Author Topic: Trojan HijackThis log (Read 21559 times)

evilfantasy · « **Reply #15 on:** October 27, 2009, 11:55:11 PM »

What does it do?

bato1994 · « **Reply #16 on:** October 28, 2009, 12:35:08 AM »

It just brings up a ComboFix scan.

evilfantasy · « **Reply #17 on:** October 28, 2009, 09:47:34 AM »

Ok. Are you letting it run or stopping it?

bato1994 · « **Reply #18 on:** October 28, 2009, 10:50:34 PM »

I let it run until it eventually stops and restarts when done. After reboot nothing else happens. No logs show up.

evilfantasy · « **Reply #19 on:** October 28, 2009, 11:13:50 PM »

Open Malwarebytes' Anti-Malware.

* Click the Update tab.
* Click Check for Updates
* If an update is found, it will download and install.
* Click the Scanner tab.
* Select Perform Quick Scan, then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

* Download OTL by OldTimer to your desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output
* Check the boxes beside LOP Check and Purity Check.
* Copy all of the text in the below Code box and then paste it under Custom Scan:

Code: [Select]

msconfig
drivers32
%SYSTEMDRIVE%\*.exe
%PROGRAMFILES%\*.

* Click the Run Scan button.

* When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.
* Copy the contents of both log files, one at a time, and post them with your next reply. (It may take two posts to get them both in.)

bato1994 · « **Reply #20 on:** October 29, 2009, 01:24:56 AM »

MBAM didnt find any infections.

OTL logfile created on: 29/10/2009 6:13:54 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.03% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.61 Gb Total Space | 66.59 Gb Free Space | 37.71% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 177.48 Gb Free Space | 95.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIELFAGHIURA
Current User Name: valued customer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe (Speedbit Ltd.)
PRC - C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe (TOSHIBA Corporation.)
PRC - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (acssrv [Auto | Running]) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati External Event Utility [Auto | Running]) -- C:\Windows\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (Authentec memory manager [Auto | Running]) -- C:\Windows\System32\TAMSvr.exe (AuthenTec Inc.)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ConfigFree Service [Auto | Running]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [Auto | Running]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-010708-104812 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate1c95e418ad821a6 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (TNaviSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Running]) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Running]) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Running]) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (TOSHIBA SMART Log Service [Auto | Running]) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper [Auto | Running]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (VideoAcceleratorService [Auto | Running]) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (afw [System | Running]) -- C:\Windows\System32\DRIVERS\afw.sys (Agnitum Ltd.)
DRV - (afwcore [On_Demand | Running]) -- C:\Windows\System32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (AlfaFF [Boot | Running]) -- C:\Windows\system32\Drivers\AlfaFF.sys (Alfa Corporation)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (atikmdag [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (ATSWPDRV [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ATSwpDrv.sys (AuthenTec, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FwLnk [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\FwLnk.sys (TOSHIBA Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (Pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\Pcouffin.sys (VSO Software)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (ROOTMODEM [On_Demand | Running]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTHDMIAzAudService [On_Demand | Running]) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (SandBox [System | Running]) -- C:\Windows\System32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (SCREAMINGBDRIVER [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (se45bus [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45bus.sys (MCCI)
DRV - (se45mdfl [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45mdfl.sys (MCCI)
DRV - (se45mdm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45mdm.sys (MCCI)
DRV - (se45nd5 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45nd5.sys (MCCI)
DRV - (se45unic [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\se45unic.sys (MCCI)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (sptd [Boot | Running]) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (StillCam [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (tosporte [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfbd [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp [On_Demand | Running]) -- C:\Windows\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\Windows\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfec [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\Windows\System32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (UMPass [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usbser [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usbser.sys (Microsoft Corporation)
DRV - (UVCFTR [On_Demand | Running]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (WINUSB [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WinUSB.SYS (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
MOD - C:\Windows\System32\config\systemprofile\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 11:07:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/28 17:30:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 17:30:32 | 00,000,000 | ---D | M]

[2009/10/25 21:42:17 | 00,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\mozilla\Extensions
[2009/10/25 21:42:17 | 00,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/29 16:35:53 | 00,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\mozilla\Firefox\Profiles\n7fmhzyl.default\extensions
[2009/10/25 21:44:41 | 00,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\mozilla\Firefox\Profiles\n7fmhzyl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/29 16:35:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/28 17:30:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/13 23:09:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/05 22:02:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/25 09:20:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/29 10:08:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/10/28 17:30:26 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/28 17:30:26 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/02 08:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/11/11 18:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2009/07/25 06:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/13 05:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/06/27 16:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/10/28 17:30:28 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/10/03 16:13:10 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/04/24 21:29:18 | 00,144,984 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/06/15 22:17:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/15 22:17:36 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/15 22:17:37 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/04/24 21:29:28 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/04/24 21:29:12 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/05/02 08:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/04/26 20:02:56 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/26 20:02:56 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/31 16:40:01 | 00,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/04/26 20:02:56 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/26 20:02:56 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/26 20:02:56 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/26 20:02:56 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/26 20:02:57 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/26 20:02:57 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

bato1994 · « **Reply #21 on:** October 29, 2009, 01:30:43 AM »

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (&Google Web Accelerator Helper) - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O2 - BHO: (Enhanced search Toolbar) - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Enhanced search Toolbar) - {abb88e4e-75f4-4fdc-8f42-d101484c4b3f} - C:\Program Files\Enhanced_search\tbEnha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Enhanced search Toolbar) - {ABB88E4E-75F4-4FDC-8F42-D101484C4B3F} - C:\Program Files\Enhanced_search\tbEnha.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Web Accelerator) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll ()
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe File not found
O4 - HKLM..\Run: [cfFncEnabler.exe] File not found
O4 - HKLM..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe (TOSHIBA Corporation.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [UsbMonitor] C:\Program Files\TrueSuite Access Manager\usbnotify.exe ()
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 08:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe - (Orbitdownloader.com)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe - ()
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk - C:\PROGRA~1\Toshiba\SMARTF~1\SMARTF~1.EXE - File not found
MsConfig - StartUpFolder: C:^Users^valued customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gueinywcf.lnk - - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: FingerPrintNotifer - hkey= - key= - C:\Program Files\TrueSuite Access Manager\FpNotifier.exe (AuthenTec, Inc)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: Internet Security Services - hkey= - key= - c:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: OxigenClientAdmin - hkey= - key= - C:\Program Files\Oxigen\bin\Oxigen.exe ()
MsConfig - StartUpReg: OxigenTrayIcon - hkey= - key= - C:\Program Files\Oxigen\bin\OxiTray.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RoboForm - hkey= - key= - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe File not found
MsConfig - StartUpReg: SpeedBitVideoAccelerator - hkey= - key= - C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TrackerChecker2 - hkey= - key= - C:\Program Files\Tracker Checker 2\Tracker Checker 2.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "startup" - 2

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2 C:\Windows\*.tmp files]
[2009/10/27 21:36:52 | 00,000,000 | ---D | C] -- C:\ProgramData\Agnitum
[2009/10/17 17:33:43 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/10/27 15:50:19 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\ATI
[2009/10/27 21:08:35 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\BitTorrent
[2009/10/25 22:25:25 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\GrabPro
[2009/10/25 21:33:05 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Macromedia
[2009/10/17 17:33:48 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
[2009/10/25 21:42:14 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Mozilla
[2009/10/25 22:23:04 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Orbit
[2009/10/19 19:08:02 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\WinRAR
[2009/10/11 22:03:26 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Yahoo!
[2009/10/25 21:55:02 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Adobe
[2009/10/27 15:50:19 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\ATI
[2009/10/25 21:42:14 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Mozilla
[2009/10/25 22:23:45 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AppData\Local\Toshiba
[2009/10/27 21:37:12 | 00,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2009/10/17 17:33:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/18 15:13:19 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/29 18:12:09 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2009/10/29 07:38:52 | 00,000,000 | ---D | C] -- C:\Microsoft
[2009/10/28 17:35:24 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/10/27 21:41:04 | 00,704,384 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\SandBox.sys
[2009/10/27 21:40:23 | 00,307,224 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afwcore.sys
[2009/10/27 21:37:46 | 00,029,208 | ---- | C] (Agnitum Ltd.) -- C:\Windows\System32\drivers\afw.sys
[2009/10/27 16:09:54 | 00,312,344 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\iaStor.sys
[2009/10/27 16:09:54 | 00,028,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\msahci.sys
[2009/10/26 22:21:10 | 00,000,000 | ---D | C] -- C:\Sun
[2009/10/26 19:21:58 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/10/26 15:44:37 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Documents\Bluetooth
[2009/10/25 22:28:59 | 00,052,368 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2009/10/25 22:28:59 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2009/10/25 22:28:57 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2009/10/25 22:28:57 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\System32\AvastSS.scr
[2009/10/25 22:28:57 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2009/10/25 22:28:26 | 01,279,968 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009/10/25 22:28:26 | 00,053,328 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2009/10/25 22:28:00 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Desktop\New Folder
[2009/10/25 21:50:55 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/10/25 21:50:51 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/10/25 21:50:42 | 03,584,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/10/25 21:50:41 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/10/25 21:50:40 | 00,833,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/10/25 21:50:39 | 01,174,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/10/25 21:50:36 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/10/25 21:50:34 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/10/25 21:50:34 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/10/25 21:50:33 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/10/25 21:50:33 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/10/25 21:50:32 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/10/25 21:50:31 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/10/25 21:50:31 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/10/25 21:50:30 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/10/25 21:50:30 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/10/25 21:50:30 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/10/25 21:50:29 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/10/25 21:50:21 | 03,597,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2009/10/25 21:50:20 | 03,546,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/10/25 21:49:52 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/10/25 21:49:50 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/25 21:42:52 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Windows\system32\config\systemprofile\Documents\avast_home_setup.exe
[2009/10/21 17:17:28 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/10/21 17:17:28 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/10/21 17:17:28 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/10/21 17:17:28 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/10/21 17:17:22 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/10/21 17:16:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/17 17:33:44 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/10/17 17:33:43 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/05/10 15:59:32 | 00,389,120 | ---- | C] (Henrik Rydgård Inc.) -- C:\Program Files\DaShRelease.exe

