1.

Solve : Results of Hijack This scan?

Answer»

Quote

You sort of ended your last message with an instructional sentence without the instruction. I'll wait until I read your next message.
Sorry about that. I meant try to run the SREng program after running RKill.Tried to run all seven of them. Each one came up with the pop-up window Open With which showed about 20 programs starting with Adobe Acrobat. Frank C. Please try booting in Safe mode and run the SReng program.OK, there was one error, I think it was the .VBS item when I ran SREngLdr.EXE in Saft Mode. A pop up came up referring to Microsoft Security Essentials and asked me if I wanted to delete the program and for some odd reason I indicated Yes this time whereas before I indicated No. Now I have not been able to download, well MS Sec.Essen. did finally download to my desktop but now as with the other programs previously the Open With pop up screen appears, so MS Sec. Essen. will not run. I have the Windows Firewall turned on but cannot get MS Sec. Essen. to install again. I tried everything-turning the computer off/on, trying to download from another User, etc.

I was then able to download and run ComboFix before I had the above trouble with MS Sec. Essen. but was not able to transfer the CFScript.txt to it before ComboFix ran. I tried to "Save As" ComboFix to the desktop so as to transfer, copy, paste Cfscript.txt into it before running ComboFix but ComboFix took off on its own and ran and went through the whole scan automatically. Here is the text from the ComboFix Scan.
ComboFix 11-06-27.04 - Frank C 06/28/2011 12:44:47.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.2561 [GMT -4:00]
Running from: c:\users\Frank C\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 )))))))))))))))))))))))))))))))
.
.
2011-06-28 16:47 . 2011-06-28 16:47--------d-----w-c:\users\FLC\AppData\Local\temp
2011-06-28 16:47 . 2011-06-28 16:47--------d-----w-c:\users\Default\AppData\Local\temp
2011-06-28 14:59 . 2011-06-07 17:108873296----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58C50265-BA81-4990-974A-F92B1C415853}\mpengine.dll
2011-06-26 15:23 . 2011-06-26 15:2315672----a-w-c:\windows\system32\drivers\SWDUMon.sys
2011-06-26 15:23 . 2011-06-26 15:32--------d-----w-c:\program files (x86)\DriverUpdate
2011-06-19 09:40 . 2011-06-27 15:51--------d-----w-c:\program files (x86)\Google
2011-06-19 05:05 . 2011-06-19 05:05272480----a-w-c:\windows\system32\drivers\snapman.sys
2011-06-19 05:05 . 2011-06-19 05:05--------d-----w-c:\program files (x86)\Common Files\Acronis
2011-06-19 05:05 . 2011-06-19 05:05--------d-----w-c:\program files (x86)\Acronis
2011-06-19 00:49 . 2010-05-26 14:396144------w-c:\windows\system32\906D.tmp
2011-06-19 00:48 . 2010-05-26 14:396144------w-c:\windows\system32\41FF.tmp
2011-06-18 18:34 . 2010-05-26 14:396144------w-c:\windows\system32\EFA6.tmp
2011-06-18 18:33 . 2010-05-26 14:396144------w-c:\windows\system32\C55B.tmp
2011-06-18 18:32 . 2011-06-27 15:25--------d-----w-c:\program files (x86)\Sophos
2011-06-17 16:21 . 2011-06-27 15:53--------d-----w-c:\users\Frank
2011-06-17 15:09 . 2011-06-07 17:108873296----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-17 14:58 . 2011-06-17 14:59--------d-----w-c:\users\Frank 2
2011-06-16 14:26 . 2011-06-16 14:26601424------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E268F7F9-7E96-44EE-BD43-DE481060C3A0}\gapaengine.dll
2011-06-16 14:25 . 2011-06-16 14:25--------d-----w-c:\program files (x86)\Microsoft Security Client
2011-06-16 14:25 . 2011-06-16 14:25--------d-----w-c:\program files\Microsoft Security Client
2011-06-15 20:45 . 2011-06-15 20:46--------d-----w-c:\program files (x86)\Kensington TrackballWorks
2011-06-15 20:45 . 2010-07-01 20:11370912----a-w-c:\windows\UnKWorks.exe
2011-06-15 16:08 . 2011-06-15 16:08--------d-----w-c:\program files (x86)\Common Files\Java
2011-06-15 00:19 . 2011-04-25 05:331923968----a-w-c:\windows\system32\drivers\tcpip.sys
2011-06-14 04:09 . 2011-06-27 15:53--------d--h--w-c:\users\AppData
2011-06-13 20:52 . 2011-06-13 20:52--------d-----w-c:\program files (x86)\EASEUS
2011-06-13 18:32 . 2011-06-13 18:32404640----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-13 18:13 . 2011-06-13 18:13--------d-----w-c:\users\Default\AppData\Roaming\FixCleaner
2011-06-07 16:35 . 2011-06-07 16:35103864----a-w-c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-07-15 03:2725912----a-w-c:\windows\system32\drivers\mbam.sys
2011-05-29 01:24 . 2011-05-29 01:243703648----a-w-c:\windows\system32\AutoPartNt.exe
2011-05-29 00:52 . 2011-05-29 00:52961120----a-w-c:\windows\system32\drivers\timntr.sys
