 AM | Computer Name = DanielFaghiura | Source = WinMgmt | ID = 10
Description =

Error - 29/10/2009 12:46:51 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 29/10/2009 1:07:35 AM | Computer Name = DanielFaghiura | Source = VSS | ID = 8193
Description =

Error - 29/10/2009 1:10:15 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 29/10/2009 1:25:29 AM | Computer Name = DanielFaghiura | Source = Application Error | ID = 1000
Description = Faulting application USdx.exe, version 0.0.0.0, time stamp 0x2a425e19,
faulting module USdx.exe, version 0.0.0.0, time stamp 0x2a425e19, exception code
0xc0000094, fault offset 0x000b443e, process id 0x150c, application start time 0x01ca58560ca92d7d.

Error - 29/10/2009 1:25:44 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

[ Media Center Events ]
Error - 23/10/2009 6:37:00 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 6:37:19 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 6:37:37 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 6:38:44 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 6:39:15 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 26/10/2009 2:19:38 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 26/10/2009 2:20:16 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 26/10/2009 2:28:34 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ MediaManagerServiceEventLog Events ]
Error - 20/12/2008 7:01:24 AM | Computer Name = valuedcustom-PC | Source = MediaManagerServiceEventSource | ID = 0
Description = Error: System.IO.IOException: The device is not ready. at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.Directory.InternalCreateDirec tory(String
fullPath, String path, DirectorySecurity dirSecurity) at System.IO.DirectoryInfo.Create()

at thePlatform.MediaManager.Core.ImageCach e..ctor(DirectoryInfo cacheFolder,
IConnectionState connectionState, Int32 maxCacheSize, WebRequestFactory factory)

at thePlatform.MediaManager.Core.MediaMana gerFactory.MediaManagerFactoryHelper.Cr eateInstance()

at thePlatform.MediaManager.Core.MediaMana gerFactory.MediaManagerFactoryHelper.Ge tInstance()

at thePlatform.MediaManager.Core.MediaMana gerFactory.GetLocalInstance(Boolean
encrypt) at thePlatform.MediaManager.Service.MediaM anagerApplication..ctor(Boolean
encrypt) at thePlatform.MediaManager.Service.MediaM anagerService.OnStart(String[]
args)

[ OSession Events ]
Error - 26/05/2009 3:59:53 AM | Computer Name = DanielFaghiura | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2466
seconds with 1920 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/10/2009 4:38:20 PM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 28/10/2009 4:38:20 PM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 10.1.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 28/10/2009 4:38:21 PM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 29/10/2009 12:46:25 AM | Computer Name = DanielFaghiura | Source = HTTP | ID = 15016
Description =

Error - 29/10/2009 12:46:49 AM | Computer Name = DanielFaghiura | Source = Service Control Manager | ID = 7000
Description =

Error - 29/10/2009 12:48:35 AM | Computer Name = DanielFaghiura | Source = Service Control Manager | ID = 7022
Description =

Error - 29/10/2009 12:48:49 AM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 10.1.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 29/10/2009 12:48:49 AM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 29/10/2009 12:49:47 AM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 29/10/2009 1:09:55 AM | Computer Name = DanielFaghiura | Source = Service Control Manager | ID = 7000
Description =

< End of report >

evilfantasy · « **Reply #24 on:** October 29, 2009, 10:10:33 AM »

Double click OTL

* Click the CleanUp! button.
* Select Yes when the "Begin cleanup Process?" prompt appears.
* If you are prompted to Reboot during the cleanup, select Yes
* The tool will delete itself once it finishes.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

bato1994 · « **Reply #25 on:** October 30, 2009, 02:10:53 AM »

ESETscan log:

C:\Downloads\CheatEngine54.exe   probably a variant of Win32/Genetik trojan   deleted - quarantined
C:\Program Files\Cheat Engine\dbk32.sys   probably a variant of Win32/Genetik trojan   cleaned by deleting - quarantined
C:\Program Files\Image-Line\Toxic Biohazard\Toxic Biohazard.dll   probably a variant of Win32/Delf trojan   cleaned by deleting - quarantined
C:\Users\valued customer\Documents\Downloads\AirportTycoon3Setup-dm.exe   Win32/Adware.Trymedia application   cleaned by deleting - quarantined
C:\Users\valued customer\Downloads\FL Studio 8.0.0 XXL Producer RC3 (NEW)\FL Studio 8.0.0 XXL Producer RC3 (NEW).rar   probably a variant of Win32/Delf trojan   deleted - quarantined

evilfantasy · « **Reply #26 on:** October 30, 2009, 10:08:22 AM »

