ComboFix 11-02-25.02 - User 27/02/2011 15:58:41.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.1915.848 [GMT 11:00]
Running from: c:\users\User\Desktop\commy.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MEMSWEEP2
-------\Service_032bc77b60bbbd07
-------\Service_0a4eb282bacc68c0
-------\Service_17daf900cee82e20
-------\Service_265347b198166c88
-------\Service_3d2dcff8c6e47101
-------\Service_45de3557e70e3e79
-------\Service_50a14282cdad657d
-------\Service_a193c65487b29150
-------\Service_ad06f63bebc249ff
-------\Service_c0fe0e95ccc86f5b
-------\Service_c27f2f5f2c963005
-------\Service_c92d2423e8a7c508
-------\Service_c9b16f0087ec304a
-------\Service_d965cc8f47acdc6b
-------\Service_efe06024c735dd05
-------\Service_f031a7cab2eeb0fe
-------\Service_f105b6f8d926e485
-------\Service_massfilter
-------\Service_MEMSWEEP2
-------\Service_owqvdxbe
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.
2011-02-27 05:08 . 2011-02-27 05:13 -------- d-----w- c:\users\User\AppData\Local\temp
2011-02-26 03:59 . 2011-02-26 03:59 -------- d-----w- c:\program files\VS Revo Group
2011-02-25 01:42 . 2011-02-25 01:42 -------- d-----w- c:\users\Admin
2011-02-23 09:06 . 2011-02-23 09:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-22 20:20 . 2011-02-22 20:20 -------- d-----w- c:\windows\system32\EventProviders
2011-02-22 11:49 . 2010-05-25 23:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-02-22 07:41 . 2011-02-22 07:41 -------- d-----w- c:\program files\Sophos
2011-02-22 07:36 . 2011-02-22 07:36 -------- d-----w- c:\windows\Sun
2011-02-21 06:26 . 2011-02-21 06:26 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-02-21 06:26 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 06:26 . 2011-02-21 06:26 -------- d-----w- c:\programdata\Malwarebytes
2011-02-21 06:26 . 2011-02-21 06:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-21 06:26 . 2010-12-20 07:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-20 20:50 . 2011-02-20 20:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-20 20:25 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-20 20:25 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-20 20:25 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-20 20:25 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-20 20:25 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-20 20:25 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-20 16:02 . 2009-11-07 23:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-20 16:02 . 2009-11-07 23:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-20 16:02 . 2009-11-07 23:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-20 16:02 . 2009-11-07 23:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-20 16:02 . 2009-11-07 23:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-20 05:14 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-20 05:14 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-20 05:14 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-20 05:14 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-20 05:14 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-20 05:14 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-20 05:14 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-02-20 05:13 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-20 01:51 . 2010-12-18 06:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-20 01:51 . 2010-12-18 06:22 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-02-20 01:51 . 2010-12-18 06:28 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-02-20 01:51 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-02-20 01:45 . 2011-02-20 01:45 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2011-02-20 01:43 . 2011-02-20 01:44 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2011-02-20 00:04 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-20 00:04 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-20 00:04 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-20 00:02 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-19 23:17 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-02-19 23:17 . 2010-04-14 17:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-02-19 23:17 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-02-19 23:17 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-02-19 23:17 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2011-02-19 23:13 . 2011-02-20 01:42 -------- d-----w- c:\windows\system32\MpEngineStore
2011-02-19 06:50 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-02-19 06:50 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-02-19 06:50 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-02-19 06:50 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-02-19 06:50 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-02-19 06:50 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-02-19 06:44 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-02-19 06:44 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-02-19 06:16 . 2011-02-19 06:16 -------- d-----w- c:\program files\CCleaner
2011-02-19 06:08 . 2011-02-19 06:07 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-02-19 06:08 . 2011-02-19 06:07 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-02-19 06:08 . 2011-02-19 06:07 309352 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2011-02-19 05:57 . 2011-02-19 05:57 -------- d-----w- c:\users\User\AppData\Local\Downloaded Installations
2011-02-19 03:40 . 2011-02-19 03:40 -------- d-----w- C:\$AVG
2011-02-19 03:17 . 2011-02-19 03:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG10
2011-02-19 03:17 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-19 03:17 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-19 03:17 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