2011-05-26 18:48 . 2011-05-26 18:4881952----a-w-c:\windows\system32\drivers\tifsfilt.sys
2011-05-26 18:48 . 2011-05-26 18:48593952----a-w-c:\windows\system32\drivers\tdrpman.sys
2011-05-04 08:52 . 2010-07-12 21:26472808----a-w-c:\windows\SysWow64\deployJava1.dll
2011-04-22 22:15 . 2011-05-25 11:2727520----a-w-c:\windows\system32\drivers\Diskdump.sys
2011-04-18 13:15 . 2011-05-16 17:348802128----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1113CF7-7692-469D-B71A-26F7C834885B}\mpengine.dll
2011-04-13 14:28 . 2010-06-17 17:294283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 14:28 . 2010-06-17 17:2842776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-09 07:02 . 2011-05-11 10:595562240----a-w-c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 17:19142336----a-w-c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 10:593967872----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 10:593912576----a-w-c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 17:19123904----a-w-c:\windows\SysWow64\poqexec.exe
2011-04-07 20:35 . 2011-04-07 20:35737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-07 20:35 . 2011-04-07 20:354277016----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-07 20:34 . 2011-04-07 20:3442776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 20:34 . 2010-06-17 17:28539968----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 16:50 . 2011-04-06 16:5074752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:50161792----a-w-c:\windows\SysWow64\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:501126912----a-w-c:\windows\SysWow64\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:5086528----a-w-c:\windows\SysWow64\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:5076800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:5074752----a-w-c:\windows\SysWow64\iesetup.dll
2011-04-06 16:50 . 2011-04-06 16:5063488----a-w-c:\windows\SysWow64\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:5048640----a-w-c:\windows\SysWow64\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:50420864----a-w-c:\windows\SysWow64\vbscript.dll
2011-04-06 16:50 . 2011-04-06 16:50367104----a-w-c:\windows\SysWow64\html.iec
2011-04-06 16:50 . 2011-04-06 16:5023552----a-w-c:\windows\SysWow64\licmgr10.dll
2011-04-06 16:50 . 2011-04-06 16:50152064----a-w-c:\windows\SysWow64\wextract.exe
2011-04-06 16:50 . 2011-04-06 16:50150528----a-w-c:\windows\SysWow64\iexpress.exe
2011-04-06 16:50 . 2011-04-06 16:50142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:501427456----a-w-c:\windows\SysWow64\inetcpl.cpl
2011-04-06 16:50 . 2011-04-06 16:50110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:5091648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:5089088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:5049664----a-w-c:\windows\system32\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:5048640----a-w-c:\windows\system32\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:5035840----a-w-c:\windows\SysWow64\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:50222208----a-w-c:\windows\system32\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:50173056----a-w-c:\windows\system32\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:501389056----a-w-c:\windows\system32\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:50135168----a-w-c:\windows\system32\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:5012288----a-w-c:\windows\system32\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:5011776----a-w-c:\windows\SysWow64\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:50114176----a-w-c:\windows\system32\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:50111616----a-w-c:\windows\system32\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:50101888----a-w-c:\windows\SysWow64\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:5085504----a-w-c:\windows\system32\iesetup.dll
2011-04-06 16:50 . 2011-04-06 16:5076800----a-w-c:\windows\system32\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:50603648----a-w-c:\windows\system32\vbscript.dll
2011-04-06 16:50 . 2011-04-06 16:50448512----a-w-c:\windows\system32\html.iec
2011-04-06 16:50 . 2011-04-06 16:5030720----a-w-c:\windows\system32\licmgr10.dll
2011-04-06 16:50 . 2011-04-06 16:50165888----a-w-c:\windows\system32\iexpress.exe
2011-04-06 16:50 . 2011-04-06 16:50160256----a-w-c:\windows\system32\wextract.exe
2011-04-06 16:50 . 2011-04-06 16:501492992----a-w-c:\windows\system32\inetcpl.cpl
2010-08-12 10:11 . 2010-07-09 17:262325792----a-w-c:\program files\cpuz64.exe
.
