WindowsDiagnostic please help remove

ljastangs21 · Mar 16, 2011

My computer just got the WindowsDiagnostic virus. From what I have read online you have to end the process. How do I do this though? When I push cntrl, alt, delete I dont have the task manager option for some reason.

Also, none of my files are showing up either.

Can someone please help?

ljastangs21 · Mar 17, 2011

I have removed the WindowsDiagnostic malware but now none of my folders are loading. I cant access my documents, pictures, anything. I know everything is still there though because my harddrive is half full and all the toolbars on the bottom right are loading. Can someone help me?

Ried · Mar 17, 2011

Kindly follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

**Please note this section of the forum is very busy, so be sure to familiarize yourself with the Bumping Rules also found in our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.

ljastangs21 · Mar 17, 2011

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Owner at 1:54:57.02 on Thu 03/17/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.2305 [GMT -4:00]
.
AV: Sunbelt VIPRE *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Sunbelt VIPRE *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\dlbxcoms.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe
C:\Windows\system32\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] "C:\Program Files (x86)\Windows Sidebar\Sidebar.exe" /autorun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Octoshape Streaming Services] "C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [RegistryMechanic]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe"
mRun: [SBRegRebootCleaner] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe"
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MRI_DI~1\BigFix.lnk - C:\Program Files\BigFix\bigfix.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ahb09knq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: [email protected] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: HP Smart Web Printing: [email protected] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Si3531;SiI-3531 SATA Controller;C:\Windows\System32\drivers\Si3531.sys [2008-3-21 330544]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2010-8-19 45656]
R1 SbTis;SbTis;C:\Windows\System32\drivers\sbtis.sys [2010-8-19 84056]
R2 SBAMSvc;VIPRE Antivirus;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe [2010-6-17 2730120]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2010-1-4 64088]
R2 SBPIMSvc;SB Recovery Service;C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe [2010-6-17 181584]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-13 2228008]
R3 NETw4v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw4v64.sys [2007-10-31 3197440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-15 135664]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" --> C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [?]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\b57nd60a.sys [2008-1-20 214016]
S3 hcwhdpvr;Hauppauge HD PVR Capture Device;C:\Windows\System32\drivers\hcwhdpvr.sys [2010-6-24 189440]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-3-5 44544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-20 93184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-03-16 20:48:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malwaree
2011-03-15 07:24:03 -------- d--h--w- C:\Program Files (x86)\OpenVPN
2011-03-09 23:11:50 -------- d--h--w- C:\Users\Owner\AppData\Roaming\AntiVirus AntiSpyware 2011
2011-03-09 21:18:17 2424320 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-09 21:18:16 2067456 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-09 21:18:15 730624 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-09 21:18:15 677888 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-09 21:18:14 560128 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-09 21:18:13 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-09 21:18:13 416768 ----a-w- C:\Windows\System32\sbe.dll
2011-03-09 21:18:13 323072 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-09 21:18:13 226816 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-09 21:18:13 210944 ----a-w- C:\Windows\System32\sbeio.dll
2011-03-09 21:18:13 177664 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-09 21:18:13 153088 ----a-w- C:\Windows\SysWow64\sbeio.dll
2011-03-04 19:28:07 -------- d--h--w- C:\PROGRA~3\kOjHdMa06300
2011-03-02 21:41:52 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2011-02-25 01:24:01 -------- d--h--w- C:\Users\Owner\AppData\Roaming\Zigyfi
2011-02-25 01:24:01 -------- d--h--w- C:\Users\Owner\AppData\Roaming\Uvzoto
2011-02-17 21:10:28 -------- d--h--w- C:\Users\Owner\ics_sales
2011-02-15 22:03:31 -------- d--h--w- C:\Users\Owner\SC2-WingsOfLiberty-enUS-Demo-Installer
.
==================== Find3M ====================
.
2011-01-08 09:31:03 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-08 07:50:00 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-08 06:17:24 367104 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-08 05:57:10 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-31 13:46:25 2755584 ----a-w- C:\Windows\System32\win32k.sys
2010-12-28 15:26:13 462848 ----a-w- C:\Windows\System32\odbc32.dll
2010-12-28 14:57:35 409600 ----a-w- C:\Windows\SysWow64\odbc32.dll
2010-12-20 22:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-18 06:55:17 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-12-18 06:50:55 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:50:36 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-12-18 06:50:16 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-12-18 06:50:16 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-12-18 06:27:04 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-12-18 05:57:45 479232 ----a-w- C:\Windows\System32\html.iec
2010-12-18 05:25:26 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 05:16:59 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-12-18 05:15:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 04:48:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 1:56:25.90 ===============

No Ark.txt file ever popped up..I dont know why. Also, I am unable to zip the attach.txt file the option is not appearing for me on my desktop. May have something to do whats going on. Thanks for the help.

Ried · Mar 17, 2011

As mentioned in the pre-posting topic, gmer is not 64 bit compatible, and this machine is 64 bit.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review, along with an update on system behavior.

ljastangs21 · Mar 17, 2011

System is working fine except for not being able to view any files, programs, pictures anything. I can show screen shots if you want.

ComboFix 11-03-16.06 - Owner 03/17/2011 12:17:40.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.2765 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\AntiVirus AntiSpyware 2011
c:\users\Owner\AppData\Roaming\AntiVirus AntiSpyware 2011\IcoActivate.ico
c:\users\Owner\AppData\Roaming\AntiVirus AntiSpyware 2011\IcoHelp.ico
c:\users\Owner\AppData\Roaming\AntiVirus AntiSpyware 2011\IcoUninstall.ico
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Uninstall Windows Diagnostic.lnk
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Diagnostic\Windows Diagnostic.lnk
c:\users\Owner\Desktop\Windows Diagnostic.lnk
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 16:38 . 2011-03-17 16:38 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-03-17 16:38 . 2011-03-17 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-17 16:15 . 2011-03-17 16:15 -------- d-----w- C:\32788R22FWJFW
2011-03-16 20:48 . 2011-03-16 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malwaree
2011-03-16 06:48 . 2011-03-16 06:48 -------- d-----w- c:\windows\Sun
2011-03-15 07:24 . 2011-03-15 07:26 -------- d--h--w- c:\program files (x86)\OpenVPN
2011-03-09 21:18 . 2010-12-17 17:12 2424320 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 21:18 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 21:18 . 2010-12-17 15:35 730624 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 21:18 . 2010-12-17 15:06 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 21:18 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 21:18 . 2010-12-29 17:53 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 21:18 . 2010-12-29 17:53 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 21:18 . 2010-12-29 17:51 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 21:18 . 2010-12-29 17:41 323072 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 21:18 . 2010-12-29 17:41 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-09 21:18 . 2010-12-29 17:41 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 21:18 . 2010-12-29 17:39 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-04 19:28 . 2011-03-04 22:55 -------- d--h--w- c:\programdata\kOjHdMa06300
2011-03-02 21:41 . 2011-03-02 21:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-02-25 01:24 . 2011-03-04 22:55 -------- d--h--w- c:\users\Owner\AppData\Roaming\Zigyfi
2011-02-25 01:24 . 2011-03-04 20:13 -------- d--h--w- c:\users\Owner\AppData\Roaming\Uvzoto
2011-02-17 21:10 . 2011-02-17 21:10 -------- d--h--w- c:\users\Owner\ics_sales
2011-02-15 22:03 . 2011-02-15 22:03 -------- d--h--w- c:\users\Owner\SC2-WingsOfLiberty-enUS-Demo-Installer
2011-02-15 21:58 . 2011-02-15 21:58 -------- d--h--w- c:\program files (x86)\Common Files\Skype
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 09:31 . 2011-02-10 04:27 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 07:50 . 2011-02-10 04:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:17 . 2011-02-10 04:27 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 05:57 . 2011-02-10 04:27 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 13:46 . 2011-02-10 04:27 2755584 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:26 . 2011-01-11 22:28 462848 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 14:57 . 2011-01-11 22:28 409600 ----a-w- c:\windows\SysWow64\odbc32.dll
2010-12-20 22:09 . 2011-02-02 00:28 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 22:08 . 2011-02-02 00:28 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 06:55 . 2011-02-10 04:27 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:50 . 2011-02-10 04:27 56832 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:50 . 2011-02-10 04:27 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:50 . 2011-02-10 04:27 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:50 . 2011-02-10 04:27 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 06:27 . 2011-02-10 04:27 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2010-12-18 06:22 . 2011-02-10 04:27 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-12-18 06:22 . 2011-02-10 04:27 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-12-18 06:22 . 2011-02-10 04:27 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2010-12-18 06:22 . 2011-02-10 04:27 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2010-12-18 05:57 . 2011-02-10 04:27 479232 ----a-w- c:\windows\system32\html.iec
2010-12-18 05:25 . 2011-02-10 04:27 385024 ----a-w- c:\windows\SysWow64\html.iec
2010-12-18 05:16 . 2011-02-10 04:27 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 05:15 . 2011-02-10 04:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 04:48 . 2011-02-10 04:27 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2010-12-18 04:47 . 2011-02-10 04:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-16 39408]
"Octoshape Streaming Services"="c:\users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-16 136176]
"googletalk"="c:\users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-26 413696]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-06-17 1295696]
"SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe" [2010-06-17 197968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-8-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-14 988712]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-3-21 2342912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ---ha-w- c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-14 10:42 144784 ---ha-w- c:\program files (x86)\Java\jre1.6.0_04\bin\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 03:59]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 03:59]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987286777-748312672-3327065692-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 04:04]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987286777-748312672-3327065692-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 04:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files (x86)\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ahb09knq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Corel Photo Downloader - c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
Wow6432Node-HKLM-Run-RegistryMechanic - (no file)
MSConfigStartUp-NapsterShell - c:\program files (x86)\Napster\napster.exe
HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray64.exe
AddRemove-Money2007b - c:\program files (x86)\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-987286777-748312672-3327065692-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,6c,84,f3,72,8c,35,86,40,49,ad,b1,91,e9,65,f5,38,f2,a9,ba,68,
e3,e0,b3,fc,79,b7,83,41,ad,fb,a0,60,a6,97,b3,16,84,76,48,a7,cf,34,89,d6,2f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-17 12:41:51
ComboFix-quarantined-files.txt 2011-03-17 16:41
.
Pre-Run: 180,102,184,960 bytes free
Post-Run: 180,395,061,248 bytes free
.
- - End Of File - - F21E34120F671EDC9552F0802C34572B

Ried · Mar 17, 2011

I'd like for you to run MBAM again. Be sure to update it first.

Launch Malwarebytes' Anti-Malware

If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Can you see the files yet?

ljastangs21 · Mar 17, 2011

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6079
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
3/17/2011 4:15:19 PM
mbam-log-2011-03-17 (16-15-19).txt
Scan type: Quick scan
Objects scanned: 165651
Time elapsed: 3 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Files are still not showing. I ran a full scan with MBAM last night it found 1 thing which I deleted and then restarted and still see nothing. I have attached screen shots of what my comp looks like. I know files are still there because I tried to name one of these screen shots "screen1" and it said "screen1" already exists. This is weird...

Ried · Mar 17, 2011

Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Open notepad and copy/paste the text in the code box below into it:

Folder::
c:\programdata\kOjHdMa06300
c:\users\Owner\AppData\Roaming\Zigyfi
c:\users\Owner\AppData\Roaming\Uvzoto

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, post the contents of the C:\ComboFix.txt

I'd also like to see what MBAM has removed thus far. Launch MBAM and click on the Logs button. Coopy/paste any previous logs into your next reply.