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\*.tmp files]
[2009/10/29 18:11:44 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2009/10/29 17:46:09 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/29 17:46:09 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/29 17:26:00 | 00,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
[2009/10/29 17:24:00 | 00,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/29 15:53:05 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/29 15:53:05 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/29 15:53:05 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/29 15:47:54 | 00,001,649 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
[2009/10/29 15:46:35 | 00,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2009/10/29 15:46:35 | 00,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/29 15:46:25 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/29 15:46:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/10/29 07:50:33 | 03,122,188 | -H-- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\IconCache.db
[2009/10/27 21:08:39 | 00,000,751 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\BitTorrent.lnk
[2009/10/27 15:49:24 | 03,436,844 | R--- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
[2009/10/26 22:26:00 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
[2009/10/26 20:22:50 | 00,000,725 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2009/10/26 20:01:18 | 00,001,898 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/10/26 19:28:17 | 00,073,621 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Brisbane Lions LOGO.jpg
[2009/10/26 17:28:13 | 00,001,630 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\Media Center.lnk
[2009/10/26 15:42:54 | 00,000,000 | ---- | M] () -- C:\rasphone.pbk
[2009/10/26 15:42:12 | 00,067,528 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/10/25 22:34:42 | 01,620,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/10/25 22:28:59 | 00,001,816 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/10/25 22:28:56 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/10/25 22:27:22 | 00,001,752 | ---- | M] () -- C:\Windows\System32\rasphone.pbk
[2009/10/25 22:23:56 | 00,000,821 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/10/25 21:52:26 | 00,000,600 | ---- | M] () -- C:\Windows\PUTTY.RND
[2009/10/25 21:49:12 | 00,001,649 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Desktop\CCleaner.lnk
[2009/10/25 21:43:03 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Windows\system32\config\systemprofile\Documents\avast_home_setup.exe
[2009/10/25 21:42:18 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/10/25 19:49:42 | 00,003,900 | ---- | M] () -- C:\Windows\System32\gasfkylog.dat
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/24 14:00:38 | 00,001,356 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2009/10/15 18:53:28 | 00,021,052 | ---- | M] () -- C:\Windows\System32\SIntfNT.dll
[2009/10/15 18:53:28 | 00,015,144 | ---- | M] () -- C:\Windows\System32\SIntf32.dll
[2009/10/15 18:53:28 | 00,012,067 | ---- | M] () -- C:\Windows\System32\SIntf16.dll
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\Windows\PEV.exe
[2009/10/03 05:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files - No Company Name ==========
[2009/10/27 21:37:48 | 00,000,049 | ---- | C] () -- C:\Windows\transp.gif
[2009/10/27 21:08:39 | 00,000,751 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\BitTorrent.lnk
[2009/10/27 15:59:27 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/10/27 15:49:59 | 03,436,844 | R--- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\ComboFix.exe
[2009/10/26 20:22:50 | 00,000,725 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2009/10/26 20:01:18 | 00,001,898 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/10/26 19:28:15 | 00,073,621 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Brisbane Lions LOGO.jpg
[2009/10/26 17:28:13 | 00,001,630 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\Media Center.lnk
[2009/10/26 15:42:54 | 00,000,000 | ---- | C] () -- C:\rasphone.pbk
[2009/10/25 22:30:54 | 03,122,188 | -H-- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\IconCache.db
[2009/10/25 22:28:59 | 00,001,816 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009/10/25 22:28:26 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009/10/25 22:27:22 | 00,001,752 | ---- | C] () -- C:\Windows\System32\rasphone.pbk
[2009/10/25 21:52:26 | 00,000,600 | ---- | C] () -- C:\Windows\PUTTY.RND
[2009/10/25 21:49:12 | 00,001,649 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Desktop\CCleaner.lnk
[2009/10/25 21:42:18 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/10/25 13:49:40 | 00,003,900 | ---- | C] () -- C:\Windows\System32\gasfkylog.dat
[2009/10/21 17:17:28 | 00,236,544 | ---- | C] () -- C:\Windows\PEV.exe
[2009/10/21 17:17:28 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/10/21 17:17:28 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/10/21 17:17:28 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/10/15 18:53:28 | 00,021,052 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/10/15 18:53:28 | 00,015,144 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/10/15 18:53:28 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/07/18 10:25:57 | 00,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/07/03 18:46:02 | 00,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/07/02 18:08:44 | 00,000,000 | ---- | C] () -- C:\Windows\AudioDVD.INI
[2009/06/05 17:15:53 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/05/18 19:37:54 | 00,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2009/05/18 19:37:54 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2009/05/18 19:37:54 | 00,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2009/05/18 19:37:54 | 00,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2009/05/13 20:35:08 | 00,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/05/13 20:35:08 | 00,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/05/13 20:35:08 | 00,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/05/13 20:35:07 | 02,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/05/10 14:01:56 | 00,171,008 | ---- | C] () -- C:\Program Files\ePSXe.exe
[2009/05/05 10:59:44 | 00,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2009/05/02 12:40:03 | 00,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/05/02 12:40:01 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/05/02 12:40:00 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/05/02 12:40:00 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/04/29 21:59:49 | 00,000,000 | ---- | C] () -- C:\Windows\LiveBilliardsDemo.INI
[2009/04/09 10:56:57 | 00,000,568 | ---- | C] () -- C:\Windows\ss4200utility.ini
[2009/04/07 14:29:46 | 00,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009/03/29 14:48:10 | 00,000,204 | ---- | C] () -- C:\Windows\struct~.ini
[2009/03/15 18:42:22 | 00,192,512 | ---- | C] () -- C:\Windows\System32\ssresources.dll
[2009/03/15 18:42:22 | 00,020,481 | ---- | C] () -- C:\Windows\System32\SystemsHook.dll
[2009/02/04 20:50:32 | 00,024,576 | ---- | C] () -- C:\Windows\System32\nsis_loader.dll
[2008/12/31 17:04:42 | 00,691,560 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/09 22:24:28 | 00,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/12/08 20:41:54 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/01 15:32:56 | 00,000,006 | -HS- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\desktop.ini
[2008/11/22 16:12:55 | 00,001,151 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/10/23 02:58:00 | 25,089,272 | ---- | C] () -- C:\Windows\System32\TrueAccessCoInst.dll
[2008/10/22 01:32:02 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/10/22 01:32:02 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/10/22 01:32:02 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/10/22 01:32:02 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/10/22 01:32:02 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/10/22 01:32:02 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/10/22 00:20:23 | 00,067,528 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/05/06 16:08:19 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/06 16:07:54 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/06 15:32:46 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/03/29 03:41:32 | 00,084,480 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/02/29 15:14:04 | 00,223,744 | ---- | C] () -- C:\Windows\System32\b4fm.dll
[2007/12/24 01:02:16 | 00,126,976 | ---- | C] () -- C:\Windows\gdf.dll
[2007/12/22 10:46:32 | 00,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/07/11 02:10:12 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006/11/03 00:02:10 | 00,001,356 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/03 00:01:48 | 00,000,006 | -HS- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Local\desktop.ini
[2006/11/02 23:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 23:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 21:23:31 | 00,000,442 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 21:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 18:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/13 22:06:10 | 00,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2005/07/23 15:30:18 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2009/10/29 15:46:35 | 00,000,882 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009/10/29 17:24:00 | 00,000,886 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009/10/26 22:26:00 | 00,000,896 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
[2009/10/29 17:26:00 | 00,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
[2009/10/29 15:46:25 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/10/29 15:43:53 | 00,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %PROGRAMFILES%\*. >
[2009/10/27 21:37:12 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/01/11 10:46:45 | 00,000,000 | ---D | M] -- C:\Program Files\3 Mobile
[2009/05/01 22:04:38 | 00,000,000 | ---D | M] -- C:\Program Files\Acoustica Mixcraft 4
[2009/08/30 14:51:25 | 00,000,000 | ---D | M] -- C:\Program Files\Acoustica Shared Effects
[2009/06/02 16:58:02 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/10/27 21:37:12 | 00,000,000 | ---D | M] -- C:\Program Files\Agnitum
[2009/05/13 23:32:00 | 00,000,000 | ---D | M] -- C:\Program Files\All Sound Recorder XP 210
[2009/04/19 15:37:31 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/08/30 14:48:21 | 00,000,000 | ---D | M] -- C:\Program Files\Antares Audio Technologies
[2008/12/16 16:35:06 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/04/06 17:58:21 | 00,000,000 | ---D | M] -- C:\Program Files\ASIO4ALL v2
[2008/10/22 01:09:04 | 00,000,000 | ---D | M] -- C:\Program Files\ATI
[2008/10/22 01:10:30 | 00,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/08/27 17:14:48 | 00,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/06/16 18:02:38 | 00,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2009/06/21 11:01:29 | 00,000,000 | ---D | M] -- C:\Program Files\Babylon
[2008/12/07 10:34:32 | 00,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/04/11 13:44:11 | 00,000,000 | ---D | M] -- C:\Program Files\BitDefender
[2008/12/01 13:37:30 | 00,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2009/06/15 22:18:07 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/12/08 20:19:01 | 00,000,000 | ---D | M] -- C:\Program Files\Camtech
[2009/01/01 17:39:37 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2009/07/20 21:06:00 | 00,000,000 | ---D | M] -- C:\Program Files\Chat Republic Games
[2009/07/20 22:56:49 | 00,000,000 | ---D | M] -- C:\Program Files\Cheat Engine
[2009/07/11 00:11:04 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/12/06 12:51:49 | 00,000,000 | ---D | M] -- C:\Program Files\Conduit
[2009/05/27 17:25:29 | 00,000,000 | ---D | M] -- C:\Program Files\Counter-Strike 1.6
[2008/12/19 12:19:37 | 00,000,000 | ---D | M] -- C:\Program Files\Crazy-World
[2009/07/18 10:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2009/07/18 10:44:37 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Pro
[2009/07/18 10:45:11 | 00,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Toolbar
[2009/05/15 14:04:37 | 00,000,000 | ---D | M] -- C:\Program Files\DAP Premium
[2009/04/21 18:23:48 | 00,000,000 | ---D | M] -- C:\Program Files\Defraggler
[2009/06/26 18:58:31 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/12/01 13:37:27 | 00,000,000 | ---D | M] -- C:\Program Files\DNA
[2009/05/05 11:05:42 | 00,000,000 | ---D | M] -- C:\Program Files\DOSBox-0.72
[2009/06/25 14:06:57 | 00,000,000 | ---D | M] -- C:\Program Files\Enhanced_search
[2009/01/22 13:12:30 | 00,000,000 | ---D | M] -- C:\Program Files\FlashGet Network
[2009/08/15 12:03:04 | 00,000,000 | ---D | M] -- C:\Program Files\Footy Fanatic FX
[2009/10/11 22:02:35 | 00,000,000 | ---D | M] -- C:\Program Files\Freebies Hack Engine
[2008/12/03 19:07:16 | 00,000,000 | ---D | M] -- C:\Program Files\'Full Speed' Internet Booster + Performance Tests
[2009/10/27 16:26:47 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/01/10 21:10:44 | 00,000,000 | ---D | M] -- C:\Program Files\Google Earth Pro 4.2
[2009/03/28 12:57:17 | 00,000,000 | ---D | M] -- C:\Program Files\Google Hacks
[2009/07/19 00:23:28 | 00,000,000 | ---D | M] -- C:\Program Files\Graboid
[2009/07/04 12:00:49 | 00,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2009/07/18 10:47:43 | 00,000,000 | ---D | M] -- C:\Program Files\Hasbro Interactive
[2008/11/22 16:17:50 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2008/12/06 19:10:50 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2008/12/16 18:11:05 | 00,000,000 | ---D | M] -- C:\Program Files\HyCam2
[2009/04/06 17:58:23 | 00,000,000 | ---D | M] -- C:\Program Files\Image-Line
[2009/05/05 11:00:02 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/10/22 00:16:12 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/10/28 17:57:53 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/10/22 01:32:02 | 00,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2009/06/15 22:18:39 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/06/15 22:19:00 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/12/23 13:39:13 | 00,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2009/10/21 17:10:57 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/08/12 19:12:50 | 00,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/06/08 13:28:22 | 00,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2009/04/15 15:52:13 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire
[2008/12/09 17:46:37 | 00,000,000 | ---D | M] -- C:\Program Files\LimeWire Accelerator 4.10
[2009/07/21 18:25:42 | 00,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2009/01/05 23:20:14 | 00,000,000 | ---D | M] -- C:\Program Files\Makayama Interactive
[2009/10/17 17:33:47 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/20 22:00:52 | 00,000,000 | ---D | M] -- C:\Program Files\Media Manager
[2009/05/16 19:55:59 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger Plus! Live
[2009/03/20 17:32:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/04/04 12:45:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/09/11 23:31:12 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2009/10/25 22:10:05 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2009/03/18 15:40:27 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/01/21 13:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/10/29 17:59:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/13 12:31:23 | 00,000,000 | ---D | M] -- C:\Program Files\MSECache
[2008/05/06 16:20:42 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/08/28 12:24:00 | 00,000,000 | ---D | M] -- C:\Program Files\NaturalSoft
[2009/03/29 17:01:09 | 00,000,000 | ---D | M] -- C:\Program Files\Nero 9
[2009/10/26 20:22:51 | 00,000,000 | ---D | M] -- C:\Program Files\Opera
[2009/10/29 15:59:53 | 00,000,000 | ---D | M] -- C:\Program Files\Orbitdownloader
[2008/12/22 19:17:56 | 00,000,000 | ---D | M] -- C:\Program Files\Outsim
[2009/04/08 18:12:30 | 00,000,000 | ---D | M] -- C:\Program Files\Oxigen
[2009/04/08 18:10:38 | 00,000,000 | ---D | M] -- C:\Program Files\OxigenInstall
[2009/05/10 16:27:57 | 00,000,000 | ---D | M] -- C:\Program Files\Pcsx2
[2009/03/26 08:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\Play89
[2009/03/23 17:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\Pool Station
[2009/06/15 22:17:36 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/04/24 21:23:26 | 00,000,000 | ---D | M] -- C:\Program Files\Real
[2008/10/22 01:06:40 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/06/16 18:02:34 | 00,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/04/05 11:50:16 | 00,000,000 | ---D | M] -- C:\Program Files\Safari
[2009/07/10 23:45:27 | 00,000,000 | ---D | M] -- C:\Program Files\SharpHacker's Registration Hack
[2009/03/29 14:24:13 | 00,000,000 | ---D | M] -- C:\Program Files\SopCast
[2009/04/21 19:56:46 | 00,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Accelerator
[2008/12/13 08:26:07 | 00,000,000 | ---D | M] -- C:\Program Files\Super DVD Creator 8.0
[2008/10/22 00:18:38 | 00,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2008/12/22 20:02:04 | 00,000,000 | ---D | M] -- C:\Program Files\TOSHIBA
[2009/07/10 12:55:08 | 00,000,000 | ---D | M] -- C:\Program Files\Tracker Checker 2
[2009/10/18 15:13:19 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/12/21 12:26:46 | 00,000,000 | ---D | M] -- C:\Program Files\TrueSuite Access Manager
[2009/04/05 10:53:19 | 00,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2008/10/22 01:29:21 | 00,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2009/10/29 16:24:30 | 00,000,000 | ---D | M] -- C:\Program Files\UltraStar Deluxe
[2006/11/03 00:01:55 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/06/16 23:03:01 | 00,000,000 | ---D | M] -- C:\Program Files\Unity
[2009/04/06 10:37:54 | 00,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009/03/29 15:27:09 | 00,000,000 | ---D | M] -- C:\Program Files\uusee
[2008/12/08 21:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2009/03/21 08:34:00 | 00,000,000 | ---D | M] -- C:\Program Files\VoiceSync
[2009/08/24 19:08:25 | 00,000,000 | ---D | M] -- C:\Program Files\VSO
[2009/08/30 14:48:21 | 00,000,000 | ---D | M] -- C:\Program Files\VstPlugins
[2008/12/22 20:01:15 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp
[2008/01/21 13:35:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/21 13:35:15 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/21 13:35:09 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/21 13:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2009/03/20 17:34:09 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/03/20 17:31:54 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2008/01/21 13:35:16 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2008/10/22 01:31:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2009/08/15 18:38:43 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/31 10:50:58 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mobile Device Handbook
[2006/11/02 23:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/21 13:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/21 13:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/12/09 18:19:40 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/03/23 16:27:02 | 00,000,000 | ---D | M] -- C:\Program Files\XAimer
[2009/10/11 22:03:26 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2009/01/24 13:42:57 | 00,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:AC6124CA
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:13EDD51B
< End of report >