.
((((((((((((((((((((((((((((( [emailprotected]_14.09.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-15 09:52 . 2011-06-28 16:2285448 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-06-28 16:2240014 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-15 08:27 . 2011-06-28 16:2215194 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3224318273-3311775750-3685103505-1000_UserData.bin
+ 2011-06-19 02:47 . 2011-06-18 22:4067584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2010-06-15 06:50 . 2011-06-15 19:2116384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-15 06:50 . 2011-06-28 14:4316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-15 06:50 . 2011-06-15 19:2132768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-15 06:50 . 2011-06-28 14:4332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-15 19:2116384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-28 14:4316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-21 03:07 . 2010-09-21 03:0770584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
+ 2010-06-27 11:00 . 2011-06-20 04:212842 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-05-04 13:07 . 2011-06-17 15:124376 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3224318273-3311775750-3685103505-1006_UserData.bin
- 2011-06-16 14:08 . 2011-06-16 14:082048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-06-28 16:49 . 2011-06-28 16:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-16 14:08 . 2011-06-16 14:082048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-06-28 16:49 . 2011-06-28 16:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-26 23:39 . 2011-06-28 14:41362386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-06-17 04:47 . 2011-06-28 00:55377904 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-06-18 23:00678144 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-06-15 07:33678144 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-06-15 07:33127164 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-06-18 23:00127164 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2011-06-28 15:09444696 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2011-06-20 22:42143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-15 20:46143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2011-06-20 22:42143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2011-06-15 20:46143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 04:46 . 2011-06-28 16:56104728 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-06-28 16:48436856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-14 06:11 . 2011-06-16 17:46667158 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1007-8192.dat
+ 2011-06-18 09:15 . 2011-06-18 09:15155648 c:\windows\Installer\{259BA1ED-FD51-4A05-B0E7-ED34BC5FBE20}\Icon.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
+ 2010-09-21 03:07 . 2010-09-21 03:07338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
+ 2009-07-14 04:45 . 2011-06-28 16:237383570 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-06-15 07:597383570 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-06-24 13:59 . 2011-06-26 22:052747619 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1009-8192.dat
+ 2011-05-05 09:10 . 2011-06-22 09:051256804 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1006-8192.dat
+ 2010-06-17 07:14 . 2011-06-26 00:292326756 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-8192.dat
- 2010-06-15 09:13 . 2011-06-14 03:371258705 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-12288.dat
+ 2010-06-15 09:13 . 2011-06-19 03:381258705 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-12288.dat
+ 2010-11-14 19:00 . 2010-11-14 19:002697216 c:\windows\Installer\757ba.msi
+ 2010-11-30 17:34 . 2010-11-30 17:341682432 c:\windows\Installer\757b2.msi
+ 2011-04-06 19:08 . 2011-06-28 16:4836155613 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-4096.dat
+ 2011-06-08 04:39 . 2011-06-08 04:3919798016 c:\windows\Installer\9d257.msp
+ 2011-06-20 22:41 . 2011-06-20 22:4117836544 c:\windows\Installer\916af3.msi
+ 2011-06-01 19:34 . 2011-06-01 19:3448979968 c:\windows\Installer\2821a.msi
+ 2011-06-19 04:59 . 2011-06-19 04:59128596992 c:\windows\Installer\98d73.msi
+ 2009-07-14 05:30 . 2011-06-20 22:421036795904 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-06-15 20:461036795904 c:\windows\system32\DriverStore\infpub.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"KTbWorks"="c:\program files (x86)\Kensington TrackballWorks\KTbWorksL.exe" [2010-07-01 426064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2010-6-20 118784]
Qshelf.lnk - c:\program files\Microsoft Reference\Bookshelf 98\qshelf98.exe [2010-6-27 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-07-29 52280]
R3 esihdrv;esihdrv;

R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-07-03 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-08-11 30528]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\906D.tmp

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2009-07-15 17392]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2009-10-23 88064]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 WTService;WTService;c:\windows\System32\atwtusb.exe

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys

S2 KTbWorksService;Kensington TrackballWorks Service;c:\program files (x86)\Kensington TrackballWorks\KTbWorksS.exe [2010-07-01 50256]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-28 c:\windows\Tasks\FixCleaner Startup.job
- c:\program files (x86)\FixCleaner\FixCleaner.exe [2011-06-01 18:33]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000Core.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000UA.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]
"MacroKeyManager"="WTMKM.exe" [2009-05-21 5594272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\906D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-06-28 13:49:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-28 17:49
ComboFix2.txt 2011-06-16 14:12
.