ljastangs21 · Mar 17, 2011

ComboFix 11-03-16.06 - Owner 03/17/2011 18:19:57.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.2639 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: Sunbelt VIPRE *Disabled/Outdated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Outdated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\kOjHdMa06300
c:\programdata\kOjHdMa06300\kOjHdMa06300
c:\users\Owner\AppData\Roaming\Uvzoto
c:\users\Owner\AppData\Roaming\Uvzoto\coemr.lac
c:\users\Owner\AppData\Roaming\Zigyfi
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 22:27 . 2011-03-17 22:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-17 22:27 . 2011-03-17 22:27 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-03-17 22:27 . 2011-03-17 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 20:48 . 2011-03-16 20:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malwaree
2011-03-16 06:48 . 2011-03-16 06:48 -------- d-----w- c:\windows\Sun
2011-03-15 07:24 . 2011-03-15 07:26 -------- d--h--w- c:\program files (x86)\OpenVPN
2011-03-09 21:18 . 2010-12-17 17:12 2424320 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 21:18 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-09 21:18 . 2010-12-17 15:35 730624 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 21:18 . 2010-12-17 15:06 677888 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-09 21:18 . 2010-12-29 17:53 560128 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 21:18 . 2010-12-29 17:53 416768 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 21:18 . 2010-12-29 17:53 210944 ----a-w- c:\windows\system32\sbeio.dll
2011-03-09 21:18 . 2010-12-29 17:51 226816 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 21:18 . 2010-12-29 17:41 323072 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-09 21:18 . 2010-12-29 17:41 153088 ----a-w- c:\windows\SysWow64\sbeio.dll
2011-03-09 21:18 . 2010-12-29 17:41 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-09 21:18 . 2010-12-29 17:39 177664 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-02 21:41 . 2011-03-02 21:41 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-02-17 21:10 . 2011-02-17 21:10 -------- d--h--w- c:\users\Owner\ics_sales
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 09:31 . 2011-02-10 04:27 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 07:50 . 2011-02-10 04:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-08 06:17 . 2011-02-10 04:27 367104 ----a-w- c:\windows\system32\atmfd.dll
2011-01-08 05:57 . 2011-02-10 04:27 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-31 13:46 . 2011-02-10 04:27 2755584 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:26 . 2011-01-11 22:28 462848 ----a-w- c:\windows\system32\odbc32.dll
2010-12-28 14:57 . 2011-01-11 22:28 409600 ----a-w- c:\windows\SysWow64\odbc32.dll
2010-12-20 22:09 . 2011-02-02 00:28 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 22:08 . 2011-02-02 00:28 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 06:55 . 2011-02-10 04:27 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:50 . 2011-02-10 04:27 56832 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:50 . 2011-02-10 04:27 1538560 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:50 . 2011-02-10 04:27 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:50 . 2011-02-10 04:27 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 06:27 . 2011-02-10 04:27 916480 ----a-w- c:\windows\SysWow64\wininet.dll
2010-12-18 06:22 . 2011-02-10 04:27 43520 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-12-18 06:22 . 2011-02-10 04:27 1469440 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2010-12-18 06:22 . 2011-02-10 04:27 71680 ----a-w- c:\windows\SysWow64\iesetup.dll
2010-12-18 06:22 . 2011-02-10 04:27 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2010-12-18 05:57 . 2011-02-10 04:27 479232 ----a-w- c:\windows\system32\html.iec
2010-12-18 05:25 . 2011-02-10 04:27 385024 ----a-w- c:\windows\SysWow64\html.iec
2010-12-18 05:16 . 2011-02-10 04:27 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 05:15 . 2011-02-10 04:27 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-12-18 04:48 . 2011-02-10 04:27 133632 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2010-12-18 04:47 . 2011-02-10 04:27 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( [email protected]_16.39.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 15:45 . 2011-03-17 19:39 86128 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-06 22:15 . 2011-03-17 19:39 17366 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-987286777-748312672-3327065692-1000_UserData.bin
- 2011-03-17 07:12 . 2011-03-17 07:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-17 19:33 . 2011-03-17 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-17 19:33 . 2011-03-17 19:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-17 07:12 . 2011-03-17 07:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-06 22:32 . 2011-03-17 21:52 327878 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-03-17 16:12 616174 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-03-17 21:53 616174 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-03-17 16:12 109040 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-03-17 21:53 109040 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-16 39408]
"Octoshape Streaming Services"="c:\users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-16 136176]
"googletalk"="c:\users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-05-26 413696]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"SBAMTray"="c:\program files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-06-17 1295696]
"SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe" [2010-06-17 197968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-8-19 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-14 988712]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-3-21 2342912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ---ha-w- c:\program files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
c:\program files (x86)\Napster\napster.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-14 10:42 144784 ---ha-w- c:\program files (x86)\Java\jre1.6.0_04\bin\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60a.sys [x]
S1 archlp;archlp;SysWOW64\drivers\archlp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 03:59]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-16 03:59]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987286777-748312672-3327065692-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 04:04]
.
2011-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987286777-748312672-3327065692-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-05 04:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SysTrayApp"="%ProgramFiles%\IDT\WDM\sttray64.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=P-6860FX
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files (x86)\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ahb09knq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-987286777-748312672-3327065692-1000\Software\SecuROM\License information*]
"datasecu"=hex:7e,6c,84,f3,72,8c,35,86,40,49,ad,b1,91,e9,65,f5,38,f2,a9,ba,68,
e3,e0,b3,fc,79,b7,83,41,ad,fb,a0,60,a6,97,b3,16,84,76,48,a7,cf,34,89,d6,2f,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-17 18:30:07
ComboFix-quarantined-files.txt 2011-03-17 22:30
ComboFix2.txt 2011-03-17 16:41
.
Pre-Run: 181,042,200,576 bytes free
Post-Run: 181,006,712,832 bytes free
.
- - End Of File - - B32E404C40ECF3B0901C336A90CBFF8F

MBAM LOGS HERE

LAST NIGHT:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6079
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19019
3/17/2011 3:11:19 AM
mbam-log-2011-03-17 (03-11-19).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 396394
Time elapsed: 1 hour(s), 3 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Owner\AppData\Roaming\antivirus antispyware 2011\securityhelper.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

3.16:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6079
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.19019
3/16/2011 4:58:02 PM
mbam-log-2011-03-16 (16-58-02).txt
Scan type: Quick scan
Objects scanned: 175172
Time elapsed: 7 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 10
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\AntiVirus AntiSpyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IKljOtlCYL (Trojan.FakeAlert) -> Value: IKljOtlCYL -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011 (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
Files Infected:
c:\programdata\ikljotlcyl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\47898376.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011\help antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011\activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\Windows\start menu\Programs\antivirus antispyware 2011\how to activate antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Users\Owner\Desktop\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Roaming\microsoft\internet explorer\quick launch\antivirus antispyware 2011.lnk (Rogue.AntiVirusAntiSpyware2011) -> Quarantined and deleted successfully.
c:\Users\Owner\AppData\Local\Temp\internetexplorerupdate.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Ried · Mar 18, 2011

Thank you.

I just noticed that the machine has not been rebooted since the first run of ComboFix. Please reboot the machine, and if the issue persists, do the following:

Open notepad and copy/paste the text in the quote box below into it:

regedit /a look.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced"
notepad look.txt

Save this as look.bat Choose to "Save type as - All Files"
It should look like this:

Right click on the look.bat & run as administrator. A notepad file will open. Copy that information into your next reply, please.

=================================

Download & Install - Process Explorer

In Process Explorer, select explorer.exe

Then press [CTRL]+[L] to open PE's lower pane view.
Press [CTRL]+[D] to display DLLs loaded under the process.
From the top left corner, select 'File' & 'Save As...'
Please post the log which it produces