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

bato1994 · « **Reply #27 on:** October 30, 2009, 06:35:07 PM »

ComboFix 09-10-30.01 - BACKUP 31/10/2009 10:35.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3069.1818 [GMT 11:00]
Running from: c:\users\BACKUP\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
C:\restore
c:\users\valued customer\AppData\Roaming\BITS
c:\users\valued customer\AppData\Roaming\BITS\BITS.ini
c:\users\valued customer\AppData\Roaming\BITS\UPnP.ini
c:\users\valued customer\AppData\Roaming\inst.exe
c:\windows\struct~.ini
c:\windows\system32\gasfkylog.dat
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 00:07 . 2009-10-31 00:17   --------   d-----w-   c:\users\BACKUP\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\valued customer\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Maja\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-30 23:35 . 2008-04-16 00:53   312344   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2009-10-30 23:35 . 2008-03-12 06:38   28728   ----a-w-   c:\windows\system32\drivers\msahci.sys
2009-10-30 23:35 . 2008-03-12 06:38   21560   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-10-30 10:05 . 2009-10-30 10:05   --------   d-----w-   c:\programdata\Sports Interactive
2009-10-30 10:04 . 2009-10-30 10:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Sports Interactive
2009-10-30 10:00 . 2009-09-04 06:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2009-10-30 09:55 . 2009-10-30 09:57   --------   d--h--w-   c:\program files\Zero G Registry
2009-10-30 09:55 . 2009-10-30 09:55   --------   d-----w-   c:\program files\Sports Interactive
2009-10-30 09:55 . 2009-10-30 09:55   --------   d--h--w-   c:\users\BACKUP\InstallAnywhere
2009-10-30 09:30 . 2009-10-30 09:31   --------   d-----w-   c:\users\BACKUP\AppData\Local\Google
2009-10-30 09:01 . 2009-10-30 09:01   --------   d-----w-   c:\users\BACKUP\AppData\Local\Mozilla
2009-10-30 08:24 . 2009-10-30 08:24   --------   d-----w-   c:\users\BACKUP\AppData\Local\Opera
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Malwarebytes
2009-10-30 08:21 . 2009-10-30 08:21   67528   ----a-w-   c:\users\BACKUP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Local\Toshiba
2009-10-30 08:21 . 2009-10-31 00:17   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Orbit
2009-10-30 05:04 . 2009-10-30 05:04   --------   d-----w-   c:\program files\ESET
2009-10-29 04:58 . 2009-10-30 09:14   --------   d-----w-   c:\windows\system32\config\systemprofile\Tracing
2009-10-28 20:38 . 2009-10-28 20:38   --------   d-----w-   C:\Microsoft
2009-10-27 10:41 . 2009-04-06 00:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2009-10-27 10:40 . 2009-02-10 05:12   307224   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2009-10-27 10:37 . 2009-02-18 06:27   29208   ----a-w-   c:\windows\system32\drivers\afw.sys
2009-10-27 10:37 . 2009-10-27 10:37   --------   d-----w-   c:\program files\Agnitum
2009-10-27 10:36 . 2009-10-27 10:36   --------   d-----w-   c:\programdata\Agnitum
2009-10-27 10:08 . 2009-10-27 10:18   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\BitTorrent
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ATI
2009-10-26 11:21 . 2009-10-26 11:21   --------   d-----w-   C:\Sun
2009-10-26 08:21 . 2009-09-30 23:29   195440   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-26 05:35 . 2009-10-26 05:35   --------   d-----w-   c:\users\Default\AppData\Local\Apple
2009-10-25 11:28 . 2009-09-15 09:54   52368   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-10-25 11:28 . 2009-09-15 09:54   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-10-25 11:28 . 2009-09-15 09:55   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-10-25 11:28 . 2009-09-15 09:55   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-10-25 11:28 . 2009-09-15 09:53   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-10-25 11:28 . 2009-09-15 09:59   1279968   ----a-w-   c:\windows\system32\aswBoot.exe
2009-10-25 11:28 . 2009-09-15 09:55   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-10-25 11:25 . 2009-10-25 11:25   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\GrabPro
2009-10-25 11:23 . 2009-10-25 11:23   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Toshiba
2009-10-25 11:23 . 2009-10-30 09:15   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Orbit
2009-10-25 10:55 . 2009-10-26 08:41   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2009-10-25 10:49 . 2009-09-04 12:24   61440   ----a-w-   c:\windows\system32\msasn1.dll
2009-10-25 10:49 . 2009-09-14 09:44   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2009-10-25 10:42 . 2009-10-25 10:42   0   ----a-w-   c:\windows\nsreg.dat
2009-10-25 10:42 . 2009-10-25 10:42   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-10-25 02:46 . 2009-10-25 02:46   --------   d-----w-   c:\windows\system32\config\systemprofile\DoctorWeb