Pre-Run: 443,298,885,632 bytes free
Post-Run: 443,139,854,336 bytes free
.
- - End Of File - - 8A755074ED6B649F2B2EDF9FDCC359F1

Well, at least all that came off ok. I could try installing MS Sec. Essen. in Safte Mode. What if I tried downloading/installing/running SREngLdr.EXE from Safte Mode or from regular mode again. Maybe MS Sec.Essen. would start installing/running then.
I'll wait to hear from you. Frank C. Quote
Well, at least all that came off ok. I could try installing MS Sec. Essen. in Safte Mode.
According to the CF log, MSE is installed and updated. Just make sure that it's activated. If it isn't, you will get a warning that your security is at risk in the lower right hand corner of your desktop.
I have one more script for you to run. Just follow the instructions. There's no copy and paste. just drag the file into ComboFix.

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not INTERFERE with the running of ComboFix.
  • Open NOTEPAD and copy/paste the text in the quotebox below into it:
    Quote
    KillAll::

    File::
    c:\windows\system32\906D.tmp
    c:\windows\system32\41FF.tmp
    c:\windows\system32\EFA6.tmp
    c:\windows\system32\C55B.tmp
    Folder::

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
********************************************************
Please try to run the ESET scan as instructed in Reply # 20 and post the log.Here is ComboFix. I tried MS Sec.Essen. Still is not listed in Start Menu and cannot download it from Microsoft Site. I'll try running ESET as soon as this reply is done. Now for some reason my sound does not work although I can find nothing wrong.


ComboFix 11-06-30.03 - Frank C 06/30/2011 21:39:40.4.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4091.2657 [GMT -4:00]
Running from: c:\users\Frank C\Desktop\ComboFix.exe
Command switches used :: c:\users\Frank C\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\41FF.tmp"
"c:\windows\system32\906D.tmp"
"c:\windows\system32\C55B.tmp"
"c:\windows\system32\EFA6.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\41FF.tmp
c:\windows\system32\906D.tmp
c:\windows\system32\C55B.tmp
c:\windows\system32\EFA6.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MEMSWEEP2
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 01:42 . 2011-07-01 01:42--------d-----w-c:\users\FLC\AppData\Local\temp
2011-07-01 01:42 . 2011-07-01 01:42--------d-----w-c:\users\Default\AppData\Local\temp
2011-06-29 13:23 . 2011-06-29 13:31--------d-sh--w-c:\windows\SysWow64\AI_RecycleBin
2011-06-29 13:23 . 2011-06-29 13:33--------d-----w-c:\programdata\WeCareReminder
2011-06-29 13:22 . 2011-06-29 13:31--------d-----w-c:\programdata\Yahoo!
2011-06-29 13:22 . 2011-06-29 13:31--------d-----w-c:\program files (x86)\Yahoo!