bato1994 · « **Reply #22 on:** October 29, 2009, 01:32:49 AM »

OTL Extras logfile created on: 29/10/2009 6:13:54 PM - Run 1
OTL by OldTimer - Version 3.0.22.1 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 86.03% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 4603 4603 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.61 Gb Total Space | 66.59 Gb Free Space | 37.71% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 177.48 Gb Free Space | 95.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIELFAGHIURA
Current User Name: valued customer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6198:TCP" = 6198:TCP:*:Enabled:Jetbrowse
"3126:TCP" = 3126:TCP:*:Enabled:Jetbrowse
"3128:TCP" = 3128:TCP:*:Enabled:Jetbrowse

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FAD44A-D94D-472F-BF52-DE21EFFC76FE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{04D7B9AE-2F02-43D9-8FF9-8B74D36A946E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{08430BAC-51E4-4DDA-AA6F-E005D652857F}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0F071424-C7C2-4433-980A-AFCA6C1A3848}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F7E58B0-C390-4B6F-AD5D-BC9DBDA148A1}" = lport=445 | protocol=6 | dir=in | app=system |
"{109AAC1A-7DC2-4732-8EF4-BA85EF62226E}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1A6276DD-6928-48AB-8848-8E5608880697}" = lport=137 | protocol=17 | dir=in | app=system |
"{1D5D98FF-56EF-4DFD-8502-7241E58CA1B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2000F4B8-D761-4D23-9C7A-F3A2FA6B3A40}" = lport=5358 | protocol=6 | dir=in | app=system |
"{21607F9F-11F8-4CBA-A09B-F5355677DE8C}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{21F7C426-D934-4BAA-B9E2-9AF28B6BE5BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2391368C-A09D-4B50-AE34-D17BA94BF9CF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{285E620A-6992-40DC-8FB7-2BBE1EA053F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{29CCD269-9283-4DF9-9A3D-C9606EA756C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2CAF18B5-5B4A-4751-8F92-5175BCCA470A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DEE2CF7-FE6C-449F-8822-5851A709A2F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32B16349-B7A8-41B1-B742-32C47E8993BD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{36E1CAA2-49F5-427C-B8A1-AE767B46B342}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B60C9EF-7CA4-4EE6-8B41-46D86E582001}" = rport=5358 | protocol=6 | dir=out | app=system |
"{3C3A3CFD-121A-4F2E-B5DC-0FE644C44F52}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3C6FCF75-E490-4DF0-8923-7078E81B6376}" = lport=139 | protocol=6 | dir=in | app=system |
"{42388898-0AF6-4531-998C-C2AB8D50CF78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{48FC22A5-AE5F-4B2A-BDF4-3505659C7A00}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C4D2804-2463-46C9-9281-CBFBCFF8C786}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{5155EFF3-5C4F-4266-8C45-1E9D662E4979}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54B53881-CBB8-4344-9B45-85D650042D75}" = rport=5357 | protocol=6 | dir=out | app=system |
"{58C7ADB3-3E8E-4AB6-893F-ACA3D4A0D995}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5A838718-132C-499D-B3B9-827E5A11C575}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AC4B9F7-B873-4C56-85B0-9B9762EDC331}" = lport=3390 | protocol=6 | dir=in | app=system |
"{60808892-B129-4C95-BCE0-0BC83B674A38}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6542CE81-D36E-464A-BC57-81770FA3E2CD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{66311B68-8839-4814-8ABC-417496AC51B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{665B3027-7AF7-4C19-A6AF-341AF7AC28F6}" = lport=5357 | protocol=6 | dir=in | app=system |
"{69D3F0CE-7722-4B21-A60E-8A2006358AF5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D0D9A2C-0FBB-4D98-99FE-15E2756A79FC}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{74FB9979-CB25-4AFA-AAB0-543EEAEBC80C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D1016D2-E1A0-41B4-98C7-3B337BB51128}" = rport=445 | protocol=6 | dir=out | app=system |
"{7DE6FD53-F338-4623-B59F-A0586A161C36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7FCF92F7-6604-4BF9-864B-5574AB11FA46}" = lport=6112 | protocol=6 | dir=in | name=utorrent |
"{85CAC53B-387F-4CBB-83E1-F009D084407B}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{89343FC4-2AD4-4378-A760-0ADB7E33BE6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C7368D6-D071-45DC-9D2E-1565895AF027}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8FF29A96-C299-4BFC-927F-E68D280FF32B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9384DB64-DFC4-4F2F-8AC2-8DA4CDCC9C69}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{96126140-8B46-4A4E-8F17-69E674A27B40}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{997F3DBB-3BF7-4880-BD19-013078BABD57}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9E332BD4-28EC-4EB9-8626-17B1B13BC998}" = lport=10244 | protocol=6 | dir=in | app=system |
"{9F360063-8E88-4BBA-9FE5-AA28C9C72313}" = lport=10244 | protocol=6 | dir=in | app=system |
"{A2313FE9-E6FC-4B79-9ECB-6A8179B0E0ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A772A78B-C237-4924-961E-49631498CBBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A8E38D47-D4F1-4EEE-937B-74849E99A5D6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{AA7A6302-66B4-42A5-9761-92AF78E0ED12}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACD9E333-0B56-4BF1-9F67-368F226B0EDE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B15A0A71-BB69-4EB8-A7C0-4A591FFECFD1}" = lport=6881 | protocol=6 | dir=in | name=bittorrent |
"{BEEBE2F6-EFA1-42D6-8F45-9E35C1B7F5A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2D90D96-BEAB-4650-9AF3-044889E8E072}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C3A321B0-A0BC-4DB3-9BB2-77539FBC6841}" = rport=137 | protocol=17 | dir=out | app=system |
"{C6FBAB7F-6664-4AD4-AACA-3A7E96C702EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C97CCBDA-12D9-456A-9838-DB915BEED114}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CB2691FD-D9B3-4503-8632-C78F2B97AC20}" = lport=138 | protocol=17 | dir=in | app=system |
"{CFBBEBBF-9A84-48A4-974F-297AD8FDF5F8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D4DA7FCF-442A-495B-A032-64900DB4595A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D6B973AA-2AFA-42CC-A9A5-6DA1877CC761}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8436147-65D8-4160-A442-CBB38225300A}" = rport=10244 | protocol=6 | dir=out | app=system |
"{DC6DE619-C26F-46FE-84E6-906878457775}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E73C9539-F035-4FD9-A55B-ED38B1699531}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{E988F0F8-1A4A-447F-8FFC-C9DE9D3B3D52}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EAB1B3AC-54C6-4243-8156-43B54B815EEF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC165FDF-652D-4A72-AD4E-2B8D72935A42}" = lport=3390 | protocol=6 | dir=in | app=system |
"{F3C6BF74-6162-47B2-971B-C81F0AEAAD6E}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{F5A8BC32-CB80-4C60-99F8-3465CD23CEF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F80F357D-338F-4DCF-96B2-DBA6A345AAB8}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{FD48B0AD-2966-4E17-A424-67C12E662B59}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003D9E86-BEB7-4496-B6F2-86723FF3B591}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00B0860F-567F-48FD-BB44-6B1D26AB1CD7}" = protocol=1 | dir=out | [email protected],-28544 |
"{0373AFF8-27FF-43F0-8F7E-E4446AA8265F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{03935043-A22F-4764-B7F0-BCEFECC44E5C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{03D39896-5479-4D97-8F13-C40DEC81F890}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{054B4EB0-6079-4049-9515-38D38315D755}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{06B76319-6A11-477B-AC5F-545D718FB615}" = protocol=6 | dir=in | app=c:\downloads\pes2009.exe |
"{0721C4E1-4B9A-4237-B8CE-A854CC81E4E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09379208-364E-4666-88A3-DE3EB11AF280}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{09695FEC-17AF-45FB-B885-1FD695483E7D}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{0AF55769-198A-4C43-B5CC-D2D83C91705B}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{0BC82451-A4DB-4201-AB41-9FDD4275769F}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{0D9D4E8D-CBD1-483C-BB49-8B285D330639}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EEB466B-8EEE-46B0-9484-C93B5F5EF892}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{0F814524-1FF9-4E7F-8953-9DFF1CC6D207}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1718BD6A-371F-44F6-889F-DB8A8A6D8E0B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1A07D97E-2B7D-4DD4-AB21-3FB7513ED11D}" = protocol=6 | dir=in | app=c:\users\valued customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1AF76756-A571-46E9-B13D-131736D43780}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{1C85FB1B-1AF1-4B70-83BB-2E2888360E58}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{1E548B41-C0A3-4E63-AC25-BB7875EE68A9}" = protocol=58 | dir=in | [email protected],-148 |
"{23509809-5C0D-407C-834B-CEBBA5EE065C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{25866670-41DD-4824-8616-F1F956942367}" = protocol=58 | dir=out | [email protected],-28546 |
"{295A9215-5AFC-4DB1-8D5E-00FD4DCBF72B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{29C33AD1-A7C6-409D-8F75-EF2EAE82A657}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F04E077-832F-41D4-AA63-18382ACE9F27}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FE4FD66-3E71-46AD-85B9-74249EB59468}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31E0B289-08E0-4E37-AA1F-10AA21F4EFCB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3409FFBC-4CF8-4D9E-8B75-D01275F237D9}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{35CF1D8B-A690-468F-AEB2-1C8880DD3D84}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{3CAA937E-8E4E-4E05-8D47-95E557D4AF57}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{3CE734C8-0B79-4C3A-ABE1-30139708D5AB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3D1DA201-90EB-4025-8B58-B6E6CF4DC6C1}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{3D205531-DEA5-40CE-B2A3-737F306DD4AD}" = protocol=6 | dir=in | app=c:\users\valued customer\appdata\local\temp\rar$ex00.813\pes2009.exe |
"{40ED2CF0-9329-4031-995C-F3D47DEDBE22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{422198AE-F271-4B6F-91AE-D42041B76BBB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{424D942A-496E-4D0F-AFD9-4566AF4838FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4441B5ED-D2F6-4998-820A-F184F84D337F}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{45858AD6-4983-4E5A-9F59-F994179758E0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{49EAC377-84C2-418F-AB09-5715755109AD}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{4A29C4AF-8E94-47D3-BCE7-5D68903AF384}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{4D86431B-1580-45B2-B02C-10713FC6D8A1}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{4E2A5C91-C749-483D-BF19-812A3BBFF676}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{4F3E0253-D398-4423-A58A-1847049EF67C}" = protocol=17 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{4F95606E-BD4C-4700-98BC-99A2017DE0C9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{53B0F648-DA98-4A07-BF32-88D146661946}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{5455A4CF-D974-40FC-8432-6E771BA12A98}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{554D2880-9FEF-4C4C-A4BB-D08E08263219}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{55759A88-ABAE-4E94-81B7-5965973DB1A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{567995E2-4DFC-483A-BA6B-E9BA0C4149A6}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{58F68995-9F14-40C9-8B52-DDC67FAC8F7C}" = protocol=1 | dir=in | [email protected],-28543 |