2011-02-19 03:17 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-02-19 03:17 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-02-19 03:17 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-02-19 03:17 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-02-19 03:16 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2011-02-19 03:16 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2011-02-19 03:16 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2011-02-19 03:16 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-02-19 03:16 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-19 03:16 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-02-19 03:14 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-19 03:13 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-02-19 03:13 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2011-02-19 03:13 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2011-02-19 03:13 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-02-19 03:13 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-02-19 03:13 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-02-19 03:13 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-02-19 03:13 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-02-19 03:13 . 2009-07-14 10:59 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-02-19 03:13 . 2009-07-14 10:58 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-02-19 03:11 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-19 03:11 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-19 03:11 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-19 03:11 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-19 03:11 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-19 03:11 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-19 03:11 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-19 03:11 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-02-19 03:11 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-02-19 03:11 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-02-19 03:11 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2011-02-19 03:11 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-02-19 03:08 . 2011-02-19 03:08 -------- d--h--w- c:\programdata\Common Files
2011-02-19 03:05 . 2011-02-26 04:03 -------- d-----w- c:\programdata\AVG10
2011-02-19 03:00 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-02-19 03:00 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-02-19 03:00 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2011-02-19 03:00 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-02-19 02:44 . 2011-02-19 03:03 -------- d-----w- c:\programdata\MFAData
2011-02-17 12:41 . 2011-02-17 12:41 -------- d-----w- c:\users\User\AppData\Roaming\EMCO
2011-02-17 10:17 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-17 10:17 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-02-17 10:17 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-17 10:17 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-02-17 10:16 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2011-02-17 10:16 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2011-02-17 10:13 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-02-17 10:13 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-02-17 10:12 . 2008-01-21 02:23 2730536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EDA4EC6-21A3-4268-A991-25E1362E5FF6}\mpengine.dll
2011-02-16 08:37 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-02-16 07:45 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-02-16 07:45 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-02-13 10:34 . 2011-02-02 06:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-13 10:14 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-02-13 10:14 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-02-13 10:14 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-02-13 10:14 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 22:35 . 2011-02-27 05:14 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3029CC2-6EF7-475D-9447-F36C0204E0D4}\mpengine.dll
2010-12-10 07:29 . 2010-12-10 07:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
2010-12-10 07:29 . 2010-12-10 07:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-13 1348904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]
R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]
R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-25 18816]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-24 77824]
--- Other Services/Drivers In Memory ---
*Deregistered* - atgron
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 16:14
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????v??Miz????>???>???>? >?H
scanning hidden files ...
c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atgron]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-02-27 16:23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-27 05:23
ComboFix2.txt 2011-02-26 04:39
Pre-Run: 206,197,530,624 bytes free
Post-Run: 205,916,983,296 bytes free
- - End Of File - - 104D120DB02058CC72A623ED1ECAA06D
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.1915.848 [GMT 11:00]
Running from: c:\users\User\Desktop\commy.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MEMSWEEP2
-------\Service_032bc77b60bbbd07
-------\Service_0a4eb282bacc68c0
-------\Service_17daf900cee82e20
-------\Service_265347b198166c88
-------\Service_3d2dcff8c6e47101
-------\Service_45de3557e70e3e79
-------\Service_50a14282cdad657d
-------\Service_a193c65487b29150
-------\Service_ad06f63bebc249ff
-------\Service_c0fe0e95ccc86f5b
-------\Service_c27f2f5f2c963005
-------\Service_c92d2423e8a7c508
-------\Service_c9b16f0087ec304a
-------\Service_d965cc8f47acdc6b
-------\Service_efe06024c735dd05
-------\Service_f031a7cab2eeb0fe
-------\Service_f105b6f8d926e485
-------\Service_massfilter
-------\Service_MEMSWEEP2
-------\Service_owqvdxbe
((((((((((((((((((((((((( Files Created from 2011-01-27 to 2011-02-27 )))))))))))))))))))))))))))))))
.