ljastangs21 · Mar 18, 2011

Process

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 79.57 0 K 24 K
System 4 0.60 0 K 4,492 K
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
smss.exe 420 480 K 976 K
csrss.exe 532 2,616 K 7,188 K
wininit.exe 576 1,760 K 5,096 K
services.exe 632 3,076 K 8,040 K
svchost.exe 788 3,576 K 7,856 K Host Process for Windows Services Microsoft Corporation
unsecapp.exe 3048 2,704 K 5,196 K
WmiPrvSE.exe 3184 2.41 9,228 K 15,004 K
ehmsas.exe 3576 1,740 K 5,428 K Media Center Media Status Aggregator Service Microsoft Corporation
unsecapp.exe 4048 2,952 K 6,056 K Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
WmiPrvSE.exe 4068 3,796 K 7,724 K
hpswp_clipbook.exe 3156 3,212 K 6,588 K HP Smart Web Printing add-on for Internet Explorer Hewlett-Packard Co.
FlashUtil10k_ActiveX.exe 4828 2,108 K 7,052 K Adobe® Flash® Player Installer/Uninstaller 10.1 r85 Adobe Systems, Inc.
WsftpCOMHelper.exe 4152 3,768 K 10,200 K COM conectivity for 64 bit apps. Ipswitch
nvvsvc.exe 868 3,888 K 7,480 K NVIDIA Driver Helper Service, Version 260.99 NVIDIA Corporation
NvXDSync.exe 1192 5,876 K 14,248 K
nvvsvc.exe 1208 6,204 K 12,288 K
svchost.exe 896 5,968 K 10,148 K Host Process for Windows Services Microsoft Corporation
svchost.exe 988 17,956 K 16,908 K Host Process for Windows Services Microsoft Corporation
audiodg.exe 780 13,800 K 16,976 K
svchost.exe 1016 123,596 K 131,844 K Host Process for Windows Services Microsoft Corporation
dwm.exe 2812 3.01 58,616 K 75,096 K Desktop Window Manager Microsoft Corporation
svchost.exe 300 0.60 95,800 K 109,548 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 2840 2,744 K 7,820 K
taskeng.exe 3056 < 0.01 12,604 K 15,904 K Task Scheduler Engine Microsoft Corporation
wuauclt.exe 1232 3,332 K 6,864 K Windows Update Microsoft Corporation
svchost.exe 1036 2,632 K 6,128 K Host Process for Windows Services Microsoft Corporation
SLsvc.exe 1060 7,740 K 12,316 K Microsoft Software Licensing Service Microsoft Corporation
svchost.exe 1100 9,164 K 16,848 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1336 18,464 K 19,772 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1552 12,052 K 20,260 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1592 17,964 K 23,908 K Host Process for Windows Services Microsoft Corporation
ACService.exe 1820 1,448 K 4,572 K ArcSoft Connect Service ArcSoft Inc.
agr64svc.exe 1840 1,192 K 3,016 K Agere Soft Modem Call Progress Service Agere Systems
mDNSResponder.exe 1868 1,800 K 5,624 K Bonjour Service Apple Inc.
svchost.exe 1880 2,648 K 4,204 K Host Process for Windows Services Microsoft Corporation
dlbxcoms.exe 1896 2,860 K 5,316 K Printer Communication System
FlipShareService.exe 1928 4,308 K 7,576 K FlipShare Service
svchost.exe 1972 4,380 K 8,664 K Host Process for Windows Services Microsoft Corporation
IAANTmon.exe 1324 3,156 K 6,960 K RAID Monitor Intel Corporation
svchost.exe 1436 1,368 K 4,064 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1748 1,556 K 4,332 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1816 3,048 K 7,172 K Host Process for Windows Services Microsoft Corporation
SBPIMSvc.exe 1956 3,708 K 480 K Plug-in Manager Service Sunbelt Software
stacsv64.exe 2108 9,536 K 8,440 K STacSV Module IDT, Inc.
svchost.exe 2168 5,252 K 9,320 K Host Process for Windows Services Microsoft Corporation
TeamViewer_Service.exe 2188 4,776 K 10,448 K TeamViewer Remote Control Application TeamViewer GmbH
svchost.exe 2224 2,212 K 5,208 K Host Process for Windows Services Microsoft Corporation
SearchIndexer.exe 2256 108,320 K 24,476 K Microsoft Windows Search Indexer Microsoft Corporation
SearchProtocolHost.exe 3088 5,756 K 12,028 K
SearchFilterHost.exe 4680 3,512 K 6,092 K
YahooAUService.exe 2312 3,848 K 8,576 K AutoUpater Service Module Yahoo! Inc.
svchost.exe 2072 4,724 K 9,160 K Host Process for Windows Services Microsoft Corporation
alg.exe 968 1,844 K 5,548 K Application Layer Gateway Service Microsoft Corporation
SBAMSvc.exe 3828 23,704 K 476 K Sunbelt Software Anti Malware Service Sunbelt Software
SBAMTray.exe 1268 < 0.01 3,124 K 9,536 K SBAMTray Application Sunbelt Software
TrustedInstaller.exe 2204 7,844 K 11,812 K Windows Modules Installer Microsoft Corporation
lsass.exe 648 5,008 K 11,796 K Local Security Authority Process Microsoft Corporation
lsm.exe 656 3,152 K 5,472 K
csrss.exe 596 3,256 K 8,772 K
winlogon.exe 292 2,788 K 7,160 K
explorer.exe 2860 < 0.01 33,648 K 60,440 K Windows Explorer Microsoft Corporation
IAAnotif.exe 3416 1,668 K 5,576 K Event Monitor User Notification Tool Intel Corporation
sttray64.exe 3424 5,864 K 13,340 K IDT Audio system tray application IDT, Inc.
SynTPEnh.exe 3436 < 0.01 4,352 K 13,464 K Synaptics TouchPad Enhancements Synaptics, Inc.
SynTPHelper.exe 1044 1,320 K 3,304 K
LWEMon.exe 3444 < 0.01 5,372 K 9,364 K Logitech WingMan Event Monitor Logitech Inc.
sidebar.exe 3480 1.81 17,476 K 30,600 K Windows Sidebar Microsoft Corporation
ehtray.exe 3492 2,300 K 2,000 K Media Center Tray Applet Microsoft Corporation
msnmsgr.exe 3516 18,964 K 7,152 K Windows Live Messenger Microsoft Corporation
OctoshapeClient.exe 3640 6,992 K 10,352 K Main program for Octoshape client Octoshape ApS
googletalk.exe 3664 < 0.01 18,816 K 25,388 K Google Talk Google
iexplore.exe 1572 < 0.01 17,692 K 34,104 K Internet Explorer Microsoft Corporation
iexplore.exe 744 < 0.01 92,932 K 96,656 K Internet Explorer Microsoft Corporation
GoogleToolbarUser_32.exe 3336 7,732 K 11,340 K Google Toolbar Broker Google Inc.
iexplore.exe 5068 < 0.01 67,696 K 66,104 K Internet Explorer Microsoft Corporation
notepad.exe 4504 7,112 K 17,896 K Notepad Microsoft Corporation
cmd.exe 4704 1,936 K 2,380 K
notepad.exe 4288 2,172 K 6,436 K
procexp.exe 984 2,564 K 6,964 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
procexp64.exe 4724 12.06 21,372 K 34,076 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
traybar.exe 3688 < 0.01 1,680 K 6,840 K traybar Chicony
CEC_MAIN.exe 3864 < 0.01 25,536 K 31,648 K
HpqSRmon.exe 3736 < 0.01 1,872 K 6,492 K HpqSRmon Hewlett-Packard
hpwuSchd2.exe 3752 3,356 K 7,648 K hpwuSchd Application Hewlett-Packard
ACDaemon.exe 3764 2,948 K 8,088 K ArcSoft Connect Daemon ArcSoft Inc.
Ymsgr_tray.exe 3360 19,512 K 8,072 K Yahoo! Messenger Tray Yahoo! Inc.
Process: explorer.exe Pid: 2860
Name Description Company Name Version
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.0.6001.18000
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 6.0.6001.18000
AltTab.dll Windows Shell Alt Tab Microsoft Corporation 6.0.6000.16386
apphelp.dll Application Compatibility Client Library Microsoft Corporation 6.0.6001.18000
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.5.2284.2
AudioEng.dll Audio Engine Microsoft Corporation 6.0.6001.18000
AudioSes.dll Audio Session Microsoft Corporation 6.0.6001.18000
authui.dll Windows Authentication UI Microsoft Corporation 6.0.6001.18000
avrt.dll Multimedia Realtime Runtime Microsoft Corporation 6.0.6001.18000
batmeter.dll Battery Meter Helper DLL Microsoft Corporation 6.0.6001.18000
bcrypt.dll Windows Cryptographic Primitives Library Microsoft Corporation 6.0.6001.18000
browseui.dll Shell Browser UI Library Microsoft Corporation 6.0.6001.18000
bthprops.cpl Bluetooth Control Panel Applet Microsoft Corporation 6.0.6001.18000
cabinet.dll Microsoft® Cabinet File API Microsoft Corporation 6.0.6001.18000
clbcatq.dll COM+ Configuration Catalog Microsoft Corporation 2001.12.6931.18000
comctl32.dll User Experience Controls Library Microsoft Corporation 6.10.6001.18523
comctl32.dll.mui User Experience Controls Library Microsoft Corporation 6.10.6001.18000
credssp.dll TS Single Sign On Security Package Microsoft Corporation 6.0.6001.18000
crypt32.dll Crypto API32 Microsoft Corporation 6.0.6001.18000
cryptdll.dll Cryptography Manager Microsoft Corporation 6.0.6001.18000
cscapi.dll Offline Files Win32 API Microsoft Corporation 6.0.6001.18000
davclnt.dll Web DAV Client DLL Microsoft Corporation 6.0.6001.18000
dhcpcsvc.dll DHCP Client Service Microsoft Corporation 6.0.6001.18000
dhcpcsvc6.dll DHCPv6 Client Microsoft Corporation 6.0.6001.18000
dnsapi.dll DNS Client API DLL Microsoft Corporation 6.0.6001.18000
drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 6.0.6001.18000
duser.dll Windows DirectUser Engine Microsoft Corporation 6.0.6001.18000
dwmapi.dll Microsoft Desktop Window Manager API Microsoft Corporation 6.0.6001.18000
eappcfg.dll Eap Peer Config Microsoft Corporation 6.0.6001.18000
eappprxy.dll Microsoft EAPHost Peer Client DLL Microsoft Corporation 6.0.6001.18000
ehSSO.dll Windows Media Center Shell Service Object Microsoft Corporation 6.0.6000.16386
es.dll COM+ Microsoft Corporation 2001.12.6931.18057
explorer.exe Windows Explorer Microsoft Corporation 6.0.6001.18164
ExplorerFrame.dll ExplorerFrame Microsoft Corporation 6.0.6001.18000
fastprox.dll WMI Custom Marshaller Microsoft Corporation 6.0.6001.18226
FirewallAPI.dll Windows Firewall API Microsoft Corporation 6.0.6001.18000
FWPUCLNT.DLL FWP/IPsec User-Mode API Microsoft Corporation 6.0.6001.18000
gdi32.dll GDI Client DLL Microsoft Corporation 6.0.6001.18159
GdiPlus.dll Microsoft GDI+ Microsoft Corporation 5.2.6001.18175
gpapi.dll Group Policy Client API Microsoft Corporation 6.0.6001.18000
hid.dll Hid User Library Microsoft Corporation 6.0.6001.18000
IconCodecService.dll Converts a PNG part of the icon to a legacy bmp icon Microsoft Corporation 6.0.6000.16386
ieframe.dll Internet Explorer Microsoft Corporation 8.0.6001.19019
ieframe.dll.mui Internet Explorer Microsoft Corporation 8.0.6001.18702
iertutil.dll Run time utility for Internet Explorer Microsoft Corporation 8.0.6001.19019
imagehlp.dll Windows NT Image Helper Microsoft Corporation 6.0.6001.18000
imageres.dll Windows Image Resource Microsoft Corporation 6.0.6000.16386
imageres.dll Windows Image Resource Microsoft Corporation 6.0.6000.16386
imageres.dll.mui Windows Image Resource Microsoft Corporation 6.0.6000.16386
imageres.dll.mui Windows Image Resource Microsoft Corporation 6.0.6000.16386
imapi2.dll Image Mastering API v2 Microsoft Corporation 6.0.6001.18000
imm32.dll Multi-User Windows IMM32 API Client DLL Microsoft Corporation 6.0.6001.18000
index.dat
index.dat
index.dat
index.dat
index.dat
IPHLPAPI.DLL IP Helper API Microsoft Corporation 6.0.6001.18000
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 6.0.6001.18215
ksuser.dll User CSA Library Microsoft Corporation 6.0.6001.18000
linkinfo.dll Windows Volume Tracking Microsoft Corporation 6.0.6001.18000
locale.nls
locale.nls
lpk.dll Language Pack Microsoft Corporation 6.0.6001.18000
mbamext.dll Malwarebytes' Anti-Malware Malwarebytes Corporation 1.50.1.0
mfc90.dll MFCDLL Shared Library - Retail Version Microsoft Corporation 9.0.30729.4148
MFC90ENU.DLL MFC Language Specific Resources Microsoft Corporation 9.0.21022.8
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 6.0.6001.18000
mlang.dll Multi Language Support DLL Microsoft Corporation 6.0.6001.18000
MMDevAPI.dll MMDevice API Microsoft Corporation 6.0.6001.18000
mpr.dll Multiple Provider Router DLL Microsoft Corporation 6.0.6001.18000
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 6.0.6001.18000
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 6.0.6001.18000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 6.0.6001.18326
msctf.dll MSCTF Server DLL Microsoft Corporation 6.0.6001.18000
msimg32.dll GDIEXT Client DLL Microsoft Corporation 6.0.6001.18000
msshsq.dll Structured Query Microsoft Corporation 7.0.6001.18528
mssprxy.dll Microsoft Search Proxy Microsoft Corporation 7.0.6001.16503
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 6.0.6001.18330
msvcp90.dll Microsoft® C++ Runtime Library Microsoft Corporation 9.0.30729.4148
msvcr90.dll Microsoft® C Runtime Library Microsoft Corporation 9.0.30729.4148
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.0.6001.18000
msxml6.dll MSXML 6.0 SP2 Microsoft Corporation 6.20.4001.0
msxml6r.dll XML Resources Microsoft Corporation 6.0.3883.0
NaturalLanguage6.dll Natural Language Development Platform 6 Microsoft Corporation 6.0.6001.18098
ndfapi.dll Network Diagnostic Framework Client API Microsoft Corporation 6.0.6001.18000
netapi32.dll Net Win32 API DLL Microsoft Corporation 6.0.6001.18157
netprofm.dll Network List Manager Microsoft Corporation 6.0.6001.18000
netshell.dll Network Connections Shell Microsoft Corporation 6.0.6001.18000
networkexplorer.dll Network Explorer Microsoft Corporation 6.0.6001.18000
nlaapi.dll Network Location Awareness 2 Microsoft Corporation 6.0.6001.18000
NlsData0009.dll Microsoft English Natural Language Server Data and Code Microsoft Corporation 6.0.6001.18000
NlsLexicons0009.dll Microsoft English Natural Language Server Data and Code Microsoft Corporation 6.0.6001.18098
normaliz.dll Unicode Normalization DLL Microsoft Corporation 6.0.6000.16386
npmproxy.dll Network List Manager Proxy Microsoft Corporation 6.0.6000.16386
nsi.dll NSI User-mode interface DLL Microsoft Corporation 6.0.6001.18000
ntdll.dll NT Layer DLL Microsoft Corporation 6.0.6001.18538
ntdsapi.dll Active Directory Domain Services API Microsoft Corporation 6.0.6001.18000
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 6.0.6001.18000
ntmarta.dll Windows NT MARTA provider Microsoft Corporation 6.0.6001.18000
ntshrui.dll Shell extensions for sharing Microsoft Corporation 6.0.6001.18000
ole32.dll Microsoft OLE for Windows Microsoft Corporation 6.0.6001.18498
oleacc.dll Active Accessibility Core Component Microsoft Corporation 4.2.5406.0
oleaccrc.dll Active Accessibility Resource DLL Microsoft Corporation 4.2.5406.0
oleaut32.dll Microsoft Corporation 6.0.6001.18000
onex.dll IEEE 802.1X supplicant library Microsoft Corporation 6.0.6001.18000
pnidui.dll Network System Icon Microsoft Corporation 6.0.6001.18000
PortableDeviceApi.dll Windows Portable Device API Components Microsoft Corporation 6.0.6001.18160
PortableDeviceTypes.dll Windows Portable Device (Parameter) Types Component Microsoft Corporation 6.0.6001.18000
powrprof.dll Power Profile Helper DLL Microsoft Corporation 6.0.6001.18000
propsys.dll Microsoft Property System Microsoft Corporation 7.0.6001.16503
psapi.dll Process Status Helper Microsoft Corporation 6.0.6001.18000
QAGENT.DLL Quarantine Agent Proxy Microsoft Corporation 6.0.6001.18000
QUTIL.DLL Quarantine Utilities Microsoft Corporation 6.0.6001.18000
R000000000009.clb
RarExt64.dll 64 bit WinRAR shell extension Alexander Roshal 3.93.0.0
rasapi32.dll Remote Access API Microsoft Corporation 6.0.6001.18000
rasman.dll Remote Access Connection Manager Microsoft Corporation 6.0.6001.18000
RASMM.dll RAS Media Manager Microsoft Corporation 6.0.6001.18000
rasmm.dll.mui RAS Media Manager Microsoft Corporation 6.0.6000.16386
res0409.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 6.0.6001.18247
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 6.0.6001.18000
rtutils.dll Routing Utilities Microsoft Corporation 6.0.6001.18495
samlib.dll SAM Library DLL Microsoft Corporation 6.0.6001.18000
SBAMScanShellExt.dll SBAM Scan Shell Extension Sunbelt Software 4.0.3295.0
schannel.dll TLS / SSL Security Provider Microsoft Corporation 6.0.6001.18507
secur32.dll Security Support Provider Interface Microsoft Corporation 6.0.6001.18272
setupapi.dll Windows Setup API Microsoft Corporation 6.0.6001.18000
shacct.dll Shell Accounts Classes Microsoft Corporation 6.0.6001.18000
shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.0.6001.18000
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.0.6001.18588
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.0.6001.18588
SLC.dll Software Licensing Client Dll Microsoft Corporation 6.0.6001.18000
SndVolSSO.dll SCA Volume Microsoft Corporation 6.0.6000.16386
srchadmin.dll Indexing Options Microsoft Corporation 7.0.6001.16503
stobject.dll Systray shell service object Microsoft Corporation 6.0.6001.18000
sxs.dll Fusion 2.5 Microsoft Corporation 6.0.6001.18000
SyncCenter.dll Microsoft Sync Center Microsoft Corporation 6.0.6001.18000
synceng.dll Windows Briefcase Engine Microsoft Corporation 6.0.6001.18000
syncui.dll Windows Briefcase Microsoft Corporation 6.0.6001.18000
tapi32.dll Microsoft® Windows(TM) Telephony API Client DLL Microsoft Corporation 6.0.6000.16386
thumbcache.dll Microsoft Thumbnail Cache Microsoft Corporation 6.0.6001.18000
timedate.cpl Time Date Control Panel Applet Microsoft Corporation 6.0.6001.18347
tquery.dll tquery.dll Microsoft Corporation 7.0.6001.16503
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 8.0.6001.19019
urlmon.dll.mui OLE32 Extensions for Win32 Microsoft Corporation 8.0.6001.18702
user32.dll Multi-User Windows USER API Client DLL Microsoft Corporation 6.0.6001.18000
userenv.dll Userenv Microsoft Corporation 6.0.6001.18000
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.626.6001.18461
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.0.6001.18000
version.dll Version Checking and File Installation Libraries Microsoft Corporation 6.0.6001.18000
wbemcomn.dll WMI Microsoft Corporation 6.0.6001.18000
wbemprox.dll WMI Microsoft Corporation 6.0.6001.18000
wbemsvc.dll WMI Microsoft Corporation 6.0.6001.18000
wdi.dll Windows Diagnostic Infrastructure Microsoft Corporation 6.0.6001.18000
wdmaud.drv Winmm audio system driver Microsoft Corporation 6.0.6001.18000
webcheck.dll Web Site Monitor Microsoft Corporation 8.0.6001.18702
wevtapi.dll Eventing Consumption and Configuration API Microsoft Corporation 6.0.6001.18000
winbrand.dll Windows Branding Resources Microsoft Corporation 6.0.6001.18000
WindowsCodecs.dll Microsoft Windows Codecs Library Microsoft Corporation 6.0.6001.22253
winhttp.dll Windows HTTP Services Microsoft Corporation 6.0.6001.18315
wininet.dll Internet Extensions for Win32 Microsoft Corporation 8.0.6001.19019
winmm.dll MCI API DLL Microsoft Corporation 6.0.6001.18000
winnsi.dll Network Store Information RPC interface Microsoft Corporation 6.0.6001.18000
winspool.drv Windows Spooler Driver Microsoft Corporation 6.0.6001.18000
winsta.dll Winstation Library Microsoft Corporation 6.0.6001.18000
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 6.0.6001.18387
wlanapi.dll Windows WLAN AutoConfig Client Side API DLL Microsoft Corporation 6.0.6001.18288
WLanConn.dll Dot11 Connection Flows Microsoft Corporation 6.0.6001.18000
WLanConn.dll.mui Dot11 Connection Flows Microsoft Corporation 6.0.6000.16386
wlanhlp.dll Windows Wireless LAN 802.11 Client Side Helper API Microsoft Corporation 6.0.6001.18288
WlanMM.dll Dot11 Media and AdHoc Managers Microsoft Corporation 6.0.6001.18000
wlanmm.dll.mui Dot11 Media and AdHoc Managers Microsoft Corporation 6.0.6000.16386
wlanutil.dll Windows Wireless LAN 802.11 Utility DLL Microsoft Corporation 6.0.6000.16386
Wldap32.dll Win32 LDAP API DLL Microsoft Corporation 6.0.6001.18000
WPDShServiceObj.dll Windows Portable Device Shell Service Object Microsoft Corporation 6.0.6001.18000
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 6.0.6001.18000
wscapi.dll Windows Security Center API Microsoft Corporation 6.0.6001.18000
wscntfy.dll Windows Security Center Notification App Microsoft Corporation 6.0.6001.18000
wsftpsi.dll wsftpsi Module Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421 12.3.0.1
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 6.0.6001.18000
xwizards.dll Extensible Wizards Manager Module Microsoft Corporation 6.0.6001.18000