2009-10-18 04:13 . 2009-10-18 04:13   --------   d-----w-   c:\program files\Trend Micro
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\programdata\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-15 07:53 . 2009-10-15 07:53   21052   ----a-w-   c:\windows\system32\SIntfNT.dll
2009-10-15 07:53 . 2009-10-15 07:53   15144   ----a-w-   c:\windows\system32\SIntf32.dll
2009-10-15 07:53 . 2009-10-15 07:53   12067   ----a-w-   c:\windows\system32\SIntf16.dll
2009-10-11 11:03 . 2009-10-11 11:03   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 09:21 . 2008-12-16 05:35   --------   d-----w-   c:\program files\Bonjour
2009-10-30 05:45 . 2008-12-16 07:52   --------   d-----w-   c:\program files\UltraStar Deluxe
2009-10-30 05:29 . 2009-03-08 00:01   --------   d-----w-   c:\program files\Cheat Engine
2009-10-29 04:59 . 2009-04-26 00:10   --------   d-----w-   c:\program files\Orbitdownloader
2009-10-27 05:26 . 2008-10-21 14:40   --------   d-----w-   c:\program files\Google
2009-10-26 09:22 . 2009-01-18 09:53   --------   d-----w-   c:\program files\Opera
2009-10-26 09:00 . 2008-05-06 04:31   --------   d-----w-   c:\program files\Common Files\Adobe
2009-10-26 04:42 . 2008-10-21 13:20   67528   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 11:11 . 2009-03-18 04:37   --------   d-----w-   c:\programdata\Microsoft Help
2009-10-25 11:10 . 2009-03-18 04:42   --------   d-----w-   c:\program files\Microsoft Works
2009-10-24 03:00 . 2006-11-02 13:02   1356   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-10-21 06:10 . 2008-05-06 04:14   --------   d-----w-   c:\program files\Java
2009-10-11 11:05 . 2009-06-16 06:49   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2009-10-11 11:03 . 2008-12-16 02:07   --------   d-----w-   c:\program files\Yahoo!
2009-10-11 11:02 . 2009-07-10 12:36   --------   d-----w-   c:\program files\Freebies Hack Engine
2009-09-21 04:17 . 2008-10-21 13:13   209788507   ----a-w-   c:\windows\DUMP737a.tmp
2009-09-21 03:54 . 2009-09-21 03:54   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-09-14 07:57 . 2009-09-14 07:57   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\vlc
2009-09-14 03:36 . 2009-09-14 03:36   615992   ----a-w-   c:\windows\system32\ci.dll
2009-09-13 00:24 . 2008-12-01 01:47   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Orbit
2009-09-12 12:56 . 2008-12-06 00:37   --------   d-----w-   c:\users\valued customer\AppData\Roaming\uTorrent
2009-09-12 06:39 . 2009-08-24 07:57   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Vso
2009-09-11 12:31 . 2009-06-23 11:08   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-10 17:30 . 2009-10-25 10:50   213504   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 06:44 . 2009-10-30 09:59   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2009-09-04 06:44 . 2009-10-30 09:59   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2009-09-04 06:29 . 2009-10-30 09:59   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   235344   ----a-w-   c:\windows\system32\d3dx11_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   5501792   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2009-08-27 13:32 . 2009-10-25 10:50   833024   ----a-w-   c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-25 10:50   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-25 10:50   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-08-24 08:08 . 2009-08-24 07:57   47360   ----a-w-   c:\users\valued customer\AppData\Roaming\pcouffin.sys
2009-08-24 07:57 . 2009-08-24 07:57   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2009-08-17 12:33 . 2009-08-17 12:33   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-10 10:50   897608   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 10:50   104960   ----a-w-   c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 10:50   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 10:50   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 10:50   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 10:50   19968   ----a-w-   c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 10:50   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 10:50   10240   ----a-w-   c:\windows\system32\finger.exe
2009-08-05 14:22 . 2009-10-25 10:50   3597896   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:22 . 2009-10-25 10:50   3546184   ----a-w-   c:\windows\system32\ntoskrnl.exe
2007-05-06 06:32 . 2009-05-10 04:59   389120   ----a-w-   c:\program files\DaShRelease.exe
2003-08-04 13:36 . 2009-05-10 03:01   171008   ----a-w-   c:\program files\ePSXe.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]
2009-06-22 22:53   2211352   ----a-w-   c:\program files\Enhanced_search\tbEnha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}"= "c:\program files\Enhanced_search\tbEnha.dll" [2009-06-22 2211352]