"{59FCFDFF-2687-48BD-A825-9A4864B3B357}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{5E783496-4A22-4157-9533-D545EE62FDE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6063C993-325B-4CC9-8DE2-A2E61D58060B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{659B25F2-3ED8-4820-8B9F-F3366FCB4C3D}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{66EBFF9A-E2A7-4C98-9180-5172D7DB2194}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{680859C0-7F1D-4AF9-809C-E358F6808705}" = protocol=6 | dir=out | app=system |
"{68C49170-FEE2-4232-9379-4B4FB0327903}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{692E45DF-2615-493F-BC0E-C363FD6F9711}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A8E5F24-C194-4DBF-902F-D6166030068E}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{6C68CE57-3961-4659-AAA5-240756361435}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6CA5AC68-BCF3-4115-A0E6-92214D7DEE3F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DD90E75-51AB-4A8D-B2D0-E40EDBE97B5B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{700E781F-9FDB-4098-B5B3-84679146B3CA}" = protocol=6 | dir=in | app=c:\users\valued customer\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{708308CD-DE17-4CDA-95A1-4EB204EE34BB}" = protocol=6 | dir=in | app=c:\users\valued customer\saved games\pes 2009\pes2009.exe |
"{7515C6A3-AEA4-44E4-AB9E-1335AD5788C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75FF60DB-7CAF-4BB7-AF66-E7240BA412B1}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{764502F5-181E-4291-80B8-CC2DE88979AA}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{774F2E63-A1A3-4992-B460-882F49D699B2}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{7BEECACF-C403-4FD2-A7FB-DD5347E282E6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D6F8888-E971-4106-B7B9-F1BCB2335D63}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{7DDF7F36-F5E7-4E74-BC12-685F3561BF51}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{81089108-9800-41EA-8E66-DA90DE593F86}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{81DF561F-6193-4E17-81A3-902DA594105A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{832148F5-D430-4A7B-AFA0-C5B987877D7B}" = protocol=6 | dir=in | app=c:\program files\voipcheap\voipcheap.exe |
"{8C7FEEDF-6BEB-48D6-983E-74EFEA2EC563}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8CE9450F-0D21-4005-B79C-CA31A0C4A59C}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{8D673A33-A50C-4BBC-887D-15137CEB0B57}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{90730AA4-04FE-4CA1-A238-EDB48273A077}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9223AEC1-3F33-4371-92E9-BCA17650566D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{92A04052-F204-4165-8289-94A1ADA77863}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{93077BBB-835F-4476-A261-75C5F3B19313}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95EBDFD6-F0EB-4018-8E79-1F391565F2F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B9BE57A-341A-424C-9B08-D29D1E5F18FE}" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{9BA5A975-E6A8-4DDF-8829-894F7A106DF9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D8B3946-9E6F-475D-84B7-13B47C3723FB}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A0FDDDE3-B143-4E73-A7E3-1CD85EE824FD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2361C12-25E6-4D55-805A-1AA20192CABF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2FA941E-AF57-4DD5-8281-795D462F19E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A301988C-E56D-49DA-B99A-7358142234C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{A48463CD-CAF5-4080-8435-26B960766295}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A50C92D7-E095-4073-A4BC-15F2194B4582}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5E5B98E-4151-4A25-9E1A-4CD4EF52083B}" = protocol=6 | dir=in | app=c:\users\valued customer\saved games\pes 2009\pes2009.exe |
"{A80518E7-B445-47A3-B320-89F8103ABDF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A86DE86D-4D6D-4DAE-A955-C75E7376E9BA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A8A630E5-85D8-478F-8911-2B26557A0EE2}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{AA1B2183-AD48-44BE-83A0-F6834E749A80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AC527F38-DA64-4A80-A030-1E121DC464F3}" = protocol=17 | dir=in | app=c:\users\valued customer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{AE555191-CE06-40F2-8360-93D0F8E20FF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AED36327-C1E1-4778-9147-99480064EE09}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{AF2740B5-EB29-4E96-B3B6-EBFFCAD51FFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B0DA40BE-752C-4F13-BCAC-8E856AF84550}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1559035-027B-4C4A-9DD7-89B730907F4F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B17EA51E-1A06-4657-8985-FE03F45565FA}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{B2668096-402A-4D0C-8B4B-0E3AB22A2A1A}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{B55189BE-8C46-4BB2-AE0E-86238225F13A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B6D7ED46-2700-42D6-9068-F85543E24149}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{BEAA13AA-476C-456F-84A1-250CEEC99BFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BFEDB629-329A-404E-B435-17B444AAE16B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0B40721-069A-49F0-9CE4-850EEFC5EB9E}" = protocol=17 | dir=in | app=c:\program files\voipcheap\voipcheap.exe |
"{C15BE407-F411-4309-B590-7F220B9B1D94}" = protocol=17 | dir=in | app=c:\users\valued customer\appdata\local\temp\rar$ex00.813\pes2009.exe |
"{C1C9B5E2-4C56-4A7D-AE75-17164A92672F}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{C3F40C87-C717-45E6-80A8-CC2F3B72E6B8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C594E898-BFB5-4292-82C8-D6315139385C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C73E0222-BE8C-48EE-A3B8-615BADB69B31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C74A33BB-B539-40F6-986C-EC2A62F27399}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC0E43A0-63B3-430D-93F5-589825CED4A1}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D12F7660-46CE-473F-BB22-9577216E1B37}" = protocol=17 | dir=in | app=c:\downloads\pes2009.exe |
"{D47FDE34-D79C-45A9-9E1A-4D0A3AEA8DBC}" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"{D6D06201-F9AF-4072-B735-F3865CB29239}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{D73CD224-41E9-440C-AE28-F5B47BFCEC49}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{D95B14C3-4949-44D2-8001-603CB5272AE4}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DD4A2597-93DE-4E68-B07A-26C303CE8E43}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD88697C-A958-49DA-813F-952A6A5DCD5B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DE4038B6-32BD-46E4-9249-6B645F33D8BF}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E0FCA68F-0E53-42BD-BAD1-C682AF88AC25}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{E27371CA-A16A-44D9-8B26-B12A38F8A6B1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{E2E693A1-01F3-4C8F-838D-505A1B9AA46C}" = protocol=17 | dir=in | app=c:\users\valued customer\saved games\pes 2009\pes2009.exe |
"{E41786A3-50B6-4237-A6A0-ABE06BFE21D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{E504E7C4-73B9-4E4D-BFAB-6B98004312EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5983B69-467A-4940-8B38-5CF82C98F511}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E78165F8-1428-4D7B-8A6F-F858C006D5BF}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{EC3FE113-B270-4978-A8C3-164C6EE34D92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0D50891-A122-4F37-84B1-B80E0CE3A6FD}" = protocol=17 | dir=in | app=c:\users\valued customer\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{F2C44492-B7C8-4FC5-8175-0B34E99BF21F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F427CCD8-B519-4433-B315-02333F3A3654}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5817369-E72C-4197-AFF7-EF6A56E9BE69}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F6B4BD23-4F34-488B-AD41-F59984D58B4A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F82FF177-189E-4612-870A-84085BBA35A5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F87E5D3C-0177-4383-8601-912789614FE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9C73C67-12FC-491E-997F-268B402548E1}" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{F9D05FD1-5C42-43E3-A11B-0C41FD4F8F5B}" = protocol=58 | dir=in | [email protected],-28545 |
"{FA5585F9-D723-416C-AE7A-1147DCF2A83A}" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"{FB403CD5-0372-43C8-ACD0-E077652528A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC955A24-5D26-4B3B-8DB6-DF4404C9E82A}" = protocol=6 | dir=in | app=c:\users\valued customer\documents\utorrent.exe |
"{FDB9C9BD-52F3-4A98-AC69-E2C169D0F4CF}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FE5B0019-DF88-4845-BF5B-937A2F63D264}" = protocol=17 | dir=in | app=c:\users\valued customer\saved games\pes 2009\pes2009.exe |
"{FECCD3A5-2B7E-4F0A-AB24-9FAC72898214}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"TCP Query User{13FE2A77-98C2-4FD3-87FE-4EFD2A848517}C:\users\valued customer\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"TCP Query User{28B1612E-5E23-4B74-8565-46796AE6E2E8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{293088A1-4481-471A-83E9-2F08263E0050}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{2A8B1E38-2CC7-40D2-8B0D-2C7C4AB62459}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{35C8B397-A046-4277-8864-4038C94A41A4}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{5E91463A-82E7-428E-AF3C-073B1BEE0DB7}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{7AD9BEAD-7107-4C5F-9255-81AA46F90A3A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{96140E6E-90CF-4DE5-B7C3-7BDCEE1FD465}C:\users\valued customer\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\valued customer\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{C70401A1-F40D-4FA8-98E4-B3AE03A199F3}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{C754C5F6-F948-41BF-A37D-A14F2A0B0B13}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{D11ACB6A-658D-49E6-9023-FFCA9D508299}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{D7CC3F27-053A-4D96-8655-9E26D463C8EE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E03BF076-E90E-4A1E-B26F-C59295D78EAB}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{E24B3F7F-0B83-4D96-B140-06508A0792A9}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{E6427DCB-A473-4439-AD87-735D11DE784F}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{102E5BDC-6F6C-40CD-A7EE-76C1FDB0B158}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{1B4AC94B-1160-4D82-B69A-11C50A08C9DD}C:\users\valued customer\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\valued customer\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1DA45D99-C191-461C-AD58-D7B1FDBE270B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{4274A518-2285-4A1A-9A9E-BE6E83216310}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{4E645DC0-D49E-4045-BC1A-57B0C959C7C1}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{665BC4C8-093C-40BB-A905-1BCE704DDE7F}C:\users\valued customer\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\valued customer\program files\utorrent\utorrent.exe |
"UDP Query User{84AE13A8-BCDF-4ACC-B0A1-064A5DCAEE49}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{85B69161-25E5-4045-99AE-82B643F42136}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{91613BC5-4B74-4A74-9E52-95D0C9D57847}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9385CE6C-593A-4F7A-8CAE-5F6E6AFE1046}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{9A9EB343-6DBC-4C23-BC89-9D09D27872E9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{ABAEB9D7-D881-42DD-938E-B95B86984DE1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{BCB5ECBE-56E8-44E2-A240-BCFCF0A4DAD5}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{DF59A2BC-3CF2-416A-97B8-9722FDCE3D48}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{F42970F9-7BED-46DE-B4E0-16D4740A1A5B}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