2011-06-28 18:22 . 2011-06-20 12:578873296----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{2612D223-5B7B-43E7-8C6F-281E58F441E1}\mpengine.dll
2011-06-26 15:23 . 2011-06-26 15:2315672----a-w-c:\windows\system32\drivers\SWDUMon.sys
2011-06-26 15:23 . 2011-06-26 15:32--------d-----w-c:\program files (x86)\DriverUpdate
2011-06-19 09:40 . 2011-06-27 15:51--------d-----w-c:\program files (x86)\Google
2011-06-19 05:05 . 2011-06-19 05:05272480----a-w-c:\windows\system32\drivers\snapman.sys
2011-06-19 05:05 . 2011-06-19 05:05--------d-----w-c:\program files (x86)\Common Files\Acronis
2011-06-19 05:05 . 2011-06-19 05:05--------d-----w-c:\program files (x86)\Acronis
2011-06-18 18:32 . 2011-06-27 15:25--------d-----w-c:\program files (x86)\Sophos
2011-06-17 16:21 . 2011-06-27 15:53--------d-----w-c:\users\Frank
2011-06-17 14:58 . 2011-06-17 14:59--------d-----w-c:\users\Frank 2
2011-06-15 20:45 . 2011-06-15 20:46--------d-----w-c:\program files (x86)\Kensington TrackballWorks
2011-06-15 20:45 . 2010-07-01 20:11370912----a-w-c:\windows\UnKWorks.exe
2011-06-15 16:08 . 2011-06-15 16:08--------d-----w-c:\program files (x86)\Common Files\Java
2011-06-15 00:19 . 2011-04-25 05:331923968----a-w-c:\windows\system32\drivers\tcpip.sys
2011-06-14 04:09 . 2011-06-27 15:53--------d--h--w-c:\users\AppData
2011-06-13 20:52 . 2011-06-13 20:52--------d-----w-c:\program files (x86)\EASEUS
2011-06-13 18:32 . 2011-06-13 18:32404640----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-13 18:13 . 2011-06-13 18:13--------d-----w-c:\users\Default\AppData\Roaming\FixCleaner
2011-06-07 16:35 . 2011-06-07 16:35103864----a-w-c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 13:11 . 2010-07-15 03:2725912----a-w-c:\windows\system32\drivers\mbam.sys
2011-05-29 01:24 . 2011-05-29 01:243703648----a-w-c:\windows\system32\AutoPartNt.exe
2011-05-29 00:52 . 2011-05-29 00:52961120----a-w-c:\windows\system32\drivers\timntr.sys
2011-05-26 18:48 . 2011-05-26 18:4881952----a-w-c:\windows\system32\drivers\tifsfilt.sys
2011-05-26 18:48 . 2011-05-26 18:48593952----a-w-c:\windows\system32\drivers\tdrpman.sys
2011-05-24 23:14 . 2010-06-17 00:54270720------w-c:\windows\system32\MpSigStub.exe
2011-05-04 08:52 . 2010-07-12 21:26472808----a-w-c:\windows\SysWow64\deployJava1.dll
2011-04-22 22:15 . 2011-05-25 11:2727520----a-w-c:\windows\system32\drivers\Diskdump.sys
2011-04-20 06:44 . 2011-04-20 06:449319936----a-w-c:\windows\system32\drivers\atikmdag.sys
2011-04-20 06:30 . 2011-04-20 06:3022900736----a-w-c:\windows\system32\atio6axx.dll
2011-04-20 06:09 . 2011-04-20 06:09151552----a-w-c:\windows\system32\atiapfxx.exe
2011-04-20 06:09 . 2010-05-27 17:02676864----a-w-c:\windows\SysWow64\aticfx32.dll
2011-04-20 06:07 . 2010-05-27 17:02795648----a-w-c:\windows\system32\aticfx64.dll
2011-04-20 06:07 . 2011-04-20 06:0717693184----a-w-c:\windows\SysWow64\atioglxx.dll
2011-04-20 06:05 . 2011-04-20 06:05462848----a-w-c:\windows\system32\ATIDEMGX.dll
2011-04-20 06:04 . 2011-04-20 06:04480256----a-w-c:\windows\system32\atieclxx.exe
2011-04-20 06:04 . 2011-04-20 06:04203776----a-w-c:\windows\system32\atiesrxx.exe
2011-04-20 06:03 . 2011-04-20 06:03120320----a-w-c:\windows\system32\atitmm64.dll
2011-04-20 06:02 . 2011-04-20 06:02423424----a-w-c:\windows\system32\atipdl64.dll
2011-04-20 06:02 . 2011-04-20 06:02356352----a-w-c:\windows\SysWow64\atipdlxx.dll
2011-04-20 06:02 . 2011-04-20 06:02278528----a-w-c:\windows\SysWow64\Oemdspif.dll
2011-04-20 06:02 . 2011-04-20 06:0216384----a-w-c:\windows\system32\atimuixx.dll
2011-04-20 06:02 . 2011-04-20 06:0259392----a-w-c:\windows\system32\atiedu64.dll
2011-04-20 06:02 . 2011-04-20 06:0243520----a-w-c:\windows\SysWow64\ati2edxx.dll