2011-02-27 05:08 . 2011-02-27 05:13 -------- d-----w- c:\users\User\AppData\Local\temp
2011-02-26 03:59 . 2011-02-26 03:59 -------- d-----w- c:\program files\VS Revo Group
2011-02-25 01:42 . 2011-02-25 01:42 -------- d-----w- c:\users\Admin
2011-02-23 09:06 . 2011-02-23 09:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-02-22 20:20 . 2011-02-22 20:20 -------- d-----w- c:\windows\system32\EventProviders
2011-02-22 11:49 . 2010-05-25 23:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-02-22 07:41 . 2011-02-22 07:41 -------- d-----w- c:\program files\Sophos
2011-02-22 07:36 . 2011-02-22 07:36 -------- d-----w- c:\windows\Sun
2011-02-21 06:26 . 2011-02-21 06:26 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2011-02-21 06:26 . 2010-12-20 07:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 06:26 . 2011-02-21 06:26 -------- d-----w- c:\programdata\Malwarebytes
2011-02-21 06:26 . 2011-02-21 06:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-21 06:26 . 2010-12-20 07:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-20 20:50 . 2011-02-20 20:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-20 20:25 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-02-20 20:25 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-02-20 20:25 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-02-20 20:25 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-02-20 20:25 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-02-20 20:25 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-02-20 16:02 . 2009-11-07 23:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-20 16:02 . 2009-11-07 23:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-20 16:02 . 2009-11-07 23:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-20 16:02 . 2009-11-07 23:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-20 16:02 . 2009-11-07 23:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-20 05:14 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-02-20 05:14 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-20 05:14 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-02-20 05:14 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-20 05:14 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-20 05:14 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-20 05:14 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-02-20 05:13 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-20 01:51 . 2010-12-18 06:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-20 01:51 . 2010-12-18 06:22 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-02-20 01:51 . 2010-12-18 06:28 638232 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-02-20 01:51 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-02-20 01:45 . 2011-02-20 01:45 -------- d-----w- c:\windows\SQLTools9_KB970892_ENU
2011-02-20 01:43 . 2011-02-20 01:44 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2011-02-20 00:04 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2011-02-20 00:04 . 2009-07-14 08:30 43520 ----a-w- c:\windows\system32\msdxm.tlb
2011-02-20 00:04 . 2009-07-14 08:30 18432 ----a-w- c:\windows\system32\amcompat.tlb
2011-02-20 00:02 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-19 23:17 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-02-19 23:17 . 2010-04-14 17:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-02-19 23:17 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-02-19 23:17 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-02-19 23:17 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2011-02-19 23:13 . 2011-02-20 01:42 -------- d-----w- c:\windows\system32\MpEngineStore
2011-02-19 06:50 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-02-19 06:50 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-02-19 06:50 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-02-19 06:50 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-02-19 06:50 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-02-19 06:50 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-02-19 06:44 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-02-19 06:44 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-02-19 06:16 . 2011-02-19 06:16 -------- d-----w- c:\program files\CCleaner
2011-02-19 06:08 . 2011-02-19 06:07 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2011-02-19 06:08 . 2011-02-19 06:07 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2011-02-19 06:08 . 2011-02-19 06:07 309352 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2011-02-19 05:57 . 2011-02-19 05:57 -------- d-----w- c:\users\User\AppData\Local\Downloaded Installations
2011-02-19 03:40 . 2011-02-19 03:40 -------- d-----w- C:\$AVG
2011-02-19 03:17 . 2011-02-19 03:17 -------- d-----w- c:\users\User\AppData\Roaming\AVG10
2011-02-19 03:17 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-19 03:17 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-19 03:17 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
2011-02-19 03:17 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-02-19 03:17 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-02-19 03:17 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-02-19 03:17 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-02-19 03:16 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2011-02-19 03:16 . 2008-09-18 04:56 125952 ----a-w- c:\windows\system32\wersvc.dll