[HKEY_CLASSES_ROOT\clsid\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 04:41   118784   ----a-w-   c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-27 428032]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-26 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TOSHIBA Face Recognition Watcher.lnk
backup=c:\windows\pss\TOSHIBA Face Recognition Watcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^valued customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gueinywcf.lnk]
path=c:\users\valued customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gueinywcf.lnk
backup=c:\windows\pss\gueinywcf.lnk.Startup
backupExtension=.Startup

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [22/10/2008 1:35 AM 42608]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [27/10/2009 9:37 PM 29208]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/10/2009 10:28 PM 114768]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [27/10/2009 9:41 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [27/10/2009 9:37 PM 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/10/2009 10:28 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/10/2009 10:28 PM 53328]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [22/10/2008 1:35 AM 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 6:19 PM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [4/12/2007 11:03 AM 126976]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [27/10/2009 9:40 PM 307224]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [6/05/2008 4:29 PM 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 9:29 AM 3658752]
S2 gupdate1c95e418ad821a6;Google Update Service (gupdate1c95e418ad821a6);c:\program files\Google\Update\GoogleUpdate.exe [15/12/2008 10:13 AM 133104]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [6/04/2009 2:19 PM 23064]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
WindowsMobile   REG_MULTI_SZ     wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ     WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C608BE1D-4122-966D-51A3-9C926A1FBB57}]
c:\windows\winlogen.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004Core.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004UA.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {2B67C494-3621-41ED-8FE8-9A49DF5A6D17} = 203.12.160.35 203.12.160.36
FF - ProfilePath - c:\users\BACKUP\AppData\Roaming\Mozilla\Firefox\Profiles\qdyvq2ed.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\BACKUP\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 11:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP000000488DC9FB925FF027D2 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2540)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2009-10-31 11:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 00:24

Pre-Run: 67,105,726,464 bytes free
Post-Run: 66,662,764,544 bytes free

- - End Of File - - 9AF556F107381F34A86C329E134C57A1

evilfantasy · « **Reply #28 on:** October 30, 2009, 07:00:45 PM »

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll

DirLook::
c:\program files\Zero G Registry
c:\users\BACKUP\InstallAnywhere

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

bato1994 · « **Reply #29 on:** October 30, 2009, 10:14:36 PM »