BAT

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ServerAdminUI"=dword:00000000
"Hidden"=dword:00000000
"ShowCompColor"=dword:00000001
"HideFileExt"=dword:00000001
"DontPrettyPath"=dword:00000000
"ShowInfoTip"=dword:00000001
"HideIcons"=dword:00000000
"MapNetDrvBtn"=dword:00000000
"WebView"=dword:00000001
"Filter"=dword:00000000
"SuperHidden"=dword:00000000
"SeparateProcess"=dword:00000000
"AutoCheckSelect"=dword:00000001
"IconsOnly"=dword:00000000
"ShowTypeOverlay"=dword:00000001
"ListviewAlphaSelect"=dword:00000001
"ListviewShadow"=dword:00000001
"ListviewWatermark"=dword:00000001
"TaskbarAnimations"=dword:00000001
"StartMenuInit"=dword:00000003
"Start_ShowSetProgramAccessAndDefaults"=dword:00000000
"Start_ShowPrinters"=dword:00000001
"Start_SortByName"=dword:00000001
"Start_NotifyNewApps"=dword:00000000
"AlwaysShowMenus"=dword:00000001
"TaskbarSizeMove"=dword:00000001
"ShowSuperHidden"=dword:00000000

Ried · Mar 19, 2011

Do you have access to the Vista x64 Install disk? If not, when you boot your computer tapping F8 - same as you would to access the menu for Safe Mode - do you see 'Repair your Computer' as an option in that menu?

Also, please run this next tool. Just scan for now - if it detects anything, do not select Fix. I need to see the log results first.

Download aswMBR.exe to your desktop.

Right click it to Run as administrator.

Click the "Scan" button to start the scan. When it has completed, click Save Log, and save it to your desktop or wherever you can access it easily to post in your next reply.

ljastangs21 · Mar 19, 2011

I tried to run that scan and got a BSOD. It showed this error... 0x000000D1.

I saw the repair icon pop up the other night and clicked it. I did the restore but it was hanging at the "windows restore is initializing" screen.

Ried · Mar 19, 2011

Can you get me the entire message the blue screen shows?

I understand that Startup Repair can kick in on its own, what I want to be able to do is load the Recovery Environment. To do this, we need the Vista Install disc, unless you have the option of Repair your computer listed in the Advanced Boot Options menu.

Please restart the machine and tap F8, same as you would do to get to Safe Mode. Do you see 'Repair your computer' listed there?

ljastangs21 · Mar 19, 2011

Entire message is :

DRIVER_IRQL_NOT_LESS_OR_EQUAL

Stop errors:

0x0d1 , 0x04c8 , 0x02 , 0x00 , 0xfa60b3c462

I dont have access to the CD but I just rebooted and saw the repair option. I clicked it and did start up repair and it found no problems.

Ried · Mar 19, 2011

Ok, but slow down a bit.

I know Startup Repair is not going to help. The option to 'Repair your computer' will allow us to work within the Recovery Environment which affords us the chance to run a scanning tool without Windows being loaded.

Without Windows loaded, the infection will not be loaded, thus it will not be able to hide its files from us. I'm hoping we'll see something we otherwise cannot see.

Please read and follow these instructions carefully. Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter.

Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

ljastangs21 · Mar 20, 2011

Can I do this if I download to a CD instead of a flash drive?

Ried · Mar 20, 2011

Since the log will be saved to the same location that FRST64.exe is located, the CD must be re-writable, CD-RW not CD-R

I do not have time to try it right now, but a log is also produced on the C:\ drive. If you really can't get a usb stick to use, or a re-writable CD, try running it from a regular CD and look for the log located in the C:\FRST\Logs folder.

Your CD ROM drive will likely be D:\ instead of e:\. I've adjusted the steps a bit:

In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your CDROM drive letter and close the notepad.
In the command window type d:\frst64.exe and press Enter.

Note: Replace letter d with the drive letter of your CDROM drive.

ljastangs21 · Mar 20, 2011

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.0.6
Ran by SYSTEM at 2011-03-20 18:37:25
Running from D:\
Windows Vista (TM) Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry ==========================
HKLM\...\Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe" (Intel Corporation)[174872 2007-02-12]
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe (IDT, Inc.)[437760 2007-11-09]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)[1220392 2008-01-17]
HKLM\...\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui (Logitech Inc.)[190472 2009-09-16]
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" (Adobe Systems Incorporated)[500208 2010-03-05]
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Gateway\traybar.exe" (Chicony)[638976 2007-09-13]
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)[177472 2009-05-13]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)[31072 2008-10-25]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)[413696 2009-05-26]
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)[150528 2008-07-22]
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)[54840 2007-05-08]
HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" (ArcSoft Inc.)[207424 2010-10-27]
HKLM-x32\...\Run: [SBAMTray] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMTray.exe" (Sunbelt Software)[1295696 2010-06-17]
HKLM-x32\...\Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe" (Sunbelt Software)[197968 2010-06-17]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)[1555968 2008-01-20]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)[1555968 2008-01-20]
HKU\Owner\...\Run: [Sidebar] "C:\Program Files (x86)\Windows Sidebar\Sidebar.exe" /autorun (Microsoft Corporation)[1233920 2008-01-20]
HKU\Owner\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)[138240 2008-01-20]
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)[3872080 2010-04-16]
HKU\Owner\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (Google Inc.)[39408 2010-04-15]
HKU\Owner\...\Run: [Octoshape Streaming Services] "C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun (Octoshape ApS)[70936 2009-01-08]
HKU\Owner\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc.)[5252408 2010-06-01]
HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c (Google Inc.)[136176 2010-04-15]
HKU\Owner\...\Run: [googletalk] C:\Users\Owner\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart (Google)[3739648 2007-01-01]
HKLM-x32\...\Runonce: [Launcher] %WINDIR%\SMINST\launcher.exe
Tcpip\Parameters: [DhcpNameServer] 192.168.200.1 192.168.200.1