2011-04-20 05:59 . 2010-05-27 16:544161536----a-w-c:\windows\SysWow64\atidxx32.dll
2011-04-20 05:49 . 2009-11-04 15:314951552----a-w-c:\windows\system32\atidxx64.dll
2011-04-20 05:46 . 2011-04-20 05:4651200----a-w-c:\windows\system32\aticalrt64.dll
2011-04-20 05:46 . 2011-04-20 05:4646080----a-w-c:\windows\SysWow64\aticalrt.dll
2011-04-20 05:46 . 2011-04-20 05:4644544----a-w-c:\windows\system32\aticalcl64.dll
2011-04-20 05:46 . 2011-04-20 05:4644032----a-w-c:\windows\SysWow64\aticalcl.dll
2011-04-20 05:45 . 2011-04-20 05:457768064----a-w-c:\windows\system32\aticaldd64.dll
2011-04-20 05:42 . 2011-04-20 05:426389760----a-w-c:\windows\SysWow64\aticaldd.dll
2011-04-20 05:40 . 2011-04-20 05:401222656----a-w-c:\windows\system32\atiumd6v.dll
2011-04-20 05:40 . 2011-04-20 05:401923584----a-w-c:\windows\SysWow64\atiumdmv.dll
2011-04-20 05:40 . 2011-04-20 05:403868672----a-w-c:\windows\system32\atiumd6a.dll
2011-04-20 05:38 . 2009-11-04 15:234286464----a-w-c:\windows\SysWow64\atiumdag.dll
2011-04-20 05:31 . 2011-04-20 05:315440000----a-w-c:\windows\system32\atiumd64.dll
2011-04-20 05:30 . 2009-11-04 15:054056576----a-w-c:\windows\SysWow64\atiumdva.dll
2011-04-20 05:27 . 2010-05-27 16:3558880----a-w-c:\windows\system32\coinst.dll
2011-04-20 05:23 . 2011-04-20 05:23366080----a-w-c:\windows\system32\atiadlxx.dll
2011-04-20 05:23 . 2011-04-20 05:23262144----a-w-c:\windows\SysWow64\atiadlxy.dll
2011-04-20 05:22 . 2011-04-20 05:2214848----a-w-c:\windows\system32\atig6pxx.dll
2011-04-20 05:22 . 2011-04-20 05:2212800----a-w-c:\windows\SysWow64\atiglpxx.dll
2011-04-20 05:22 . 2011-04-20 05:2212800----a-w-c:\windows\system32\atiglpxx.dll
2011-04-20 05:22 . 2011-04-20 05:2239936----a-w-c:\windows\system32\atig6txx.dll
2011-04-20 05:22 . 2011-04-20 05:2232768----a-w-c:\windows\SysWow64\atigktxx.dll
2011-04-20 05:22 . 2011-04-20 05:22306176----a-w-c:\windows\system32\drivers\atikmpag.sys
2011-04-20 05:21 . 2010-05-27 16:2540960----a-w-c:\windows\system32\atiuxp64.dll
2011-04-20 05:21 . 2010-05-27 16:2431232----a-w-c:\windows\SysWow64\atiuxpag.dll
2011-04-20 05:21 . 2011-04-20 05:2138912----a-w-c:\windows\system32\atiu9p64.dll
2011-04-20 05:21 . 2010-05-27 16:2429184----a-w-c:\windows\SysWow64\atiu9pag.dll
2011-04-20 05:20 . 2011-04-20 05:2053248----a-w-c:\windows\system32\drivers\ati2erec.dll
2011-04-20 05:13 . 2011-04-20 05:1353760----a-w-c:\windows\system32\atimpc64.dll
2011-04-20 05:13 . 2011-04-20 05:1353760----a-w-c:\windows\system32\amdpcom64.dll
2011-04-20 05:13 . 2011-04-20 05:1352736----a-w-c:\windows\SysWow64\atimpc32.dll
2011-04-20 05:13 . 2011-04-20 05:1352736----a-w-c:\windows\SysWow64\amdpcom32.dll
2011-04-13 14:28 . 2010-06-17 17:294283672----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-04-13 14:28 . 2010-06-17 17:2842776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-09 07:02 . 2011-05-11 10:595562240----a-w-c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-11 17:19142336----a-w-c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 10:593967872----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 10:593912576----a-w-c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 17:19123904----a-w-c:\windows\SysWow64\poqexec.exe
2011-04-07 20:35 . 2011-04-07 20:35737072----a-w-c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-04-07 20:35 . 2011-04-07 20:354277016----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-07 20:34 . 2011-04-07 20:3442776----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-07 20:34 . 2010-06-17 17:28539968----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 16:50 . 2011-04-06 16:5074752----a-w-c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:50161792----a-w-c:\windows\SysWow64\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:501126912----a-w-c:\windows\SysWow64\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:5086528----a-w-c:\windows\SysWow64\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:5076800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:5074752----a-w-c:\windows\SysWow64\iesetup.dll