ComboFix 09-10-30.01 - BACKUP 31/10/2009 14:26.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3069.1597 [GMT 11:00]
Running from: c:\users\BACKUP\Desktop\ComboFix.exe
Command switches used :: c:\users\BACKUP\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\SIntf16.dll"
"c:\windows\system32\SIntf32.dll"
"c:\windows\system32\SIntfNT.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SIntf16.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntfNT.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 03:50 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\valued customer\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Public\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Maja\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-10-31 03:26 . 2008-03-12 06:38   28728   ----a-w-   c:\windows\system32\drivers\msahci.sys
2009-10-31 03:26 . 2008-04-16 00:53   312344   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2009-10-31 03:26 . 2008-03-12 06:38   21560   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-10-31 03:06 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\Tracing
2009-10-31 02:30 . 2009-10-31 02:31   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Vso
2009-10-30 10:05 . 2009-10-30 10:05   --------   d-----w-   c:\programdata\Sports Interactive
2009-10-30 10:04 . 2009-10-30 10:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Sports Interactive
2009-10-30 10:00 . 2009-09-04 06:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2009-10-30 09:55 . 2009-10-30 09:57   --------   d--h--w-   c:\program files\Zero G Registry
2009-10-30 09:55 . 2009-10-30 09:55   --------   d-----w-   c:\program files\Sports Interactive
2009-10-30 09:55 . 2009-10-30 09:55   --------   d--h--w-   c:\users\BACKUP\InstallAnywhere
2009-10-30 09:30 . 2009-10-30 09:31   --------   d-----w-   c:\users\BACKUP\AppData\Local\Google
2009-10-30 09:01 . 2009-10-30 09:01   --------   d-----w-   c:\users\BACKUP\AppData\Local\Mozilla
2009-10-30 08:24 . 2009-10-30 08:24   --------   d-----w-   c:\users\BACKUP\AppData\Local\Opera
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Malwarebytes
2009-10-30 08:21 . 2009-10-30 08:21   67528   ----a-w-   c:\users\BACKUP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Local\Toshiba
2009-10-30 08:21 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Orbit
2009-10-30 05:04 . 2009-10-30 05:04   --------   d-----w-   c:\program files\ESET
2009-10-29 04:58 . 2009-10-30 09:14   --------   d-----w-   c:\windows\system32\config\systemprofile\Tracing
2009-10-28 20:38 . 2009-10-28 20:38   --------   d-----w-   C:\Microsoft
2009-10-27 10:41 . 2009-04-06 00:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2009-10-27 10:40 . 2009-02-10 05:12   307224   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2009-10-27 10:37 . 2009-02-18 06:27   29208   ----a-w-   c:\windows\system32\drivers\afw.sys
2009-10-27 10:37 . 2009-10-27 10:37   --------   d-----w-   c:\program files\Agnitum
2009-10-27 10:36 . 2009-10-27 10:36   --------   d-----w-   c:\programdata\Agnitum
2009-10-27 10:08 . 2009-10-27 10:18   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\BitTorrent
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ATI
2009-10-26 11:21 . 2009-10-26 11:21   --------   d-----w-   C:\Sun
2009-10-26 08:21 . 2009-09-30 23:29   195440   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-26 05:35 . 2009-10-26 05:35   --------   d-----w-   c:\users\Default\AppData\Local\Apple
2009-10-25 11:28 . 2009-09-15 09:54   52368   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-10-25 11:28 . 2009-09-15 09:54   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-10-25 11:28 . 2009-09-15 09:55   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-10-25 11:28 . 2009-09-15 09:55   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-10-25 11:28 . 2009-09-15 09:53   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-10-25 11:28 . 2009-09-15 09:59   1279968   ----a-w-   c:\windows\system32\aswBoot.exe
2009-10-25 11:28 . 2009-09-15 09:55   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-10-25 11:25 . 2009-10-25 11:25   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\GrabPro
2009-10-25 11:23 . 2009-10-25 11:23   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Toshiba
2009-10-25 11:23 . 2009-10-30 09:15   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Orbit
2009-10-25 10:55 . 2009-10-26 08:41   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2009-10-25 10:49 . 2009-09-04 12:24   61440   ----a-w-   c:\windows\system32\msasn1.dll
2009-10-25 10:49 . 2009-09-14 09:44   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2009-10-25 10:42 . 2009-10-25 10:42   0   ----a-w-   c:\windows\nsreg.dat
2009-10-25 10:42 . 2009-10-25 10:42   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-10-25 02:46 . 2009-10-25 02:46   --------   d-----w-   c:\windows\system32\config\systemprofile\DoctorWeb
2009-10-18 04:13 . 2009-10-18 04:13   --------   d-----w-   c:\program files\Trend Micro
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\programdata\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-11 11:03 . 2009-10-11 11:03   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 09:21 . 2008-12-16 05:35   --------   d-----w-   c:\program files\Bonjour
2009-10-30 05:45 . 2008-12-16 07:52   --------   d-----w-   c:\program files\UltraStar Deluxe
2009-10-30 05:29 . 2009-03-08 00:01   --------   d-----w-   c:\program files\Cheat Engine
2009-10-29 04:59 . 2009-04-26 00:10   --------   d-----w-   c:\program files\Orbitdownloader
2009-10-27 05:26 . 2008-10-21 14:40   --------   d-----w-   c:\program files\Google
2009-10-26 09:22 . 2009-01-18 09:53   --------   d-----w-   c:\program files\Opera
2009-10-26 09:00 . 2008-05-06 04:31   --------   d-----w-   c:\program files\Common Files\Adobe
2009-10-26 04:42 . 2008-10-21 13:20   67528   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 11:11 . 2009-03-18 04:37   --------   d-----w-   c:\programdata\Microsoft Help
2009-10-25 11:10 . 2009-03-18 04:42   --------   d-----w-   c:\program files\Microsoft Works
2009-10-24 03:00 . 2006-11-02 13:02   1356   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-10-21 06:10 . 2008-05-06 04:14   --------   d-----w-   c:\program files\Java
2009-10-11 11:05 . 2009-06-16 06:49   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2009-10-11 11:03 . 2008-12-16 02:07   --------   d-----w-   c:\program files\Yahoo!
2009-10-11 11:02 . 2009-07-10 12:36   --------   d-----w-   c:\program files\Freebies Hack Engine
2009-09-21 04:17 . 2008-10-21 13:13   209788507   ----a-w-   c:\windows\DUMP737a.tmp
2009-09-21 03:54 . 2009-09-21 03:54   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-09-14 07:57 . 2009-09-14 07:57   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\vlc
2009-09-14 03:36 . 2009-09-14 03:36   615992   ----a-w-   c:\windows\system32\ci.dll
2009-09-13 00:24 . 2008-12-01 01:47   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Orbit
2009-09-12 12:56 . 2008-12-06 00:37   --------   d-----w-   c:\users\valued customer\AppData\Roaming\uTorrent
2009-09-12 06:39 . 2009-08-24 07:57   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Vso
2009-09-11 12:31 . 2009-06-23 11:08   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-10 17:30 . 2009-10-25 10:50   213504   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 06:44 . 2009-10-30 09:59   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2009-09-04 06:44 . 2009-10-30 09:59   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2009-09-04 06:29 . 2009-10-30 09:59   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   235344   ----a-w-   c:\windows\system32\d3dx11_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   5501792   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2009-08-27 13:32 . 2009-10-25 10:50   833024   ----a-w-   c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-25 10:50   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-25 10:50   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-08-24 08:08 . 2009-08-24 07:57   47360   ----a-w-   c:\users\valued customer\AppData\Roaming\pcouffin.sys
2009-08-24 07:57 . 2009-08-24 07:57   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2009-08-17 12:33 . 2009-08-17 12:33   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-10 10:50   897608   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 10:50   104960   ----a-w-   c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 10:50   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 10:50   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 10:50   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 10:50   19968   ----a-w-   c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 10:50   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 10:50   10240   ----a-w-   c:\windows\system32\finger.exe
2009-08-05 14:22 . 2009-10-25 10:50   3597896   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:22 . 2009-10-25 10:50   3546184   ----a-w-   c:\windows\system32\ntoskrnl.exe
2007-05-06 06:32 . 2009-05-10 04:59   389120   ----a-w-   c:\program files\DaShRelease.exe
2003-08-04 13:36 . 2009-05-10 03:01   171008   ----a-w-   c:\program files\ePSXe.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Zero G Registry ----