==================== Drivers and Services ====================
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
0 ACPI; C:\Windows\System32\drivers\acpi.sys [326712 2008-01-20] (Microsoft Corporation)
4 adp94xx; C:\Windows\System32\drivers\adp94xx.sys [486456 2008-01-20] (Adaptec, Inc.)
4 adpahci; C:\Windows\System32\drivers\adpahci.sys [342584 2008-01-20] (Adaptec, Inc.)
4 adpu160m; C:\Windows\System32\drivers\adpu160m.sys [126520 2008-01-20] (Adaptec, Inc.)
4 adpu320; C:\Windows\System32\drivers\adpu320.sys [185912 2008-01-20] (Adaptec, Inc.)
2 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [26624 2006-11-02] (Microsoft Corporation)
1 AFD; C:\Windows\System32\drivers\afd.sys [408064 2008-01-20] (Microsoft Corporation)
2 AgereModemAudio; C:\Windows\system32\agr64svc.exe [15872 2007-12-10] (Agere Systems)
3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1252352 2008-02-28] (Agere Systems)
3 agp440; C:\Windows\System32\drivers\agp440.sys [64568 2008-01-20] (Microsoft Corporation)
4 aic78xx; C:\Windows\System32\drivers\djsvs.sys [88168 2006-11-02] (Adaptec, Inc.)
3 ALG; C:\Windows\System32\alg.exe [80896 2008-01-20] (Microsoft Corporation)
4 aliide; C:\Windows\System32\drivers\aliide.sys [15976 2008-01-20] (Acer Laboratories Inc.)
4 amdide; C:\Windows\System32\drivers\amdide.sys [15976 2008-01-20] (Microsoft Corporation)
4 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [50688 2008-01-20] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [45056 2008-01-20] (Microsoft Corporation)
4 arc; C:\Windows\System32\drivers\arc.sys [90680 2008-01-20] (Adaptec, Inc.)
4 arcsas; C:\Windows\System32\drivers\arcsas.sys [91192 2008-01-20] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [22016 2008-01-20] (Microsoft Corporation)
0 atapi; C:\Windows\System32\drivers\atapi.sys [22584 2008-01-20] (Microsoft Corporation)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [444928 2008-01-20] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\Audiosrv.dll [444928 2008-01-20] (Microsoft Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [214016 2008-01-20] (Broadcom Corporation)
3 BCM43XV; C:\Windows\System32\DRIVERS\bcmwl664.sys [550912 2006-10-06] (Broadcom Corporation)
2 BFE; C:\Windows\System32\bfe.dll [458240 2008-01-20] (Microsoft Corporation)
2 BITS; C:\Windows\System32\qmgr.dll [1082368 2008-01-20] (Microsoft Corporation)
4 blbdrive; C:\Windows\System32\drivers\blbdrive.sys [55296 2008-01-20] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [238888 2008-12-12] (Apple Inc.)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2008-01-20] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\drivers\brfiltlo.sys [18432 2006-09-18] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\drivers\brfiltup.sys [8704 2006-09-18] (Brother Industries, Ltd.)
2 Browser; C:\Windows\System32\browser.dll [103424 2008-01-20] (Microsoft Corporation)
4 Brserid; C:\Windows\System32\drivers\brserid.sys [86528 2006-11-02] (Brother Industries Ltd.)
4 BrSerWdm; C:\Windows\System32\drivers\brserwdm.sys [47104 2006-09-18] (Brother Industries Ltd.)
4 BrUsbMdm; C:\Windows\System32\drivers\brusbmdm.sys [14976 2006-09-18] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\drivers\brusbser.sys [14720 2006-09-19] (Brother Industries Ltd.)
3 BthEnum; C:\Windows\System32\DRIVERS\BthEnum.sys [23040 2008-01-20] (Microsoft Corporation)
4 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [50688 2006-11-02] (Microsoft Corporation)
3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [115712 2008-01-20] (Microsoft Corporation)
3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [276480 2008-04-28] (Microsoft Corporation)
2 BthServ; C:\Windows\System32\bthserv.dll [51200 2006-11-02] (Microsoft Corporation)
3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [34304 2008-04-28] (Microsoft Corporation)
3 btwaudio; C:\Windows\System32\drivers\btwaudio.sys [88104 2007-07-15] (Broadcom Corporation.)
3 btwavdt; C:\Windows\System32\drivers\btwavdt.sys [95784 2007-07-15] (Broadcom Corporation.)
3 btwrchid; C:\Windows\System32\DRIVERS\btwrchid.sys [19752 2007-07-15] (Broadcom Corporation.)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [90624 2008-01-20] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [79872 2008-01-20] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [49152 2008-01-20] (Microsoft Corporation)
4 circlass; C:\Windows\System32\drivers\circlass.sys [41984 2008-01-20] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [363064 2008-01-20] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-27] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [93184 2008-07-27] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17792 2008-01-20] (Microsoft Corporation)
4 cmdide; C:\Windows\System32\drivers\cmdide.sys [18024 2008-01-20] (CMD Technology, Inc.)
0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [23608 2008-01-20] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [8704 2006-11-02] (Microsoft Corporation)
0 crcdisk; C:\Windows\System32\drivers\crcdisk.sys [27704 2008-01-20] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [165376 2008-01-20] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [718336 2009-03-02] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [97792 2008-01-20] (Microsoft Corporation)
3 DFSR; C:\Windows\System32\DFSR.exe [3432960 2008-01-20] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcsvc.dll [268288 2008-01-20] (Microsoft Corporation)
0 disk; C:\Windows\System32\drivers\disk.sys [68664 2008-01-20] (Microsoft Corporation)
2 dlbx_device; C:\Windows\system32\dlbxcoms.exe -service [567280 2007-05-22] ( )
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [117760 2008-01-20] (Microsoft Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [208384 2008-01-20] (Microsoft Corporation)
3 Dot4; C:\Windows\System32\DRIVERS\Dot4.sys [145408 2008-01-20] (Microsoft Corporation)
3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2008-01-20] (Microsoft Corporation)
3 dot4usb; C:\Windows\System32\DRIVERS\dot4usb.sys [42496 2008-01-20] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [139264 2008-01-20] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [6144 2008-01-20] (Microsoft Corporation)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [883200 2008-08-01] (Microsoft Corporation)
3 E1G60; C:\Windows\System32\DRIVERS\E1G6032E.sys [146176 2008-01-20] (Intel Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [74752 2008-01-20] (Microsoft Corporation)
0 Ecache; C:\Windows\System32\drivers\ecache.sys [157240 2008-01-20] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [344064 2008-01-20] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [153600 2008-01-20] (Microsoft Corporation)
2 ehstart; C:\Windows\ehome\ehstart.dll [15360 2006-11-02] (Microsoft Corporation)
4 elxstor; C:\Windows\System32\drivers\elxstor.sys [397368 2008-01-20] (Emulex)
2 EMDMgmt; C:\Windows\System32\emdmgmt.dll [399872 2008-06-25] (Microsoft Corporation)
4 ErrDev; C:\Windows\System32\drivers\errdev.sys [8704 2008-01-20] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27648 2008-01-20] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [361984 2008-04-17] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [187392 2008-01-20] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [198656 2008-01-20] (Microsoft Corporation)
4 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2008-01-20] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [15360 2008-01-20] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [33280 2006-11-02] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70200 2008-01-20] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [33280 2008-01-20] (Microsoft Corporation)
2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [451904 2009-02-17] ()
4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2008-01-20] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [275512 2008-01-20] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [46104 2008-06-19] (Microsoft Corporation)
1 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [16384 2008-01-20] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\drivers\gagp30kx.sys [68152 2008-01-20] (Microsoft Corporation)
3 GameConsoleService; "C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe" [181800 2007-08-29] (WildTangent, Inc.)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [30760 2009-01-15] (GEAR Software Inc.)
2 gpsvc; C:\Windows\System32\gpsvc.dll [718336 2008-01-20] (Microsoft Corporation)
2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [135664 2010-04-15] (Google Inc.)
3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [182768 2010-04-15] (Google)
3 hcwhdpvr; C:\Windows\System32\DRIVERS\hcwhdpvr.sys [189440 2009-04-01] (Hauppauge, Inc.)
3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [273920 2006-11-01] (Microsoft Corporation)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [50688 2008-01-20] (Microsoft Corporation)
4 HidBth; C:\Windows\System32\drivers\hidbth.sys [34304 2006-11-02] (Microsoft Corporation)
4 HidIr; C:\Windows\System32\drivers\hidir.sys [25600 2006-11-02] (Microsoft Corporation)
2 hidserv; C:\Windows\System32\hidserv.dll [24064 2006-11-02] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [15872 2008-01-20] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [86528 2008-01-20] (Microsoft Corporation)
4 HpCISSs; C:\Windows\System32\drivers\hpcisss.sys [47672 2008-01-20] (Hewlett-Packard Company)
3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.)
2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.)
2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [610304 2010-02-20] (Microsoft Corporation)
4 i2omp; C:\Windows\System32\drivers\i2omp.sys [35896 2008-01-20] (Microsoft Corporation)
1 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [64000 2008-01-20] (Microsoft Corporation)
2 IAANTMON; C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe [355096 2007-02-12] (Intel Corporation)
0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [537368 2007-02-12] (Intel Corporation)
4 iaStorV; C:\Windows\System32\drivers\iastorv.sys [290872 2008-01-20] (Intel Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [859648 2008-06-19] (Microsoft Corporation)
4 iirsp; C:\Windows\System32\drivers\iirsp.sys [44648 2006-11-02] (Intel Corp./ICP vortex GmbH)
2 IKEEXT; C:\Windows\System32\ikeext.dll [454656 2008-01-20] (Microsoft Corporation)
0 intelide; C:\Windows\System32\drivers\intelide.sys [19512 2008-01-20] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [48128 2008-01-20] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [93696 2008-01-20] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [67072 2008-01-20] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [224256 2010-02-18] (Microsoft Corporation)
4 IPMIDRV; C:\Windows\System32\drivers\ipmidrv.sys [76288 2008-01-20] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\DRIVERS\ipnat.sys [115712 2008-01-20] (Microsoft Corporation)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17408 2008-01-20] (Microsoft Corporation)
4 isapnp; C:\Windows\System32\drivers\isapnp.sys [23608 2008-01-20] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [215096 2008-01-20] (Microsoft Corporation)
4 iteatapi; C:\Windows\System32\drivers\iteatapi.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
4 iteraid; C:\Windows\System32\drivers\iteraid.sys [37480 2006-11-02] (Integrated Technology Express, Inc.)
1 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42040 2008-01-20] (Microsoft Corporation)
1 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [20480 2008-01-20] (Microsoft Corporation)
3 KeyIso; C:\Windows\System32\lsass.exe [11264 2009-06-15] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [515656 2009-06-15] (Microsoft Corporation)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20864 2008-01-20] (Microsoft Corporation)
2 KtmRm; C:\Windows\System32\msdtckrm.dll [395264 2008-01-20] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [179712 2010-09-06] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [202752 2009-06-10] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [59392 2008-01-20] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [296960 2008-01-20] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [24064 2008-01-20] (Microsoft Corporation)
4 LSI_FC; C:\Windows\System32\drivers\lsi_fc.sys [113720 2008-01-20] (LSI Logic)
4 LSI_SAS; C:\Windows\System32\drivers\lsi_sas.sys [105016 2008-01-20] (LSI Logic)
4 LSI_SCSI; C:\Windows\System32\drivers\lsi_scsi.sys [113720 2008-01-20] (LSI Logic)
2 luafv; C:\Windows\System32\drivers\luafv.sys [109568 2008-01-20] (Microsoft Corporation)
3 Macromedia Licensing Service; "C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" [68096 2008-09-04] ()
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [67072 2008-01-20] (Microsoft Corporation)
4 megasas; C:\Windows\System32\drivers\megasas.sys [35896 2008-01-20] (LSI Corporation)
4 MegaSR; C:\Windows\System32\drivers\megasr.sys [438328 2008-01-20] (LSI Corporation, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [65888 2008-10-25] (Microsoft Corporation)
2 MMCSS; C:\Windows\System32\mmcss.dll [37888 2008-01-20] (Microsoft Corporation)
3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2008-01-20] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [49152 2008-01-20] (Microsoft Corporation)
1 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [39992 2008-01-20] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [19968 2008-01-20] (Microsoft Corporation)
0 MountMgr; C:\Windows\System32\drivers\mountmgr.sys [70200 2008-01-20] (Microsoft Corporation)
4 mpio; C:\Windows\System32\drivers\mpio.sys [128056 2008-01-20] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [81408 2008-01-20] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [601088 2008-01-20] (Microsoft Corporation)
4 Mraid35x; C:\Windows\System32\drivers\mraid35x.sys [39016 2006-11-02] (LSI Logic Corporation)
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [134144 2008-01-20] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [135168 2010-02-23] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [273920 2010-02-23] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [105472 2010-02-23] (Microsoft Corporation)
0 msahci; C:\Windows\System32\drivers\msahci.sys [31288 2008-01-20] (Microsoft Corporation)
4 msdsm; C:\Windows\System32\drivers\msdsm.sys [113720 2008-01-20] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [106496 2008-01-20] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2008-01-20] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\drivers\msisadrv.sys [17976 2008-01-20] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [154112 2008-01-20] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [122368 2008-01-20] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11008 2008-01-20] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7040 2006-11-02] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6656 2006-11-02] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [312376 2008-01-20] (Microsoft Corporation)
3 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [34872 2008-01-20] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [7936 2008-01-20] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [61496 2008-01-20] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [409600 2008-01-20] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [187392 2008-05-19] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [739384 2008-01-20] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2008-01-20] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [22016 2008-01-20] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [169472 2008-01-20] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [59904 2008-01-20] (Microsoft Corporation)
2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2008-01-20] (Microsoft Corporation)
1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [250368 2008-01-20] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [11264 2009-06-15] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [348160 2008-01-20] (Microsoft Corporation)
2 netprofm; C:\Windows\System32\netprofm.dll [304128 2008-01-20] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [119808 2008-06-19] (Microsoft Corporation)
3 NETw4v64; C:\Windows\System32\DRIVERS\NETw4v64.sys [3197440 2007-10-31] (Intel Corporation)
4 nfrd960; C:\Windows\System32\drivers\nfrd960.sys [51816 2006-11-02] (IBM Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [206336 2008-01-20] (Microsoft Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [43520 2008-01-20] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [24576 2008-01-20] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24064 2008-01-20] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1540152 2008-01-20] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2006-11-02] (Microsoft Corporation)