bato1994 · « **Reply #23 on:** October 29, 2009, 01:33:59 AM »

Continued...

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01E19402-C0E4-B301-17F6-551EA53F7351}" = Catalyst Control Center Localization Japanese
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03B39295-B637-9491-9A38-90872F42966A}" = Catalyst Control Center Localization Italian
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04FE63AC-AC7B-4C80-83AA-CCACA48C0C19}" = PS_AIO_04_C5300_Software
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{09725E0F-6406-4500-8296-DBF6E697E9D7}" = C5300
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0D6D148C-DFE8-C643-C4E7-A7DB84B9031E}" = Catalyst Control Center Localization Swedish
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A7979D5-9AED-2730-A561-AE28CC747B91}" = Catalyst Control Center Localization Chinese Standard
"{1EF7109C-CEC0-45A6-3965-C99FAE0B7A4B}" = Catalyst Control Center Core Implementation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 15
"{26BEE28E-C285-4532-82D3-7CE3C5F805D4}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2C0ADDC5-6FF6-60AC-104F-81C1E7DD1E6E}" = CCC Help Swedish
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3513D67C-9B77-6242-D2B4-8C96D4587B51}" = CCC Help German
"{36C9E08A-BE2B-40A0-83C5-576748F7B777}" = TestDrive Client
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3AD56302-2ADE-4A1C-864A-CB9FFF040576}" = PS_AIO_04_C5300_ProductContext
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{489CA990-9FFB-495A-B5F6-027199E65405}" = PS_AIO_04_C5300_Software_Min
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64A2B0D7-2204-298F-F4ED-B386CAFFA694}" = Catalyst Control Center Localization German
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C57747-551F-4e4f-AB60-13358DC4F00A}" = HP Photosmart C5300 All-In-One Driver Software 11.0 Rel .4
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6CC1EE94-B426-478B-AE83-F83EBB4EF66A}" = HPPhotoSmartDiscLabel_PaperLabel
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6F04A6FF-7F7B-55E0-C649-C781D27C3515}" = Catalyst Control Center Graphics Full New
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70455234-B242-88EE-EEC6-5FB8B3C5A68D}" = CCC Help Italian
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73764932-E12C-1F98-15B9-2B4FAB03C521}" = Skins
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.2.188
"{76E72622-885F-7D3D-D74D-ADFC2D054D4E}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78FBDFAF-9463-E30B-C19C-DB78ADF7F894}" = CCC Help French
"{7E7AD30F-D34E-1DBB-95F4-6A174127A6A6}" = Catalyst Control Center Graphics Full Existing
"{7ED180E1-ADE9-4C69-8845-BDF518D763B8}" = hpphotosmartdisclabelplugin
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A877662-8051-E928-0CB4-4A6C5FE90EEC}" = CCC Help Dutch
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91710409-8000-11D3-8CFE-0150048383C9}" = Microsoft Application Error Reporting
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A050CE7-1EF2-A942-4CAB-7C02E99FFDB0}" = Catalyst Control Center Localization Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE0832C-194D-D1B3-5E93-A45BC14E8D0C}" = Catalyst Control Center Localization Portuguese
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}" = TrueSuite Access Manager
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63769B5-2D2B-518A-55D7-16458D553605}" = CCC Help Portuguese
"{A7965F9D-92AA-5C12-F389-A05339170ACF}" = CCC Help Japanese
"{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = Pro Evolution Soccer 2009
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB0F54CA-798B-1BF9-AA82-DE78BD3AAE6B}" = Catalyst Control Center Localization Dutch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.7
"{AF10D7E4-D29A-45DA-8050-B116097B69B5}" = Safari
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B2F3087C-10C9-BAA7-0827-7501AA64588A}" = CCC Help Chinese Standard
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73F949B-839C-9F5A-2E51-40B2AC3BC779}" = Catalyst Control Center Graphics Previews Vista
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
"{BCC09E9C-3340-473D-A4FE-8580992CA77A}" = HPPhotoSmartDiscLabelContent1
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C485E390-78F5-4D5B-B56A-20A4C59B022A}" = FM Tuner Utility
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C9933E93-8653-447E-9A19-9BCF658E3AE9}" = C5300_Help
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CF98DACA-A3C6-E90C-1FF6-326F7ABF531D}" = ccc-core-static
"{CFE95E33-9B99-9FF5-8051-03E21D955ACF}" = CCC Help English
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6D532B2-22E1-43AA-B4B7-34D772314859}" = Oxigen Client v5.01.0000
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{D8CF7AE3-1D21-F454-7798-2EA7ED006269}" = CCC Help Chinese Traditional
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E240D2D0-FF54-6B3A-F866-36717C0E068B}" = CCC Help Spanish
"{E257B0A7-3B49-4943-7455-F2E7B09137C8}" = ATI Catalyst Install Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EA983525-B803-F9C8-9E00-4AD187D597C1}" = ccc-utility
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F08CA874-5735-0EFC-0832-68BDD155A2F3}" = Catalyst Control Center Localization Chinese Traditional
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F273BBCA-68BF-76D7-8666-F8A5B40EA83B}" = Catalyst Control Center Localization French
"{F4A256A6-E670-FEAF-A45A-444DB34CBD5F}" = Catalyst Control Center Graphics Light
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F73DB365-02E3-1E83-6F55-FDF9596038F5}" = Catalyst Control Center Localization Spanish
"{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}" = HDMI Control Manager
"{FC66E05E-8D39-47A6-8D07-759F33727EB0}" = Opera 10.00
"{FE24D361-A3E8-11DE-88F3-005056806466}" = Google Earth Plug-in
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FF2D46CF-122C-47D8-9846-037C59E7144D}" = Google Web Accelerator
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"Cheat Engine 5.4_is1" = Cheat Engine 5.4
"Collab" = Collab
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Defraggler" = Defraggler (remove only)
"Enhanced_search Toolbar" = Enhanced_search Toolbar
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.0.5 (Basic)
"Magic ISO Maker v5.5 (build 0276)" = Magic ISO Maker v5.5 (build 0276)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Nero 9 Lite_is1" = Nero 9.0.9.4 Lite
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"Play89" = Play89
"PoiZone" = PoiZone
"RealPlayer 6.0" = RealPlayer
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.0.3
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"TVUPlayer" = TVUPlayer 2.4.5.1
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"UnityWebPlayer" = Unity Web Player
"Videora iPod Converter" = Videora iPod Converter 4.07
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WORD" = Microsoft Office Word 2007
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 21/09/2009 1:02:41 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 21/09/2009 1:04:14 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/10/2009 7:10:38 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/10/2009 7:10:47 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 11/10/2009 7:10:52 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 14/10/2009 6:50:13 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 14/10/2009 6:50:27 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 14/10/2009 6:55:49 AM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 23/10/2009 11:40:33 PM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

Error - 23/10/2009 11:40:44 PM | Computer Name = DanielFaghiura | Source = avast! | ID = 33554522
Description = Error in library avUInt: ActiveSkin not installed or not registered
properly.