2011-04-06 16:50 . 2011-04-06 16:5063488----a-w-c:\windows\SysWow64\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:5048640----a-w-c:\windows\SysWow64\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:50420864----a-w-c:\windows\SysWow64\vbscript.dll
2011-04-06 16:50 . 2011-04-06 16:50367104----a-w-c:\windows\SysWow64\html.iec
2011-04-06 16:50 . 2011-04-06 16:5023552----a-w-c:\windows\SysWow64\licmgr10.dll
2011-04-06 16:50 . 2011-04-06 16:50152064----a-w-c:\windows\SysWow64\wextract.exe
2011-04-06 16:50 . 2011-04-06 16:50150528----a-w-c:\windows\SysWow64\iexpress.exe
2011-04-06 16:50 . 2011-04-06 16:50142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:501427456----a-w-c:\windows\SysWow64\inetcpl.cpl
2011-04-06 16:50 . 2011-04-06 16:50110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:5091648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 16:50 . 2011-04-06 16:5089088----a-w-c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 16:50 . 2011-04-06 16:5049664----a-w-c:\windows\system32\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:5048640----a-w-c:\windows\system32\mshtmler.dll
2011-04-06 16:50 . 2011-04-06 16:5035840----a-w-c:\windows\SysWow64\imgutil.dll
2011-04-06 16:50 . 2011-04-06 16:50222208----a-w-c:\windows\system32\msls31.dll
2011-04-06 16:50 . 2011-04-06 16:50173056----a-w-c:\windows\system32\ieUnatt.exe
2011-04-06 16:50 . 2011-04-06 16:501389056----a-w-c:\windows\system32\wininet.dll
2011-04-06 16:50 . 2011-04-06 16:50135168----a-w-c:\windows\system32\IEAdvpack.dll
2011-04-06 16:50 . 2011-04-06 16:5012288----a-w-c:\windows\system32\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:5011776----a-w-c:\windows\SysWow64\mshta.exe
2011-04-06 16:50 . 2011-04-06 16:50114176----a-w-c:\windows\system32\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:50111616----a-w-c:\windows\system32\iesysprep.dll
2011-04-06 16:50 . 2011-04-06 16:50101888----a-w-c:\windows\SysWow64\admparse.dll
2011-04-06 16:50 . 2011-04-06 16:5085504----a-w-c:\windows\system32\iesetup.dll2011-04-06 16:50 . 2011-04-06 16:5076800----a-w-c:\windows\system32\tdc.ocx
2011-04-06 16:50 . 2011-04-06 16:50603648----a-w-c:\windows\system32\vbscript.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-06-28_17.48.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 00:13 . 2009-07-14 01:1486528 c:\windows\SysWOW64\SearchFilterHost.exe
+ 2011-06-28 18:21 . 2011-05-04 04:2886528 c:\windows\SysWOW64\SearchFilterHost.exe
- 2009-07-14 00:12 . 2009-07-14 01:1559392 c:\windows\SysWOW64\msscntrs.dll
+ 2011-06-28 18:21 . 2011-05-04 04:3259392 c:\windows\SysWOW64\msscntrs.dll
- 2009-07-13 23:16 . 2009-07-14 01:1544544 c:\windows\SysWOW64\devrtl.dll
+ 2011-06-28 18:21 . 2011-05-24 10:4044544 c:\windows\SysWOW64\devrtl.dll
+ 2011-06-28 18:21 . 2011-05-24 10:4064512 c:\windows\SysWOW64\devobj.dll
- 2009-07-13 23:16 . 2009-07-14 01:1564512 c:\windows\SysWOW64\devobj.dll
+ 2010-06-15 09:52 . 2011-07-01 00:0785652 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-01 00:0740070 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-15 08:27 . 2011-07-01 00:0715250 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3224318273-3311775750-3685103505-1000_UserData.bin
- 2009-07-14 00:29 . 2009-07-14 01:4175264 c:\windows\system32\msscntrs.dll
+ 2011-06-28 18:21 . 2011-05-04 05:2275264 c:\windows\system32\msscntrs.dll