3 nvlddmkm; C:\Windows\System32\DRIVERS\nvlddmkm.sys [12432616 2010-10-16] (NVIDIA Corporation)
4 nvraid; C:\Windows\System32\drivers\nvraid.sys [128056 2008-01-20] (NVIDIA Corporation)
4 nvstor; C:\Windows\System32\drivers\nvstor.sys [54328 2008-01-20] (NVIDIA Corporation)
2 NVSvc; C:\Windows\System32\nvvsvc.exe [989800 2010-10-16] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\drivers\nv_agp.sys [126520 2008-01-20] (Microsoft Corporation)
3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [441712 2008-11-03] (Microsoft Corporation)
3 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [72192 2008-01-20] (Microsoft Corporation)
3 OpenVPNService; "C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe" [36352 2010-11-08] ()
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [145184 2006-10-26] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\p2psvc.dll [837632 2008-01-20] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [837632 2008-01-20] (Microsoft Corporation)
3 Parport; C:\Windows\System32\drivers\parport.sys [96768 2006-11-02] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [74808 2008-01-20] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [79360 2008-01-20] (Microsoft Corporation)
0 pci; C:\Windows\System32\drivers\pci.sys [179768 2008-01-20] (Microsoft Corporation)
4 pciide; C:\Windows\System32\drivers\pciide.sys [13416 2008-01-20] (Microsoft Corporation)
4 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [217144 2008-01-20] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [712704 2006-10-23] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [19968 2008-01-20] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1373184 2008-01-20] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [311808 2008-01-20] (Microsoft Corporation)
2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard)
3 PNRPAutoReg; C:\Windows\System32\p2psvc.dll [837632 2008-01-20] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\p2psvc.dll [837632 2008-01-20] (Microsoft Corporation)
2 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [531456 2008-06-19] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [98816 2008-01-20] (Microsoft Corporation)
4 Processor; C:\Windows\System32\drivers\processr.sys [47104 2008-01-20] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [178688 2008-01-20] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [11264 2009-06-15] (Microsoft Corporation)
1 PSched; C:\Windows\System32\DRIVERS\pacer.sys [94208 2008-04-04] (Microsoft Corporation)
4 ql2300; C:\Windows\System32\drivers\ql2300.sys [1221176 2008-01-20] (QLogic Corporation)
4 ql40xx; C:\Windows\System32\drivers\ql40xx.sys [124008 2006-11-02] (QLogic Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [284160 2008-01-20] (Microsoft Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [46592 2008-01-20] (Microsoft Corporation)
3 R300; C:\Windows\System32\DRIVERS\atikmdag.sys [2488320 2006-11-01] (ATI Technologies Inc.)
1 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2008-01-20] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [98304 2008-01-20] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [124928 2008-01-20] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [308224 2008-01-20] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [50176 2008-01-20] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [78336 2008-01-20] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [288256 2008-01-20] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7168 2008-01-20] (Microsoft Corporation)
4 rdpdr; C:\Windows\System32\drivers\rdpdr.sys [314368 2008-01-20] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7168 2008-01-20] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210432 2008-01-20] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [88064 2008-01-20] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [206336 2008-01-20] (Microsoft Corporation)
3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [62976 2008-01-20] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [8704 2006-11-02] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [718336 2009-03-02] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [75776 2008-01-20] (Microsoft Corporation)
3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh64.sys [136704 2007-10-03] (Realtek Corporation )
3 RTSTOR; C:\Windows\System32\drivers\RTSTOR64.SYS [52224 2007-06-15] (Realtek Semiconductor Corp.)
2 SamSs; C:\Windows\System32\lsass.exe [11264 2009-06-15] (Microsoft Corporation)
2 SBAMSvc; "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBAMSvc.exe" [2730120 2010-06-17] (Sunbelt Software)
2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [64088 2010-01-04] (Sunbelt Software)
4 sbp2port; C:\Windows\System32\drivers\sbp2port.sys [90216 2006-11-02] (Microsoft Corporation)
2 SBPIMSvc; "C:\Program Files (x86)\Sunbelt Software\VIPRE\SBPIMSvc.exe" [181584 2010-06-17] (Sunbelt Software)
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [45656 2010-01-20] (Sunbelt Software)
1 SbTis; C:\Windows\System32\drivers\sbtis.sys [84056 2010-05-26] (Sunbelt Software, Inc.)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [147968 2008-01-20] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [854528 2010-11-05] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [49152 2008-01-20] (Microsoft Corporation)
4 sdbus; C:\Windows\System32\DRIVERS\sdbus.sys [111104 2008-01-20] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [128000 2008-01-20] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2006-09-29] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
2 seclogon; C:\Windows\system32\seclogon.dll [28672 2008-01-20] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [61952 2008-01-20] (Microsoft Corporation)
3 Serenum; C:\Windows\System32\drivers\serenum.sys [23040 2006-11-02] (Microsoft Corporation)
3 Serial; C:\Windows\System32\drivers\serial.sys [94208 2006-11-02] (Microsoft Corporation)
4 sermouse; C:\Windows\System32\drivers\sermouse.sys [26624 2008-01-20] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [74752 2008-01-20] (Microsoft Corporation)
4 sffdisk; C:\Windows\System32\drivers\sffdisk.sys [14848 2008-01-20] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\drivers\sffp_mmc.sys [14336 2008-01-20] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\drivers\sffp_sd.sys [13824 2008-01-20] (Microsoft Corporation)
4 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [16384 2006-11-02] (Microsoft Corporation)
2 SharedAccess; C:\Windows\System32\ipnathlp.dll [342016 2008-01-20] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [301568 2009-07-10] (Microsoft Corporation)
0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [330544 2007-05-31] (Silicon Image, Inc)
0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22832 2007-04-03] (Silicon Image, Inc.)
0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [17200 2007-04-03] (Silicon Image, Inc.)
4 SiSRaid2; C:\Windows\System32\drivers\sisraid2.sys [45624 2008-01-20] (Microsoft Corporation)
4 SiSRaid4; C:\Windows\System32\drivers\sisraid4.sys [78392 2008-01-20] (Silicon Integrated Systems)
2 slsvc; C:\Windows\System32\SLsvc.exe [2161664 2008-01-20] (Microsoft Corporation)
3 SLUINotify; C:\Windows\System32\SLUINotify.dll [71168 2008-01-20] (Microsoft Corporation)
1 Smb; C:\Windows\System32\DRIVERS\smb.sys [88064 2008-01-20] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2006-11-02] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [21048 2008-01-20] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [267776 2010-08-17] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [461824 2010-09-06] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [175104 2010-09-06] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [144896 2010-09-06] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [185856 2008-01-20] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [141312 2008-01-20] (Microsoft Corporation)
2 STacSV; C:\Windows\system32\STacSV64.exe [242688 2007-11-09] (IDT, Inc.)
3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [423936 2007-11-09] (IDT, Inc.)
3 StillCam; C:\Windows\System32\DRIVERS\serscan.sys [12288 2008-01-20] (Microsoft Corporation)
2 stisvc; C:\Windows\System32\wiaservc.dll [571392 2008-01-20] (Microsoft Corporation)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [13032 2008-01-20] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [480768 2008-01-20] (Microsoft Corporation)
4 Symc8xx; C:\Windows\System32\drivers\symc8xx.sys [49256 2006-11-02] (LSI Logic)
4 Sym_hi; C:\Windows\System32\drivers\sym_hi.sys [44648 2006-11-02] (LSI Logic)
4 Sym_u3; C:\Windows\System32\drivers\sym_u3.sys [48232 2006-11-02] (LSI Logic)
3 SynTP; C:\Windows\System32\DRIVERS\SynTP.sys [320560 2008-01-17] (Synaptics, Inc.)
2 SysMain; C:\Windows\System32\sysmain.dll [840192 2008-01-20] (Microsoft Corporation)
2 TabletInputService; C:\Windows\System32\TabSvc.dll [84992 2006-11-02] (Microsoft Corporation)
3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [30720 2010-11-08] (The OpenVPN Project)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [318464 2008-01-20] (Microsoft Corporation)
2 TBS; C:\Windows\System32\tbssvc.dll [65536 2008-01-20] (Microsoft Corporation)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1420176 2010-06-16] (Microsoft Corporation)
3 Tcpip6; C:\Windows\System32\DRIVERS\tcpip.sys [1420176 2010-06-16] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [38400 2008-01-20] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [16384 2008-01-20] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [29696 2008-01-20] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [94208 2008-01-20] (Microsoft Corporation)
2 TeamViewer6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2228008 2010-12-07] (TeamViewer GmbH)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [63544 2008-01-20] (Microsoft Corporation)
2 TermService; C:\Windows\System32\termsrv.dll [546816 2008-01-20] (Microsoft Corporation)
2 Themes; C:\Windows\System32\shsvcs.dll [301568 2009-07-10] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [37888 2008-01-20] (Microsoft Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [117248 2008-01-20] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [42496 2008-01-20] (Microsoft Corporation)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [29184 2008-01-20] (Microsoft Corporation)
3 tunmp; C:\Windows\System32\DRIVERS\tunmp.sys [18432 2008-01-20] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [29696 2010-02-18] (Microsoft Corporation)
3 uagp35; C:\Windows\System32\drivers\uagp35.sys [67128 2008-01-20] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [299520 2008-01-20] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2008-01-20] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\drivers\uliagpkx.sys [68152 2008-01-20] (Microsoft Corporation)
4 uliahci; C:\Windows\System32\drivers\uliahci.sys [284728 2008-01-20] (ULi Electronics Inc.)
4 UlSata; C:\Windows\System32\drivers\ulsata.sys [148072 2006-11-02] (Promise Technology, Inc.)
4 ulsata2; C:\Windows\System32\drivers\ulsata2.sys [174696 2008-01-20] (Promise Technology, Inc.)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [41984 2008-01-20] (Microsoft Corporation)
2 upnphost; C:\Windows\System32\upnphost.dll [344576 2008-01-20] (Microsoft Corporation)
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [44544 2009-03-05] (Apple, Inc.)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [95744 2008-01-20] (Microsoft Corporation)
4 usbcir; C:\Windows\System32\drivers\usbcir.sys [79360 2006-11-02] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [49152 2008-01-20] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [270336 2008-01-20] (Microsoft Corporation)
4 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [24064 2008-01-20] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [24064 2008-01-20] (Microsoft Corporation)
3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [41984 2008-01-20] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [66048 2008-01-20] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [29184 2008-01-20] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [168704 2008-01-20] (Microsoft Corporation)
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [20784 2007-05-23] (Chicony Electronics Co., Ltd.)
2 UxSms; C:\Windows\System32\uxsms.dll [32768 2008-01-20] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [453120 2008-01-20] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2008-01-20] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [28672 2008-01-20] (Microsoft Corporation)
4 viaide; C:\Windows\System32\drivers\viaide.sys [18024 2008-01-20] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\drivers\volmgr.sys [68664 2008-01-20] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [409656 2008-01-20] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\drivers\volsnap.sys [271416 2008-01-20] (Microsoft Corporation)
4 vsmraid; C:\Windows\System32\drivers\vsmraid.sys [149048 2008-01-20] (VIA Technologies Inc.,Ltd)
3 VSS; C:\Windows\System32\vssvc.exe [1432576 2008-01-20] (Microsoft Corporation)
2 W32Time; C:\Windows\System32\w32time.dll [372736 2008-01-20] (Microsoft Corporation)
4 WacomPen; C:\Windows\System32\drivers\wacompen.sys [26624 2006-11-02] (Microsoft Corporation)
3 Wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [86016 2008-01-20] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [86016 2008-01-20] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [580608 2008-01-20] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [39936 2006-11-02] (Microsoft Corporation)
4 Wd; C:\Windows\System32\drivers\wd.sys [24120 2008-01-20] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [881720 2008-01-20] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [81920 2008-01-20] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [81920 2008-01-20] (Microsoft Corporation)
2 WebClient; C:\Windows\System32\webclnt.dll [214016 2008-01-20] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [232960 2009-10-09] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [85504 2006-11-02] (Microsoft Corporation)
2 WerSvc; C:\Windows\System32\WerSvc.dll [120832 2008-09-17] (Microsoft Corporation)
2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
3 WinHttpAutoProxySvc; C:\Windows\System32\winhttp.dll [442368 2009-08-24] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [221696 2008-01-20] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [2050048 2009-10-09] (Microsoft Corporation)
2 Wlansvc; C:\Windows\System32\wlansvc.dll [615936 2009-07-11] (Microsoft Corporation)
3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [26248 2009-09-11] (Logitech Inc.)
3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [41096 2009-09-11] (Logitech Inc.)
3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2008-01-20] (Microsoft Corporation)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [209920 2008-01-20] (Microsoft Corporation)
3 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1216000 2008-01-20] (Microsoft Corporation)
3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15880 2009-09-11] (Logitech Inc.)
3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [76552 2009-09-11] (Logitech Inc.)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [173568 2008-01-20] (Microsoft Corporation)
2 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [92672 2008-01-20] (Microsoft Corporation)
3 WpdUsb; C:\Windows\System32\DRIVERS\wpdusb.sys [46080 2008-01-20] (Microsoft Corporation)
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [1020768 2010-03-18] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [20992 2008-01-20] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [74752 2008-01-20] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [598016 2008-05-26] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [2424024 2009-08-06] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [108544 2008-01-20] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [66560 2008-01-20] (Microsoft Corporation)
2 YahooAUService; "C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe" [602392 2008-11-09] (Yahoo! Inc.)
3 Afc; SysWOW64\drivers\Afc.sys [x]
1 archlp; SysWOW64\drivers\archlp.sys [x]
3 aspnet_state; [x]
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 getPlusHelper; [x]
3 IpInIp; [x]
1 mferkdk; \??\C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mferkdk.sys [x]
3 NwlnkFlt; [x]
3 NwlnkFwd; [x]
3 SymIM; [x]
3 SymIMMP; [x]
2 Viewpoint Manager Service; "C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe" [x]
========================= NetSvcs ============================
============ One Month Created Files and folders ============
2011-03-20 18:37 - 2011-03-20 18:37 - 0000000 ____D C:\FRST