[ Application Events ]
Error - 28/10/2009 4:37:46 PM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 28/10/2009 4:40:44 PM | Computer Name = DanielFaghiura | Source = VSS | ID = 8193
Description =

Error - 29/10/2009 12:46:29 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 29/10/2009 12:46:40 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 29/10/2009 12:46:49 AM | Computer Name = DanielFaghiura | Source = WinMgmt | ID = 10
Description =

Error - 29/10/2009 12:46:51 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 29/10/2009 1:07:35 AM | Computer Name = DanielFaghiura | Source = VSS | ID = 8193
Description =

Error - 29/10/2009 1:10:15 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 29/10/2009 1:25:29 AM | Computer Name = DanielFaghiura | Source = Application Error | ID = 1000
Description = Faulting application USdx.exe, version 0.0.0.0, time stamp 0x2a425e19,
faulting module USdx.exe, version 0.0.0.0, time stamp 0x2a425e19, exception code
0xc0000094, fault offset 0x000b443e, process id 0x150c, application start time 0x01ca58560ca92d7d.

Error - 29/10/2009 1:25:44 AM | Computer Name = DanielFaghiura | Source = profsvc | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

[ Media Center Events ]
Error - 23/10/2009 6:37:00 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 6:37:19 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 6:37:37 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 6:38:44 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 23/10/2009 6:39:15 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 26/10/2009 2:19:38 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 26/10/2009 2:20:16 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 26/10/2009 2:28:34 AM | Computer Name = DanielFaghiura | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ MediaManagerServiceEventLog Events ]
Error - 20/12/2008 7:01:24 AM | Computer Name = valuedcustom-PC | Source = MediaManagerServiceEventSource | ID = 0
Description = Error: System.IO.IOException: The device is not ready. at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.Directory.InternalCreateDirec tory(String
fullPath, String path, DirectorySecurity dirSecurity) at System.IO.DirectoryInfo.Create()

at thePlatform.MediaManager.Core.ImageCach e..ctor(DirectoryInfo cacheFolder,
IConnectionState connectionState, Int32 maxCacheSize, WebRequestFactory factory)

at thePlatform.MediaManager.Core.MediaMana gerFactory.MediaManagerFactoryHelper.Cr eateInstance()

at thePlatform.MediaManager.Core.MediaMana gerFactory.MediaManagerFactoryHelper.Ge tInstance()

at thePlatform.MediaManager.Core.MediaMana gerFactory.GetLocalInstance(Boolean
encrypt) at thePlatform.MediaManager.Service.MediaM anagerApplication..ctor(Boolean
encrypt) at thePlatform.MediaManager.Service.MediaM anagerService.OnStart(String[]
args)

[ OSession Events ]
Error - 26/05/2009 3:59:53 AM | Computer Name = DanielFaghiura | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2466
seconds with 1920 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 28/10/2009 4:38:20 PM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 28/10/2009 4:38:20 PM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 10.1.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 28/10/2009 4:38:21 PM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 29/10/2009 12:46:25 AM | Computer Name = DanielFaghiura | Source = HTTP | ID = 15016
Description =

Error - 29/10/2009 12:46:49 AM | Computer Name = DanielFaghiura | Source = Service Control Manager | ID = 7000
Description =

Error - 29/10/2009 12:48:35 AM | Computer Name = DanielFaghiura | Source = Service Control Manager | ID = 7022
Description =

Error - 29/10/2009 12:48:49 AM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 10.1.1.5, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 29/10/2009 12:48:49 AM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 29/10/2009 12:49:47 AM | Computer Name = DanielFaghiura | Source = ipnathlp | ID = 31004
Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This
may indicate that the system is low on virtual memory, or that the memory manager
has encountered an internal error.

Error - 29/10/2009 1:09:55 AM | Computer Name = DanielFaghiura | Source = Service Control Manager | ID = 7000
Description =

< End of report >

evilfantasy · « **Reply #24 on:** October 29, 2009, 10:10:33 AM »

Double click OTL

* Click the CleanUp! button.
* Select Yes when the "Begin cleanup Process?" prompt appears.
* If you are prompted to Reboot during the cleanup, select Yes
* The tool will delete itself once it finishes.

----------

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

bato1994 · « **Reply #25 on:** October 30, 2009, 02:10:53 AM »

ESETscan log:

C:\Downloads\CheatEngine54.exe   probably a variant of Win32/Genetik trojan   deleted - quarantined
C:\Program Files\Cheat Engine\dbk32.sys   probably a variant of Win32/Genetik trojan   cleaned by deleting - quarantined
C:\Program Files\Image-Line\Toxic Biohazard\Toxic Biohazard.dll   probably a variant of Win32/Delf trojan   cleaned by deleting - quarantined
C:\Users\valued customer\Documents\Downloads\AirportTycoon3Setup-dm.exe   Win32/Adware.Trymedia application   cleaned by deleting - quarantined
C:\Users\valued customer\Downloads\FL Studio 8.0.0 XXL Producer RC3 (NEW)\FL Studio 8.0.0 XXL Producer RC3 (NEW).rar   probably a variant of Win32/Delf trojan   deleted - quarantined

evilfantasy · « **Reply #26 on:** October 30, 2009, 10:08:22 AM »

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

bato1994 · « **Reply #27 on:** October 30, 2009, 06:35:07 PM »

ComboFix 09-10-30.01 - BACKUP 31/10/2009 10:35.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3069.1818 [GMT 11:00]
Running from: c:\users\BACKUP\Desktop\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\program files\FlashGet Network\FlashGet universal\transaction.log
C:\restore
c:\users\valued customer\AppData\Roaming\BITS
c:\users\valued customer\AppData\Roaming\BITS\BITS.ini
c:\users\valued customer\AppData\Roaming\BITS\UPnP.ini
c:\users\valued customer\AppData\Roaming\inst.exe
c:\windows\struct~.ini
c:\windows\system32\gasfkylog.dat
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 00:07 . 2009-10-31 00:17   --------   d-----w-   c:\users\BACKUP\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\valued customer\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Maja\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-10-31 00:07 . 2009-10-31 00:07   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-30 23:35 . 2008-04-16 00:53   312344   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2009-10-30 23:35 . 2008-03-12 06:38   28728   ----a-w-   c:\windows\system32\drivers\msahci.sys
2009-10-30 23:35 . 2008-03-12 06:38   21560   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-10-30 10:05 . 2009-10-30 10:05   --------   d-----w-   c:\programdata\Sports Interactive
2009-10-30 10:04 . 2009-10-30 10:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Sports Interactive
2009-10-30 10:00 . 2009-09-04 06:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2009-10-30 09:55 . 2009-10-30 09:57   --------   d--h--w-   c:\program files\Zero G Registry
2009-10-30 09:55 . 2009-10-30 09:55   --------   d-----w-   c:\program files\Sports Interactive
2009-10-30 09:55 . 2009-10-30 09:55   --------   d--h--w-   c:\users\BACKUP\InstallAnywhere
2009-10-30 09:30 . 2009-10-30 09:31   --------   d-----w-   c:\users\BACKUP\AppData\Local\Google
2009-10-30 09:01 . 2009-10-30 09:01   --------   d-----w-   c:\users\BACKUP\AppData\Local\Mozilla
2009-10-30 08:24 . 2009-10-30 08:24   --------   d-----w-   c:\users\BACKUP\AppData\Local\Opera
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Malwarebytes
2009-10-30 08:21 . 2009-10-30 08:21   67528   ----a-w-   c:\users\BACKUP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Local\Toshiba
2009-10-30 08:21 . 2009-10-31 00:17   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Orbit
2009-10-30 05:04 . 2009-10-30 05:04   --------   d-----w-   c:\program files\ESET
2009-10-29 04:58 . 2009-10-30 09:14   --------   d-----w-   c:\windows\system32\config\systemprofile\Tracing
2009-10-28 20:38 . 2009-10-28 20:38   --------   d-----w-   C:\Microsoft
2009-10-27 10:41 . 2009-04-06 00:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2009-10-27 10:40 . 2009-02-10 05:12   307224   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2009-10-27 10:37 . 2009-02-18 06:27   29208   ----a-w-   c:\windows\system32\drivers\afw.sys
2009-10-27 10:37 . 2009-10-27 10:37   --------   d-----w-   c:\program files\Agnitum
2009-10-27 10:36 . 2009-10-27 10:36   --------   d-----w-   c:\programdata\Agnitum
2009-10-27 10:08 . 2009-10-27 10:18   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\BitTorrent
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ATI
2009-10-26 11:21 . 2009-10-26 11:21   --------   d-----w-   C:\Sun
2009-10-26 08:21 . 2009-09-30 23:29   195440   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-26 05:35 . 2009-10-26 05:35   --------   d-----w-   c:\users\Default\AppData\Local\Apple
2009-10-25 11:28 . 2009-09-15 09:54   52368   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-10-25 11:28 . 2009-09-15 09:54   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-10-25 11:28 . 2009-09-15 09:55   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-10-25 11:28 . 2009-09-15 09:55   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-10-25 11:28 . 2009-09-15 09:53   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-10-25 11:28 . 2009-09-15 09:59   1279968   ----a-w-   c:\windows\system32\aswBoot.exe
2009-10-25 11:28 . 2009-09-15 09:55   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-10-25 11:25 . 2009-10-25 11:25   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\GrabPro
2009-10-25 11:23 . 2009-10-25 11:23   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Toshiba
2009-10-25 11:23 . 2009-10-30 09:15   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Orbit
2009-10-25 10:55 . 2009-10-26 08:41   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2009-10-25 10:49 . 2009-09-04 12:24   61440   ----a-w-   c:\windows\system32\msasn1.dll
2009-10-25 10:49 . 2009-09-14 09:44   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2009-10-25 10:42 . 2009-10-25 10:42   0   ----a-w-   c:\windows\nsreg.dat
2009-10-25 10:42 . 2009-10-25 10:42   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-10-25 02:46 . 2009-10-25 02:46   --------   d-----w-   c:\windows\system32\config\systemprofile\DoctorWeb
2009-10-18 04:13 . 2009-10-18 04:13   --------   d-----w-   c:\program files\Trend Micro
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\programdata\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-15 07:53 . 2009-10-15 07:53   21052   ----a-w-   c:\windows\system32\SIntfNT.dll
2009-10-15 07:53 . 2009-10-15 07:53   15144   ----a-w-   c:\windows\system32\SIntf32.dll
2009-10-15 07:53 . 2009-10-15 07:53   12067   ----a-w-   c:\windows\system32\SIntf16.dll
2009-10-11 11:03 . 2009-10-11 11:03   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 09:21 . 2008-12-16 05:35   --------   d-----w-   c:\program files\Bonjour
2009-10-30 05:45 . 2008-12-16 07:52   --------   d-----w-   c:\program files\UltraStar Deluxe
2009-10-30 05:29 . 2009-03-08 00:01   --------   d-----w-   c:\program files\Cheat Engine
2009-10-29 04:59 . 2009-04-26 00:10   --------   d-----w-   c:\program files\Orbitdownloader
2009-10-27 05:26 . 2008-10-21 14:40   --------   d-----w-   c:\program files\Google
2009-10-26 09:22 . 2009-01-18 09:53   --------   d-----w-   c:\program files\Opera
2009-10-26 09:00 . 2008-05-06 04:31   --------   d-----w-   c:\program files\Common Files\Adobe
2009-10-26 04:42 . 2008-10-21 13:20   67528   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 11:11 . 2009-03-18 04:37   --------   d-----w-   c:\programdata\Microsoft Help
2009-10-25 11:10 . 2009-03-18 04:42   --------   d-----w-   c:\program files\Microsoft Works
2009-10-24 03:00 . 2006-11-02 13:02   1356   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-10-21 06:10 . 2008-05-06 04:14   --------   d-----w-   c:\program files\Java
2009-10-11 11:05 . 2009-06-16 06:49   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2009-10-11 11:03 . 2008-12-16 02:07   --------   d-----w-   c:\program files\Yahoo!
2009-10-11 11:02 . 2009-07-10 12:36   --------   d-----w-   c:\program files\Freebies Hack Engine
2009-09-21 04:17 . 2008-10-21 13:13   209788507   ----a-w-   c:\windows\DUMP737a.tmp
2009-09-21 03:54 . 2009-09-21 03:54   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-09-14 07:57 . 2009-09-14 07:57   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\vlc
2009-09-14 03:36 . 2009-09-14 03:36   615992   ----a-w-   c:\windows\system32\ci.dll
2009-09-13 00:24 . 2008-12-01 01:47   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Orbit
2009-09-12 12:56 . 2008-12-06 00:37   --------   d-----w-   c:\users\valued customer\AppData\Roaming\uTorrent
2009-09-12 06:39 . 2009-08-24 07:57   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Vso
2009-09-11 12:31 . 2009-06-23 11:08   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-10 17:30 . 2009-10-25 10:50   213504   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 06:44 . 2009-10-30 09:59   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2009-09-04 06:44 . 2009-10-30 09:59   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2009-09-04 06:29 . 2009-10-30 09:59   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   235344   ----a-w-   c:\windows\system32\d3dx11_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   5501792   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2009-08-27 13:32 . 2009-10-25 10:50   833024   ----a-w-   c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-25 10:50   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-25 10:50   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-08-24 08:08 . 2009-08-24 07:57   47360   ----a-w-   c:\users\valued customer\AppData\Roaming\pcouffin.sys
2009-08-24 07:57 . 2009-08-24 07:57   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2009-08-17 12:33 . 2009-08-17 12:33   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-10 10:50   897608   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 10:50   104960   ----a-w-   c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 10:50   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 10:50   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 10:50   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 10:50   19968   ----a-w-   c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 10:50   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 10:50   10240   ----a-w-   c:\windows\system32\finger.exe
2009-08-05 14:22 . 2009-10-25 10:50   3597896   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:22 . 2009-10-25 10:50   3546184   ----a-w-   c:\windows\system32\ntoskrnl.exe
2007-05-06 06:32 . 2009-05-10 04:59   389120   ----a-w-   c:\program files\DaShRelease.exe
2003-08-04 13:36 . 2009-05-10 03:01   171008   ----a-w-   c:\program files\ePSXe.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]
2009-06-22 22:53   2211352   ----a-w-   c:\program files\Enhanced_search\tbEnha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}"= "c:\program files\Enhanced_search\tbEnha.dll" [2009-06-22 2211352]