2009-10-30 09:57 . 2009-10-30 09:57   2730   ----a-w-   c:\program files\Zero G Registry\.com.zerog.registry.xml

---- Directory of c:\users\BACKUP\InstallAnywhere ----

((((((((((((((((((((((((((((( SnapShot@2009-10-31_00.17.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-30 23:20 . 2009-10-31 00:16   16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-30 23:20 . 2009-10-31 04:03   16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-30 23:20 . 2009-10-31 00:16   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-31 04:03 . 2009-10-31 04:03   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-30 23:20 . 2009-10-31 04:03   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-30 23:20 . 2009-10-31 00:16   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-31 03:55 . 2009-10-31 03:55   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-30 23:19 . 2009-10-31 00:13   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-31 03:55 . 2009-10-31 03:55   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-30 23:19 . 2009-10-31 00:13   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-31 04:02   600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-30 23:27   600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-30 23:27   105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-31 04:02   105852 c:\windows\System32\perfc009.dat
- 2008-11-22 03:52 . 2009-10-30 12:13   1576152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-11-22 03:52 . 2009-10-31 03:54   1576152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]
2009-06-22 22:53   2211352   ----a-w-   c:\program files\Enhanced_search\tbEnha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}"= "c:\program files\Enhanced_search\tbEnha.dll" [2009-06-22 2211352]