2011-03-18 22:49 - 2011-03-19 09:45 - 0000000 ____D C:\Windows\Minidump
2011-03-18 22:49 - 2011-03-18 22:49 - 0286312 ____A C:\Windows\Minidump\Mini031911-01.dmp
2011-03-18 22:47 - 2011-03-19 09:45 - 535353066 ____A C:\Windows\MEMORY.DMP
2011-03-18 22:45 - 2011-03-18 22:45 - 0566272 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2011-03-18 13:05 - 2011-03-18 13:04 - 0051382 ____A C:\Users\Owner\Desktop\l59in.png
2011-03-18 12:49 - 2011-03-18 12:49 - 1178154 ____A C:\Users\Owner\Desktop\camo.bmp
2011-03-18 09:04 - 2011-03-18 09:04 - 0020364 ____A C:\Users\Owner\Desktop\explorer.exe.txt
2011-03-18 09:03 - 2011-03-14 08:52 - 3404136 ____A (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) C:\Users\Owner\Desktop\procexp.exe
2011-03-18 09:03 - 2010-03-24 07:09 - 0072268 ____A C:\Users\Owner\Desktop\procexp.chm
2011-03-18 09:03 - 2006-07-28 05:32 - 0007005 ____N C:\Users\Owner\Desktop\Eula.txt
2011-03-18 09:02 - 2011-03-18 09:02 - 1544204 ____A C:\Users\Owner\Desktop\ProcessExplorer.zip
2011-03-18 09:01 - 2011-03-18 09:01 - 0000990 ____A C:\Windows\System32\look.txt
2011-03-18 09:01 - 2011-03-18 09:01 - 0000119 ____A C:\Users\Owner\Desktop\look.bat
2011-03-18 08:52 - 2011-03-18 08:52 - 0000000 __SHD C:\$RECYCLE.BIN
2011-03-18 08:25 - 2011-03-18 08:25 - 0152754 ____A C:\Users\Owner\Desktop\none.jpg
2011-03-17 14:47 - 2011-03-17 14:47 - 1029000 ____A (Skype Technologies S.A.) C:\Users\Owner\Desktop\SkypeSetup.exe
2011-03-17 14:30 - 2011-03-17 14:30 - 0019905 ____A C:\ComboFix.txt
2011-03-17 14:16 - 2000-08-31 04:00 - 0212480 ____A (SteelWerX) C:\Windows\SWXCACLS.exe
2011-03-17 12:19 - 2011-03-17 12:14 - 0103860 ____A C:\Users\Owner\Desktop\logan3.jpg
2011-03-17 12:19 - 2011-03-17 12:13 - 0101400 ____A C:\Users\Owner\Desktop\logan2.jpg
2011-03-17 12:19 - 2011-03-17 12:12 - 0084151 ____A C:\Users\Owner\Desktop\logan.jpg
2011-03-17 08:15 - 2011-03-17 08:40 - 0000000 ____D C:\Windows\ERDNT
2011-03-17 08:15 - 2011-03-17 08:13 - 4289556 ___RA C:\Users\Owner\Desktop\ComboFix.exe
2011-03-17 08:15 - 2010-11-07 21:20 - 0089088 ____A C:\Windows\MBR.exe
2011-03-17 08:15 - 2010-04-26 11:58 - 0256512 ____A C:\Windows\PEV.exe
2011-03-17 08:15 - 2009-04-20 08:56 - 0031232 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-03-17 08:15 - 2000-08-31 04:00 - 0161792 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-03-17 08:15 - 2000-08-31 04:00 - 0136704 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-03-17 08:15 - 2000-08-31 04:00 - 0098816 ____A C:\Windows\sed.exe
2011-03-17 08:15 - 2000-08-31 04:00 - 0080412 ____A C:\Windows\grep.exe
2011-03-17 08:15 - 2000-08-31 04:00 - 0068096 ____A C:\Windows\zip.exe
2011-03-17 08:14 - 2011-03-17 14:30 - 0000000 ___AD C:\Qoobox
2011-03-16 23:11 - 2011-03-20 14:29 - 1373815 ___AH C:\Users\Owner\Local Settings\IconCache.db
2011-03-16 23:11 - 2011-03-20 14:29 - 1373815 ___AH C:\Users\Owner\Local Settings\Application Data\IconCache.db
2011-03-16 23:11 - 2011-03-20 14:29 - 1373815 ___AH C:\Users\Owner\AppData\Local\IconCache.db
2011-03-16 21:58 - 2011-03-16 21:58 - 0022227 ____A C:\Users\Owner\Desktop\DDS.txt
2011-03-16 21:58 - 2011-03-16 21:58 - 0008740 ____A C:\Users\Owner\Desktop\Attach.txt
2011-03-16 21:54 - 2011-03-16 21:54 - 0625664 ____A C:\Users\Owner\Desktop\dds.scr
2011-03-16 12:48 - 2011-03-16 12:48 - 0000966 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-03-16 12:48 - 2011-03-16 12:48 - 0000966 ____A C:\Users\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2011-03-16 12:48 - 2011-03-16 12:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malwaree
2011-03-15 22:58 - 2011-03-15 22:58 - 0000336 ___AH C:\Users\All Users\Application Data\47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000336 ___AH C:\Users\All Users\47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000336 ___AH C:\ProgramData\47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000144 ___AH C:\Users\All Users\Application Data\~47898376r
2011-03-15 22:58 - 2011-03-15 22:58 - 0000144 ___AH C:\Users\All Users\~47898376r
2011-03-15 22:58 - 2011-03-15 22:58 - 0000144 ___AH C:\ProgramData\~47898376r
2011-03-15 22:58 - 2011-03-15 22:58 - 0000112 ___AH C:\Users\All Users\Application Data\~47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000112 ___AH C:\Users\All Users\~47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000112 ___AH C:\ProgramData\~47898376
2011-03-15 22:48 - 2011-03-15 22:48 - 0000000 ____D C:\Windows\Sun
2011-03-14 23:29 - 2011-03-14 21:18 - 0000386 ___AH C:\Users\Owner\My Documents\ovpn152.ovpn
2011-03-14 23:29 - 2011-03-14 21:18 - 0000386 ___AH C:\Users\Owner\Documents\ovpn152.ovpn
2011-03-14 23:26 - 2011-03-14 23:26 - 0000971 ___AH C:\Users\Owner\Desktop\OpenVPN GUI.lnk
2011-03-14 23:24 - 2011-03-14 23:26 - 0000000 ___HD C:\Program Files (x86)\OpenVPN
2011-03-14 23:00 - 2011-03-14 23:00 - 0008100 ___AH C:\Users\Owner\My Documents\vpn-in52_ovpn152_d9df4dea.zip
2011-03-14 23:00 - 2011-03-14 23:00 - 0008100 ___AH C:\Users\Owner\Documents\vpn-in52_ovpn152_d9df4dea.zip
2011-03-09 13:18 - 2010-12-29 09:53 - 0560128 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-03-09 13:18 - 2010-12-29 09:53 - 0416768 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2011-03-09 13:18 - 2010-12-29 09:53 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\sbeio.dll
2011-03-09 13:18 - 2010-12-29 09:51 - 0226816 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2011-03-09 13:18 - 2010-12-29 09:41 - 0429056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2011-03-09 13:18 - 2010-12-29 09:41 - 0323072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2011-03-09 13:18 - 2010-12-29 09:41 - 0153088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbeio.dll
2011-03-09 13:18 - 2010-12-29 09:39 - 0177664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2011-03-09 13:18 - 2010-12-17 09:12 - 2424320 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2011-03-09 13:18 - 2010-12-17 08:43 - 2067456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2011-03-09 13:18 - 2010-12-17 07:35 - 0730624 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2011-03-09 13:18 - 2010-12-17 07:06 - 0677888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2011-03-04 07:00 - 2011-03-04 07:00 - 0377352 ___AH C:\Users\Owner\Local Settings\dd_vcredistMSI174F.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0377352 ___AH C:\Users\Owner\Local Settings\Application Data\dd_vcredistMSI174F.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0377352 ___AH C:\Users\Owner\AppData\Local\dd_vcredistMSI174F.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0369890 ___AH C:\Users\Owner\Local Settings\dd_vcredistMSI170B.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0369890 ___AH C:\Users\Owner\Local Settings\Application Data\dd_vcredistMSI170B.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0369890 ___AH C:\Users\Owner\AppData\Local\dd_vcredistMSI170B.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0011204 ___AH C:\Users\Owner\Local Settings\dd_vcredistUI174F.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0011204 ___AH C:\Users\Owner\Local Settings\Application Data\dd_vcredistUI174F.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0011204 ___AH C:\Users\Owner\AppData\Local\dd_vcredistUI174F.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0011156 ___AH C:\Users\Owner\Local Settings\dd_vcredistUI170B.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0011156 ___AH C:\Users\Owner\Local Settings\Application Data\dd_vcredistUI170B.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0011156 ___AH C:\Users\Owner\AppData\Local\dd_vcredistUI170B.txt
2011-03-04 07:00 - 2011-03-04 07:00 - 0000000 ____A C:\Windows\wsftperr.log
2011-03-03 20:29 - 2011-03-14 22:56 - 0000000 ___HD C:\Users\Owner\Documents\imgmon.com
2011-03-03 14:20 - 2011-03-03 14:21 - 0000000 ___HD C:\Users\Owner\My Documents\images
2011-03-03 14:20 - 2011-03-03 14:21 - 0000000 ___HD C:\Users\Owner\Documents\images
2011-03-02 13:52 - 2011-03-02 13:52 - 0013078 ___AH C:\Users\Owner\My Documents\Content.docx
2011-03-02 13:52 - 2011-03-02 13:52 - 0013078 ___AH C:\Users\Owner\Documents\Content.docx
2011-03-02 13:41 - 2011-03-02 13:41 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-03-01 10:06 - 2011-03-01 10:06 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2011-03-01 10:06 - 2011-03-01 10:06 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2011-03-01 10:04 - 2009-10-09 13:56 - 1181696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2011-03-01 10:04 - 2009-10-09 13:56 - 0246272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2011-03-01 10:04 - 2009-10-09 13:56 - 0241152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrscmd.dll
2011-03-01 10:04 - 2009-10-09 13:56 - 0214016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2011-03-01 10:04 - 2009-10-09 13:56 - 0145408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2011-03-01 10:04 - 2009-10-09 13:56 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2011-03-01 10:04 - 2009-10-09 13:56 - 0040448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrs.exe
2011-03-01 10:04 - 2009-10-09 13:56 - 0020480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrshost.exe
2011-03-01 10:04 - 2009-10-09 13:56 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2011-03-01 10:04 - 2009-10-09 13:56 - 0010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2011-03-01 10:04 - 2009-10-09 13:56 - 0010240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrssrv.dll
2011-03-01 10:04 - 2009-10-09 13:56 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\winrsmgr.dll
2011-03-01 10:04 - 2009-10-09 13:55 - 0252416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2011-03-01 10:04 - 2009-10-09 13:55 - 0081408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wevtfwd.dll
2011-03-01 10:04 - 2009-10-09 13:55 - 0079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe
2011-03-01 10:04 - 2009-10-09 13:55 - 0056320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2011-03-01 10:04 - 2009-10-09 13:55 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WsmRes.dll
2011-03-01 10:04 - 2009-10-09 13:36 - 2050048 ____A (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2011-03-01 10:04 - 2009-10-09 13:36 - 0053760 ____A (Microsoft Corporation) C:\Windows\System32\pwrshplugin.dll
2011-03-01 10:04 - 2009-10-09 13:35 - 0310272 ____A (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2011-03-01 10:04 - 2009-10-09 13:35 - 0051200 ____A (Microsoft Corporation) C:\Windows\System32\winrs.exe
2011-03-01 10:04 - 2009-10-09 13:35 - 0024064 ____A (Microsoft Corporation) C:\Windows\System32\winrshost.exe
2011-03-01 10:04 - 2009-10-09 13:35 - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\wsmprovhost.exe
2011-03-01 10:04 - 2009-10-09 13:35 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\wsmplpxy.dll
2011-03-01 10:04 - 2009-10-09 13:35 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\winrsmgr.dll
2011-03-01 10:04 - 2009-10-09 13:34 - 0370688 ____A (Microsoft Corporation) C:\Windows\System32\winrscmd.dll
2011-03-01 10:04 - 2009-10-09 13:34 - 0352768 ____A (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2011-03-01 10:04 - 2009-10-09 13:34 - 0348672 ____A (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2011-03-01 10:04 - 2009-10-09 13:34 - 0232960 ____A (Microsoft Corporation) C:\Windows\System32\wecsvc.dll
2011-03-01 10:04 - 2009-10-09 13:34 - 0180736 ____A (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2011-03-01 10:04 - 2009-10-09 13:34 - 0113152 ____A (Microsoft Corporation) C:\Windows\System32\wevtfwd.dll
2011-03-01 10:04 - 2009-10-09 13:34 - 0113152 ____A (Microsoft Corporation) C:\Windows\System32\wecutil.exe
2011-03-01 10:04 - 2009-10-09 13:34 - 0084992 ____A (Microsoft Corporation) C:\Windows\System32\wecapi.dll
2011-03-01 10:04 - 2009-10-09 13:34 - 0054272 ____A (Microsoft Corporation) C:\Windows\System32\WsmRes.dll
2011-03-01 10:04 - 2009-10-09 13:34 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\winrssrv.dll