[HKEY_CLASSES_ROOT\clsid\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 04:41   118784   ----a-w-   c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-27 428032]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-26 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TOSHIBA Face Recognition Watcher.lnk
backup=c:\windows\pss\TOSHIBA Face Recognition Watcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^valued customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gueinywcf.lnk]
path=c:\users\valued customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gueinywcf.lnk
backup=c:\windows\pss\gueinywcf.lnk.Startup
backupExtension=.Startup

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [22/10/2008 1:35 AM 42608]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [27/10/2009 9:37 PM 29208]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/10/2009 10:28 PM 114768]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [27/10/2009 9:41 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [27/10/2009 9:37 PM 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/10/2009 10:28 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/10/2009 10:28 PM 53328]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [22/10/2008 1:35 AM 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 6:19 PM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [4/12/2007 11:03 AM 126976]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [27/10/2009 9:40 PM 307224]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [6/05/2008 4:29 PM 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 9:29 AM 3658752]
S2 gupdate1c95e418ad821a6;Google Update Service (gupdate1c95e418ad821a6);c:\program files\Google\Update\GoogleUpdate.exe [15/12/2008 10:13 AM 133104]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [6/04/2009 2:19 PM 23064]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
WindowsMobile   REG_MULTI_SZ     wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ     WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C608BE1D-4122-966D-51A3-9C926A1FBB57}]
c:\windows\winlogen.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004Core.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004UA.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {2B67C494-3621-41ED-8FE8-9A49DF5A6D17} = 203.12.160.35 203.12.160.36
FF - ProfilePath - c:\users\BACKUP\AppData\Roaming\Mozilla\Firefox\Profiles\qdyvq2ed.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\BACKUP\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 11:16
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP000000488DC9FB925FF027D2 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2540)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorEngine.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2009-10-31 11:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 00:24

Pre-Run: 67,105,726,464 bytes free
Post-Run: 66,662,764,544 bytes free

- - End Of File - - 9AF556F107381F34A86C329E134C57A1

evilfantasy · « **Reply #28 on:** October 30, 2009, 07:00:45 PM »

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
c:\windows\system32\SIntfNT.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntf16.dll

DirLook::
c:\program files\Zero G Registry
c:\users\BACKUP\InstallAnywhere

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

bato1994 · « **Reply #29 on:** October 30, 2009, 10:14:36 PM »