[HKEY_CLASSES_ROOT\clsid\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 04:41   118784   ----a-w-   c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-27 428032]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-26 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TOSHIBA Face Recognition Watcher.lnk
backup=c:\windows\pss\TOSHIBA Face Recognition Watcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^valued customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gueinywcf.lnk]
path=c:\users\valued customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gueinywcf.lnk
backup=c:\windows\pss\gueinywcf.lnk.Startup
backupExtension=.Startup

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [22/10/2008 1:35 AM 42608]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [27/10/2009 9:37 PM 29208]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/10/2009 10:28 PM 114768]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [27/10/2009 9:41 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [27/10/2009 9:37 PM 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/10/2009 10:28 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/10/2009 10:28 PM 53328]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [22/10/2008 1:35 AM 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 6:19 PM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [4/12/2007 11:03 AM 126976]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [27/10/2009 9:40 PM 307224]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [6/05/2008 4:29 PM 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 9:29 AM 3658752]
S2 gupdate1c95e418ad821a6;Google Update Service (gupdate1c95e418ad821a6);c:\program files\Google\Update\GoogleUpdate.exe [15/12/2008 10:13 AM 133104]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [6/04/2009 2:19 PM 23064]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
WindowsMobile   REG_MULTI_SZ     wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ     WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C608BE1D-4122-966D-51A3-9C926A1FBB57}]
c:\windows\winlogen.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004Core.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004UA.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {2B67C494-3621-41ED-8FE8-9A49DF5A6D17} = 203.12.160.35 203.12.160.36
FF - ProfilePath - c:\users\BACKUP\AppData\Roaming\Mozilla\Firefox\Profiles\qdyvq2ed.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\BACKUP\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 15:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(712)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-10-31 15:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 04:10
ComboFix2.txt 2009-10-31 00:24

Pre-Run: 63,394,865,152 bytes free
Post-Run: 63,393,566,720 bytes free

- - End Of File - - 69AC117622EC5265288E0F4E46A8C670

evilfantasy · « **Reply #30 on:** October 31, 2009, 10:13:51 AM »

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

bato1994 · « **Reply #31 on:** November 02, 2009, 04:57:06 PM »

Sorry for the late reply

Malwarebytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 3090
Windows 6.0.6001 Service Pack 1

3/11/2009 10:56:59 AM
mbam-log-2009-11-03 (10-56-59).txt

Scan type: Quick Scan
Objects scanned: 117696
Time elapsed: 9 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\valued customer\AppData\Roaming\ErrorSmart (Rogue.ErrorSmart) -> Quarantined and deleted successfully.
C:\Users\valued customer\AppData\Roaming\ErrorSmart\Log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\valued customer\AppData\Roaming\ErrorSmart\Log\2008 Dec 16 - 12_58_02 PM_811.log (Rogue.ErrorSmart) -> Quarantined and deleted successfully.

evilfantasy · « **Reply #32 on:** November 02, 2009, 05:39:15 PM »

How is the computer now?

bato1994 · « **Reply #33 on:** November 02, 2009, 10:54:39 PM »

Its back to its best (thank god)

Thanks Ankur16 and Evil Fantasy for all the help. I guess ill open my eyes more and be more aware when it comes to downloading.

evilfantasy · « **Reply #34 on:** November 03, 2009, 03:37:13 PM »

Sounds good.

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

bato1994 · « **Reply #35 on:** November 06, 2009, 04:48:19 AM »

OK. Its all good. thanks so much

evilfantasy · « **Reply #36 on:** November 06, 2009, 09:51:34 AM »

Your welcome.

Safe surfing...

Computer Hope Forum

News:

Author Topic: Trojan HijackThis log (Read 21576 times)

bato1994

ankur16

harry 48

bato1994

ankur16

bato1994

ankur16

bato1994

ankur16

bato1994

ankur16

bato1994

bato1994

ankur16

bato1994

evilfantasy

bato1994

evilfantasy

bato1994

evilfantasy

bato1994

bato1994

bato1994

bato1994

evilfantasy

bato1994

evilfantasy

bato1994

evilfantasy

bato1994

evilfantasy

bato1994

evilfantasy

bato1994

evilfantasy

bato1994

evilfantasy