2011-02-19 03:16 . 2008-09-18 04:56 147456 ----a-w- c:\windows\system32\Faultrep.dll
2011-02-19 03:16 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-02-19 03:16 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2011-02-19 03:16 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-02-19 03:14 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-19 03:13 . 2009-03-17 03:38 13824 ----a-w- c:\windows\system32\apilogen.dll
2011-02-19 03:13 . 2009-03-17 03:38 24064 ----a-w- c:\windows\system32\amxread.dll
2011-02-19 03:13 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2011-02-19 03:13 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2011-02-19 03:13 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-02-19 03:13 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2011-02-19 03:13 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2011-02-19 03:13 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2011-02-19 03:13 . 2009-07-14 10:59 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2011-02-19 03:13 . 2009-07-14 10:58 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2011-02-19 03:11 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-19 03:11 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-19 03:11 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-19 03:11 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-19 03:11 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-19 03:11 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-19 03:11 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-19 03:11 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-02-19 03:11 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-02-19 03:11 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-02-19 03:11 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2011-02-19 03:11 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2011-02-19 03:08 . 2011-02-19 03:08 -------- d--h--w- c:\programdata\Common Files
2011-02-19 03:05 . 2011-02-26 04:03 -------- d-----w- c:\programdata\AVG10
2011-02-19 03:00 . 2008-06-23 01:59 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2011-02-19 03:00 . 2008-06-23 01:58 94720 ----a-w- c:\windows\system32\logagent.exe
2011-02-19 03:00 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2011-02-19 03:00 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-02-19 02:44 . 2011-02-19 03:03 -------- d-----w- c:\programdata\MFAData
2011-02-17 12:41 . 2011-02-17 12:41 -------- d-----w- c:\users\User\AppData\Roaming\EMCO
2011-02-17 10:17 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-02-17 10:17 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-02-17 10:17 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-02-17 10:17 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-02-17 10:16 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2011-02-17 10:16 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2011-02-17 10:13 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2011-02-17 10:13 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-02-17 10:12 . 2008-01-21 02:23 2730536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EDA4EC6-21A3-4268-A991-25E1362E5FF6}\mpengine.dll
2011-02-16 08:37 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-02-16 07:45 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2011-02-16 07:45 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2011-02-13 10:34 . 2011-02-02 06:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-13 10:14 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-02-13 10:14 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2011-02-13 10:14 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2011-02-13 10:14 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-22 22:35 . 2011-02-27 05:14 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3029CC2-6EF7-475D-9447-F36C0204E0D4}\mpengine.dll
2010-12-10 07:29 . 2010-12-10 07:29 64864 ----a-w- c:\windows\system32\sqlctr90.dll
2010-12-10 07:29 . 2010-12-10 07:29 2248032 ----a-w- c:\windows\system32\sqlncli.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"NDSTray.exe"="NDSTray.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-13 1348904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\DRIVERS\zgwhsdiag.sys [x]
R3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\DRIVERS\zgwhsmdm.sys [x]
R3 zgwhsnmea;WCDMA Handset NMEA Port;c:\windows\system32\DRIVERS\zgwhsnmea.sys [x]
R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [x]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-25 18816]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-24 77824]
--- Other Services/Drivers In Memory ---
*Deregistered* - atgron
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com.au/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHN&bmod=TSHN
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-27 16:14
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????v??Miz????>???>???>? >?H
scanning hidden files ...
c:\windows\system32\wbem\Performance\WmiApRpl_new.h 357 bytes
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atgron]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000009
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-02-27 16:23:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-27 05:23
ComboFix2.txt 2011-02-26 04:39
Pre-Run: 206,197,530,624 bytes free
Post-Run: 205,916,983,296 bytes free
- - End Of File - - 104D120DB02058CC72A623ED1ECAA06D