ComboFix 09-10-30.01 - BACKUP 31/10/2009 14:26.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3069.1597 [GMT 11:00]
Running from: c:\users\BACKUP\Desktop\ComboFix.exe
Command switches used :: c:\users\BACKUP\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
SP: BitDefender Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\SIntf16.dll"
"c:\windows\system32\SIntf32.dll"
"c:\windows\system32\SIntfNT.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SIntf16.dll
c:\windows\system32\SIntf32.dll
c:\windows\system32\SIntfNT.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 03:50 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\valued customer\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Public\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Mcx1\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Maja\AppData\Local\temp
2009-10-31 03:50 . 2009-10-31 03:50   --------   d-----w-   c:\users\Default\AppData\Local\temp
2009-10-31 03:26 . 2008-03-12 06:38   28728   ----a-w-   c:\windows\system32\drivers\msahci.sys
2009-10-31 03:26 . 2008-04-16 00:53   312344   ----a-w-   c:\windows\system32\drivers\iaStor.sys
2009-10-31 03:26 . 2008-03-12 06:38   21560   ----a-w-   c:\windows\system32\drivers\atapi.sys
2009-10-31 03:06 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\Tracing
2009-10-31 02:30 . 2009-10-31 02:31   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Vso
2009-10-30 10:05 . 2009-10-30 10:05   --------   d-----w-   c:\programdata\Sports Interactive
2009-10-30 10:04 . 2009-10-30 10:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Sports Interactive
2009-10-30 10:00 . 2009-09-04 06:44   69464   ----a-w-   c:\windows\system32\XAPOFX1_3.dll
2009-10-30 09:55 . 2009-10-30 09:57   --------   d--h--w-   c:\program files\Zero G Registry
2009-10-30 09:55 . 2009-10-30 09:55   --------   d-----w-   c:\program files\Sports Interactive
2009-10-30 09:55 . 2009-10-30 09:55   --------   d--h--w-   c:\users\BACKUP\InstallAnywhere
2009-10-30 09:30 . 2009-10-30 09:31   --------   d-----w-   c:\users\BACKUP\AppData\Local\Google
2009-10-30 09:01 . 2009-10-30 09:01   --------   d-----w-   c:\users\BACKUP\AppData\Local\Mozilla
2009-10-30 08:24 . 2009-10-30 08:24   --------   d-----w-   c:\users\BACKUP\AppData\Local\Opera
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Malwarebytes
2009-10-30 08:21 . 2009-10-30 08:21   67528   ----a-w-   c:\users\BACKUP\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-30 08:21 . 2009-10-30 08:21   --------   d-----w-   c:\users\BACKUP\AppData\Local\Toshiba
2009-10-30 08:21 . 2009-10-31 04:04   --------   d-----w-   c:\users\BACKUP\AppData\Roaming\Orbit
2009-10-30 05:04 . 2009-10-30 05:04   --------   d-----w-   c:\program files\ESET
2009-10-29 04:58 . 2009-10-30 09:14   --------   d-----w-   c:\windows\system32\config\systemprofile\Tracing
2009-10-28 20:38 . 2009-10-28 20:38   --------   d-----w-   C:\Microsoft
2009-10-27 10:41 . 2009-04-06 00:37   704384   ----a-w-   c:\windows\system32\drivers\SandBox.sys
2009-10-27 10:40 . 2009-02-10 05:12   307224   ----a-w-   c:\windows\system32\drivers\afwcore.sys
2009-10-27 10:37 . 2009-02-18 06:27   29208   ----a-w-   c:\windows\system32\drivers\afw.sys
2009-10-27 10:37 . 2009-10-27 10:37   --------   d-----w-   c:\program files\Agnitum
2009-10-27 10:36 . 2009-10-27 10:36   --------   d-----w-   c:\programdata\Agnitum
2009-10-27 10:08 . 2009-10-27 10:18   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\BitTorrent
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\ATI
2009-10-27 04:50 . 2009-10-27 04:50   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\ATI
2009-10-26 11:21 . 2009-10-26 11:21   --------   d-----w-   C:\Sun
2009-10-26 08:21 . 2009-09-30 23:29   195440   ------w-   c:\windows\system32\MpSigStub.exe
2009-10-26 05:35 . 2009-10-26 05:35   --------   d-----w-   c:\users\Default\AppData\Local\Apple
2009-10-25 11:28 . 2009-09-15 09:54   52368   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-10-25 11:28 . 2009-09-15 09:54   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-10-25 11:28 . 2009-09-15 09:55   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-10-25 11:28 . 2009-09-15 09:55   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-10-25 11:28 . 2009-09-15 09:53   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-10-25 11:28 . 2009-09-15 09:59   1279968   ----a-w-   c:\windows\system32\aswBoot.exe
2009-10-25 11:28 . 2009-09-15 09:55   53328   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-10-25 11:25 . 2009-10-25 11:25   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\GrabPro
2009-10-25 11:23 . 2009-10-25 11:23   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Toshiba
2009-10-25 11:23 . 2009-10-30 09:15   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Orbit
2009-10-25 10:55 . 2009-10-26 08:41   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2009-10-25 10:49 . 2009-09-04 12:24   61440   ----a-w-   c:\windows\system32\msasn1.dll
2009-10-25 10:49 . 2009-09-14 09:44   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2009-10-25 10:42 . 2009-10-25 10:42   0   ----a-w-   c:\windows\nsreg.dat
2009-10-25 10:42 . 2009-10-25 10:42   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\Mozilla
2009-10-25 02:46 . 2009-10-25 02:46   --------   d-----w-   c:\windows\system32\config\systemprofile\DoctorWeb
2009-10-18 04:13 . 2009-10-18 04:13   --------   d-----w-   c:\program files\Trend Micro
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-10-17 06:33 . 2009-10-17 06:33   --------   d-----w-   c:\programdata\Malwarebytes
2009-10-17 06:33 . 2009-09-10 03:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-10-11 11:03 . 2009-10-11 11:03   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 09:21 . 2008-12-16 05:35   --------   d-----w-   c:\program files\Bonjour
2009-10-30 05:45 . 2008-12-16 07:52   --------   d-----w-   c:\program files\UltraStar Deluxe
2009-10-30 05:29 . 2009-03-08 00:01   --------   d-----w-   c:\program files\Cheat Engine
2009-10-29 04:59 . 2009-04-26 00:10   --------   d-----w-   c:\program files\Orbitdownloader
2009-10-27 05:26 . 2008-10-21 14:40   --------   d-----w-   c:\program files\Google
2009-10-26 09:22 . 2009-01-18 09:53   --------   d-----w-   c:\program files\Opera
2009-10-26 09:00 . 2008-05-06 04:31   --------   d-----w-   c:\program files\Common Files\Adobe
2009-10-26 04:42 . 2008-10-21 13:20   67528   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-25 11:11 . 2009-03-18 04:37   --------   d-----w-   c:\programdata\Microsoft Help
2009-10-25 11:10 . 2009-03-18 04:42   --------   d-----w-   c:\program files\Microsoft Works
2009-10-24 03:00 . 2006-11-02 13:02   1356   ----a-w-   c:\windows\system32\config\systemprofile\AppData\Local\d3d9caps.dat
2009-10-21 06:10 . 2008-05-06 04:14   --------   d-----w-   c:\program files\Java
2009-10-11 11:05 . 2009-06-16 06:49   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2009-10-11 11:03 . 2008-12-16 02:07   --------   d-----w-   c:\program files\Yahoo!
2009-10-11 11:02 . 2009-07-10 12:36   --------   d-----w-   c:\program files\Freebies Hack Engine
2009-09-21 04:17 . 2008-10-21 13:13   209788507   ----a-w-   c:\windows\DUMP737a.tmp
2009-09-21 03:54 . 2009-09-21 03:54   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2009-09-14 07:57 . 2009-09-14 07:57   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Roaming\vlc
2009-09-14 03:36 . 2009-09-14 03:36   615992   ----a-w-   c:\windows\system32\ci.dll
2009-09-13 00:24 . 2008-12-01 01:47   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Orbit
2009-09-12 12:56 . 2008-12-06 00:37   --------   d-----w-   c:\users\valued customer\AppData\Roaming\uTorrent
2009-09-12 06:39 . 2009-08-24 07:57   --------   d-----w-   c:\users\valued customer\AppData\Roaming\Vso
2009-09-11 12:31 . 2009-06-23 11:08   --------   d-----w-   c:\program files\Microsoft Silverlight
2009-09-10 17:30 . 2009-10-25 10:50   213504   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 06:44 . 2009-10-30 09:59   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2009-09-04 06:44 . 2009-10-30 09:59   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2009-09-04 06:29 . 2009-10-30 09:59   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   235344   ----a-w-   c:\windows\system32\d3dx11_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   5501792   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2009-09-04 06:29 . 2009-10-30 09:59   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2009-08-27 13:32 . 2009-10-25 10:50   833024   ----a-w-   c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-25 10:50   78336   ----a-w-   c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-25 10:50   26624   ----a-w-   c:\windows\system32\ieUnatt.exe
2009-08-24 08:08 . 2009-08-24 07:57   47360   ----a-w-   c:\users\valued customer\AppData\Roaming\pcouffin.sys
2009-08-24 07:57 . 2009-08-24 07:57   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2009-08-17 12:33 . 2009-08-17 12:33   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-10 10:50   897608   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-10 10:50   104960   ----a-w-   c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-10 10:50   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 10:50   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 10:50   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 10:50   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 10:50   19968   ----a-w-   c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-10 10:50   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 10:50   10240   ----a-w-   c:\windows\system32\finger.exe
2009-08-05 14:22 . 2009-10-25 10:50   3597896   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-08-05 14:22 . 2009-10-25 10:50   3546184   ----a-w-   c:\windows\system32\ntoskrnl.exe
2007-05-06 06:32 . 2009-05-10 04:59   389120   ----a-w-   c:\program files\DaShRelease.exe
2003-08-04 13:36 . 2009-05-10 03:01   171008   ----a-w-   c:\program files\ePSXe.exe
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\opera\program\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Zero G Registry ----

2009-10-30 09:57 . 2009-10-30 09:57   2730   ----a-w-   c:\program files\Zero G Registry\.com.zerog.registry.xml

---- Directory of c:\users\BACKUP\InstallAnywhere ----

((((((((((((((((((((((((((((( SnapShot@2009-10-31_00.17.20 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-10-30 23:20 . 2009-10-31 00:16   16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-30 23:20 . 2009-10-31 04:03   16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-30 23:20 . 2009-10-31 00:16   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-31 04:03 . 2009-10-31 04:03   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-30 23:20 . 2009-10-31 04:03   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-30 23:20 . 2009-10-31 00:16   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-31 03:55 . 2009-10-31 03:55   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-10-30 23:19 . 2009-10-31 00:13   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-10-31 03:55 . 2009-10-31 03:55   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-10-30 23:19 . 2009-10-31 00:13   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-10-31 04:02   600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-30 23:27   600378 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-10-30 23:27   105852 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-10-31 04:02   105852 c:\windows\System32\perfc009.dat
- 2008-11-22 03:52 . 2009-10-30 12:13   1576152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-11-22 03:52 . 2009-10-31 03:54   1576152 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]
2009-06-22 22:53   2211352   ----a-w-   c:\program files\Enhanced_search\tbEnha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}"= "c:\program files\Enhanced_search\tbEnha.dll" [2009-06-22 2211352]

[HKEY_CLASSES_ROOT\clsid\{abb88e4e-75f4-4fdc-8f42-d101484c4b3f}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 04:41   118784   ----a-w-   c:\program files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Google Update"="c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-24 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall\feedback.exe" [2009-04-27 428032]
"NDSTray.exe"="NDSTray.exe" [BU]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-04-08 6037504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-15 2979144]
Orbit.lnk - c:\program files\Orbitdownloader\orbitdm.exe [2009-4-26 1719496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Orbit.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Orbit.lnk
backup=c:\windows\pss\Orbit.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Run Google Web Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Run Google Web Accelerator.lnk
backup=c:\windows\pss\Run Google Web Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TOSHIBA Face Recognition Watcher.lnk
backup=c:\windows\pss\TOSHIBA Face Recognition Watcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^valued customer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^gueinywcf.lnk]
path=c:\users\valued customer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gueinywcf.lnk
backup=c:\windows\pss\gueinywcf.lnk.Startup
backupExtension=.Startup

R0 AlfaFF;AlfaFF mini-filter driver;c:\windows\System32\drivers\AlfaFF.sys [22/10/2008 1:35 AM 42608]
R1 afw;Agnitum Firewall Driver;c:\windows\System32\drivers\afw.sys [27/10/2009 9:37 PM 29208]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [25/10/2009 10:28 PM 114768]
R1 SandBox;SandBox;c:\windows\System32\drivers\SandBox.sys [27/10/2009 9:41 PM 704384]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [27/10/2009 9:37 PM 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [25/10/2009 10:28 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [25/10/2009 10:28 PM 53328]
R2 Authentec memory manager;Authentec memory manager service;c:\windows\System32\TAMSvr.exe [22/10/2008 1:35 AM 49152]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [17/04/2008 6:19 PM 40960]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [4/12/2007 11:03 AM 126976]
R3 afwcore;afwcore;c:\windows\System32\drivers\afwcore.sys [27/10/2009 9:40 PM 307224]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [6/05/2008 4:29 PM 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [28/04/2008 9:29 AM 3658752]
S2 gupdate1c95e418ad821a6;Google Update Service (gupdate1c95e418ad821a6);c:\program files\Google\Update\GoogleUpdate.exe [15/12/2008 10:13 AM 133104]
S2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\System32\drivers\ScreamingBAudio.sys [6/04/2009 2:19 PM 23064]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ     Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
WindowsMobile   REG_MULTI_SZ     wcescomm rapimgr
LocalServiceRestricted   REG_MULTI_SZ     WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C608BE1D-4122-966D-51A3-9C926A1FBB57}]
c:\windows\winlogen.exe
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-14 05:02]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000Core.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1000UA.job
- c:\users\valued customer\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-30 11:36]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004Core.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-21628702-580910898-2647980920-1004UA.job
- c:\users\BACKUP\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-30 05:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: {2B67C494-3621-41ED-8FE8-9A49DF5A6D17} = 203.12.160.35 203.12.160.36
FF - ProfilePath - c:\users\BACKUP\AppData\Roaming\Mozilla\Firefox\Profiles\qdyvq2ed.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\BACKUP\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-31 15:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(712)
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-10-31 15:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-31 04:10
ComboFix2.txt 2009-10-31 00:24

Pre-Run: 63,394,865,152 bytes free
Post-Run: 63,393,566,720 bytes free

- - End Of File - - 69AC117622EC5265288E0F4E46A8C670

Computer Hope Forum

News:

Author Topic: Trojan HijackThis log (Read 21559 times)

evilfantasy

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log

evilfantasy

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log

evilfantasy

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log

evilfantasy

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log

evilfantasy

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log

evilfantasy

Re: Trojan HijackThis log

bato1994

Re: Trojan HijackThis log