2011-03-01 10:04 - 2009-07-31 22:27 - 0201184 ____A C:\Windows\SysWOW64\winrm.vbs
2011-03-01 10:04 - 2009-07-31 22:27 - 0201184 ____A C:\Windows\System32\winrm.vbs
2011-03-01 10:04 - 2009-07-16 09:30 - 0004675 ____A C:\Windows\SysWOW64\wsmanconfig_schema.xml
2011-03-01 10:04 - 2009-07-16 09:30 - 0004675 ____A C:\Windows\System32\wsmanconfig_schema.xml
2011-03-01 10:04 - 2009-07-16 09:30 - 0002426 ____A C:\Windows\SysWOW64\WsmTxt.xsl
2011-03-01 10:04 - 2009-07-16 09:30 - 0002426 ____A C:\Windows\System32\WsmTxt.xsl
2011-02-20 15:12 - 2011-02-10 20:52 - 0108391 ___AH C:\Users\Owner\My Documents\coldboot.raf
2011-02-20 15:12 - 2011-02-10 20:52 - 0108391 ___AH C:\Users\Owner\Documents\coldboot.raf
2011-02-20 15:08 - 2011-02-20 11:23 - 2336720 ___AH C:\Users\Owner\My Documents\Cold Boot Creator Source.zip
2011-02-20 15:08 - 2011-02-20 11:23 - 2336720 ___AH C:\Users\Owner\Documents\Cold Boot Creator Source.zip
2011-02-20 15:08 - 2011-02-20 11:23 - 0873335 ___AH C:\Users\Owner\My Documents\Windows Logo Example.rar
2011-02-20 15:08 - 2011-02-20 11:23 - 0873335 ___AH C:\Users\Owner\Documents\Windows Logo Example.rar
2011-02-20 15:08 - 2011-02-20 11:23 - 0855247 ___AH C:\Users\Owner\My Documents\Boot Logo Creator.zip
2011-02-20 15:08 - 2011-02-20 11:23 - 0855247 ___AH C:\Users\Owner\Documents\Boot Logo Creator.zip
2011-02-20 15:07 - 2011-02-20 15:07 - 4125140 ___AH C:\Users\Owner\My Documents\ps3-boot-logo-creator.zip
2011-02-20 15:07 - 2011-02-20 15:07 - 4125140 ___AH C:\Users\Owner\Documents\ps3-boot-logo-creator.zip
============ 3 Months Modified Files and folders =============
2011-03-20 18:37 - 2011-03-20 18:37 - 0000000 ____D C:\FRST
2011-03-20 14:29 - 2011-03-20 14:29 - 0000342 ____A C:\Users\Owner\Desktop\bullish.txt
2011-03-20 14:29 - 2011-03-16 23:11 - 1373815 ___AH C:\Users\Owner\Local Settings\IconCache.db
2011-03-20 14:29 - 2011-03-16 23:11 - 1373815 ___AH C:\Users\Owner\Local Settings\Application Data\IconCache.db
2011-03-20 14:29 - 2011-03-16 23:11 - 1373815 ___AH C:\Users\Owner\AppData\Local\IconCache.db
2011-03-20 14:29 - 2008-03-21 18:36 - 1120587 ____A C:\Windows\WindowsUpdate.log
2011-03-20 14:29 - 2008-03-21 18:36 - 0000012 ____A C:\Windows\bthservsdp.dat
2011-03-20 14:29 - 2006-11-02 07:42 - 0032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-03-20 14:29 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-03-20 14:29 - 2006-11-02 07:22 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2011-03-20 14:29 - 2006-11-02 07:22 - 0003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2011-03-20 14:28 - 2006-11-02 04:46 - 0720866 ____A C:\Windows\System32\PerfStringBackup.INI
2011-03-20 14:28 - 2006-11-02 04:46 - 0616174 ____A C:\Windows\System32\perfh009.dat
2011-03-20 14:28 - 2006-11-02 04:46 - 0109040 ____A C:\Windows\System32\perfc009.dat
2011-03-20 14:27 - 2009-11-06 12:43 - 0022854 ____A C:\Windows\setupact.log
2011-03-20 11:16 - 2010-04-15 19:59 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2011-03-20 10:20 - 2011-03-20 10:20 - 0101013 ____A C:\Users\Owner\Desktop\Analytics_www.kh-vids.net_20110217-20110319_(DashboardReport).pdf
2011-03-20 09:58 - 2010-10-04 22:48 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987286777-748312672-3327065692-1000UA.job
2011-03-19 22:58 - 2010-10-04 22:48 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-987286777-748312672-3327065692-1000Core.job
2011-03-19 09:48 - 2009-11-03 05:59 - 0000000 ___HD C:\Users\Owner\Tracing
2011-03-19 09:46 - 2010-04-15 19:59 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2011-03-19 09:45 - 2011-03-19 09:45 - 0286312 ____A C:\Windows\Minidump\Mini031911-02.dmp
2011-03-19 09:45 - 2011-03-18 22:49 - 0000000 ____D C:\Windows\Minidump
2011-03-19 09:45 - 2011-03-18 22:47 - 535353066 ____A C:\Windows\MEMORY.DMP
2011-03-18 22:49 - 2011-03-18 22:49 - 0286312 ____A C:\Windows\Minidump\Mini031911-01.dmp
2011-03-18 22:45 - 2011-03-18 22:45 - 0566272 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2011-03-18 09:04 - 2011-03-18 09:04 - 0020364 ____A C:\Users\Owner\Desktop\explorer.exe.txt
2011-03-18 09:02 - 2011-03-18 09:02 - 1544204 ____A C:\Users\Owner\Desktop\ProcessExplorer.zip
2011-03-18 09:01 - 2011-03-18 09:01 - 0000990 ____A C:\Windows\System32\look.txt
2011-03-18 09:01 - 2011-03-18 09:01 - 0000119 ____A C:\Users\Owner\Desktop\look.bat
2011-03-18 08:58 - 2010-10-04 22:49 - 0002053 ___AH C:\Users\Owner\Desktop\Google Chrome.lnk
2011-03-18 08:52 - 2011-03-18 08:52 - 0000000 __SHD C:\$RECYCLE.BIN
2011-03-18 08:51 - 2008-01-20 19:26 - 0199610 ____A C:\Windows\PFRO.log
2011-03-18 08:25 - 2011-03-18 08:25 - 0152754 ____A C:\Users\Owner\Desktop\none.jpg
2011-03-17 14:47 - 2011-03-17 14:47 - 1029000 ____A (Skype Technologies S.A.) C:\Users\Owner\Desktop\SkypeSetup.exe
2011-03-17 14:30 - 2011-03-17 14:30 - 0019905 ____A C:\ComboFix.txt
2011-03-17 14:30 - 2011-03-17 08:14 - 0000000 ___AD C:\Qoobox
2011-03-17 14:27 - 2006-11-02 04:34 - 0000215 ____A C:\Windows\system.ini
2011-03-17 08:41 - 2006-11-02 05:33 - 0000000 __RHD C:\users\Public
2011-03-17 08:41 - 2006-11-02 05:33 - 0000000 __RHD C:\users\Default
2011-03-17 08:40 - 2011-03-17 08:15 - 0000000 ____D C:\Windows\ERDNT
2011-03-17 08:13 - 2011-03-17 08:15 - 4289556 ___RA C:\Users\Owner\Desktop\ComboFix.exe
2011-03-16 23:17 - 2009-03-11 03:52 - 0001356 ____A C:\Users\Owner\Local Settings\d3d9caps.dat
2011-03-16 23:17 - 2009-03-11 03:52 - 0001356 ____A C:\Users\Owner\Local Settings\Application Data\d3d9caps.dat
2011-03-16 23:17 - 2009-03-11 03:52 - 0001356 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2011-03-16 21:58 - 2011-03-16 21:58 - 0022227 ____A C:\Users\Owner\Desktop\DDS.txt
2011-03-16 21:58 - 2011-03-16 21:58 - 0008740 ____A C:\Users\Owner\Desktop\Attach.txt
2011-03-16 21:54 - 2011-03-16 21:54 - 0625664 ____A C:\Users\Owner\Desktop\dds.scr
2011-03-16 21:34 - 2010-12-11 11:28 - 0912506 ____A C:\Windows\ntbtlog.txt
2011-03-16 12:48 - 2011-03-16 12:48 - 0000966 ____A C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2011-03-16 12:48 - 2011-03-16 12:48 - 0000966 ____A C:\Users\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
2011-03-16 12:48 - 2011-03-16 12:48 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malwaree
2011-03-16 12:48 - 2006-11-02 05:33 - 0000000 ___RD C:\Program Files (x86)
2011-03-16 12:47 - 2011-02-01 16:25 - 0000480 ____A C:\rkill.log
2011-03-16 12:46 - 2011-02-01 16:28 - 0000000 ___HD C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-03-15 22:58 - 2011-03-15 22:58 - 0000336 ___AH C:\Users\All Users\Application Data\47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000336 ___AH C:\Users\All Users\47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000336 ___AH C:\ProgramData\47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000144 ___AH C:\Users\All Users\Application Data\~47898376r
2011-03-15 22:58 - 2011-03-15 22:58 - 0000144 ___AH C:\Users\All Users\~47898376r
2011-03-15 22:58 - 2011-03-15 22:58 - 0000144 ___AH C:\ProgramData\~47898376r
2011-03-15 22:58 - 2011-03-15 22:58 - 0000112 ___AH C:\Users\All Users\Application Data\~47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000112 ___AH C:\Users\All Users\~47898376
2011-03-15 22:58 - 2011-03-15 22:58 - 0000112 ___AH C:\ProgramData\~47898376
2011-03-15 22:48 - 2011-03-15 22:48 - 0000000 ____D C:\Windows\Sun
2011-03-15 22:34 - 2010-09-20 09:12 - 0000000 ___HD C:\Users\Owner\Application Data\Skype
2011-03-15 22:34 - 2010-09-20 09:12 - 0000000 ___HD C:\Users\Owner\AppData\Roaming\Skype
2011-03-15 21:54 - 2009-07-26 04:33 - 0000492 ___AH C:\Users\Owner\Application Data\wklnhst.dat
2011-03-15 21:54 - 2009-07-26 04:33 - 0000492 ___AH C:\Users\Owner\AppData\Roaming\wklnhst.dat
2011-03-15 20:07 - 2010-09-20 09:13 - 0000000 ___HD C:\Users\Owner\Application Data\skypePM
2011-03-15 20:07 - 2010-09-20 09:13 - 0000000 ___HD C:\Users\Owner\AppData\Roaming\skypePM
2011-03-15 09:09 - 2006-11-02 04:35 - 39946696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-03-15 04:07 - 2011-03-15 04:07 - 0000056 ___AH C:\Windows\SysWOW64\ezsidmv.dat
2011-03-14 23:30 - 2011-03-14 23:29 - 0000000 ___HD C:\Users\Owner\My Documents\vpn ****
2011-03-14 23:30 - 2011-03-14 23:29 - 0000000 ___HD C:\Users\Owner\Documents\vpn ****
2011-03-14 23:26 - 2011-03-14 23:26 - 0000971 ___AH C:\Users\Owner\Desktop\OpenVPN GUI.lnk
2011-03-14 23:26 - 2011-03-14 23:24 - 0000000 ___HD C:\Program Files (x86)\OpenVPN
2011-03-14 23:24 - 2008-06-06 14:00 - 0000000 ___HD C:\users\Owner
2011-03-14 23:20 - 2010-09-05 10:47 - 0000000 ___HD C:\Users\Owner\Application Data\LimeWire
2011-03-14 23:20 - 2010-09-05 10:47 - 0000000 ___HD C:\Users\Owner\AppData\Roaming\LimeWire
2011-03-14 23:00 - 2011-03-14 23:00 - 0008100 ___AH C:\Users\Owner\My Documents\vpn-in52_ovpn152_d9df4dea.zip
2011-03-14 23:00 - 2011-03-14 23:00 - 0008100 ___AH C:\Users\Owner\Documents\vpn-in52_ovpn152_d9df4dea.zip
2011-03-14 23:00 - 2010-08-14 10:18 - 0000000 ___HD C:\Users\Owner\Application Data\CoreFTP
2011-03-14 23:00 - 2010-08-14 10:18 - 0000000 ___HD C:\Users\Owner\AppData\Roaming\CoreFTP
2011-03-14 08:52 - 2011-03-18 09:03 - 3404136 ____A (Sysinternals - Windows Sysinternals: Documentation, downloads and additional resources) C:\Users\Owner\Desktop\procexp.exe
2011-03-10 13:45 - 2011-03-10 13:45 - 0073022 ___AH C:\Users\Owner\My Documents\Screen shot 2011-03-10 at 3.20.10 PM.png
2011-03-10 13:45 - 2011-03-10 13:45 - 0073022 ___AH C:\Users\Owner\Documents\Screen shot 2011-03-10 at 3.20.10 PM.png
2011-03-04 07:14 - 2010-07-12 15:45 - 0001805 ___AH C:\Users\Public\Desktop\Ipswitch WS_FTP 12.lnk
2011-03-04 07:14 - 2010-07-12 15:45 - 0001805 ___AH C:\Users\All Users\Desktop\Ipswitch WS_FTP 12.lnk
2011-03-04 07:14 - 2010-07-12 15:45 - 0000000 ___HD C:\Users\Owner\Application Data\Ipswitch
2011-03-04 07:14 - 2010-07-12 15:45 - 0000000 ___HD C:\Users\Owner\AppData\Roaming\Ipswitch
2011-03-04 07:00 - 2011-03-04 07:00 - 0000000 ____A C:\Windows\wsftperr.log
2011-03-04 07:00 - 2010-06-09 17:38 - 0000000 ____D C:\Config.Msi
2011-03-04 07:00 - 2006-11-02 05:33 - 0000000 ___HD C:\Program Files\Common Files\Microsoft Shared
2011-03-03 14:21 - 2011-03-03 14:20 - 0000000 ___HD C:\Users\Owner\My Documents\images
2011-03-03 14:21 - 2011-03-03 14:20 - 0000000 ___HD C:\Users\Owner\Documents\images
2011-03-02 18:09 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache
2011-03-02 13:52 - 2011-03-02 13:52 - 0013078 ___AH C:\Users\Owner\My Documents\Content.docx
2011-03-02 13:52 - 2011-03-02 13:52 - 0013078 ___AH C:\Users\Owner\Documents\Content.docx
2011-03-02 13:41 - 2011-03-02 13:41 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2011-03-02 13:38 - 2011-03-02 13:38 - 0020406 ___AH C:\Users\Owner\My Documents\Marketing.docx
2011-03-02 13:38 - 2011-03-02 13:38 - 0020406 ___AH C:\Users\Owner\Documents\Marketing.docx
2011-03-01 10:11 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\Microsoft.NET
2011-03-01 10:06 - 2011-03-01 10:06 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2011-03-01 10:06 - 2011-03-01 10:06 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2011-03-01 10:06 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\PolicyDefinitions
2011-02-28 18:35 - 2010-04-15 18:24 - 0000000 ___HD C:\Users\Owner\Local Settings\Google
2011-02-28 18:35 - 2010-04-15 18:24 - 0000000 ___HD C:\Users\Owner\Local Settings\Application Data\Google
2011-02-28 18:35 - 2010-04-15 18:24 - 0000000 ___HD C:\Users\Owner\AppData\Local\Google
2011-02-24 18:25 - 2011-02-17 13:19 - 0000000 ___HD C:\Users\Owner\My Documents\My Received Files
2011-02-24 18:25 - 2011-02-17 13:19 - 0000000 ___HD C:\Users\Owner\Documents\My Received Files

**edited to remove personal .docx, .jpg, and .pdf files for privacy**

WindowsDiagnostic please help remove

ljastangs21

ljastangs21

Ried

ljastangs21

Attachments

Ried

ljastangs21

Ried

ljastangs21

Attachments

Ried

ljastangs21

Ried

ljastangs21

Ried

ljastangs21

Ried

ljastangs21

Ried

ljastangs21

Ried

ljastangs21

Top Contributors this Month