+ 2011-04-20 05:27 . 2011-04-20 05:2758880 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\coinst.dll
+ 2011-04-20 05:21 . 2011-04-20 05:2131232 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiuxpag.dll
+ 2011-04-20 05:21 . 2011-04-20 05:2140960 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiuxp64.dll
+ 2011-04-20 05:21 . 2011-04-20 05:2129184 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiu9pag.dll
+ 2011-04-20 05:21 . 2011-04-20 05:2138912 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiu9p64.dll
+ 2009-06-22 19:34 . 2009-06-22 19:3451200 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIODCLI.exe
+ 2011-04-20 06:02 . 2011-04-20 06:0216384 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimuixx.dll
+ 2011-04-20 05:13 . 2011-04-20 05:1353760 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimpc64.dll
+ 2011-04-20 05:13 . 2011-04-20 05:1352736 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimpc32.dll
+ 2011-04-20 05:22 . 2011-04-20 05:2212800 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiglpxx.dll
+ 2011-04-20 05:22 . 2011-04-20 05:2232768 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atigktxx.dll
+ 2011-04-20 05:22 . 2011-04-20 05:2239936 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atig6txx.dll
+ 2011-04-20 05:22 . 2011-04-20 05:2214848 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atig6pxx.dll
+ 2011-04-20 06:02 . 2011-04-20 06:0259392 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiedu64.dll
+ 2011-04-20 05:46 . 2011-04-20 05:4651200 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalrt64.dll
+ 2011-04-20 05:46 . 2011-04-20 05:4646080 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalrt.dll
+ 2011-04-20 05:46 . 2011-04-20 05:4644544 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalcl64.dll
+ 2011-04-20 05:46 . 2011-04-20 05:4644032 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalcl.dll
+ 2011-04-20 05:20 . 2011-04-20 05:2053248 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ati2erec.dll
+ 2011-04-20 06:02 . 2011-04-20 06:0243520 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ati2edxx.dll
- 2010-06-15 06:50 . 2011-06-28 14:4316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-15 06:50 . 2011-06-29 13:2316384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-15 06:50 . 2011-06-29 13:2332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-06-15 06:50 . 2011-06-28 14:4332768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-28 14:4316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-06-29 13:2316384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-03 21:52 . 2009-02-03 21:5251200 c:\windows\system32\ATIODCLI.exe
+ 2009-06-22 19:34 . 2009-06-22 19:3451200 c:\windows\system32\ATIODCLI.exe
+ 2011-03-17 21:51 . 2011-03-17 21:513929 c:\windows\SysWOW64\atipblag.dat
+ 2011-03-17 21:51 . 2011-03-17 21:513929 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipblag.dat
+ 2011-03-17 21:51 . 2011-03-17 21:513929 c:\windows\system32\atipblag.dat
+ 2011-07-01 01:43 . 2011-07-01 01:432048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-28 16:49 . 2011-06-28 16:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-01 01:43 . 2011-07-01 01:432048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-06-28 16:49 . 2011-06-28 16:492048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 00:14 . 2009-07-14 01:14164352 c:\windows\SysWOW64\SearchProtocolHost.exe
+ 2011-06-28 18:21 . 2011-05-04 04:28164352 c:\windows\SysWOW64\SearchProtocolHost.exe
+ 2011-06-28 18:21 . 2011-05-04 04:28427520 c:\windows\SysWOW64\SearchIndexer.exe
- 2011-02-23 19:18 . 2010-11-20 12:19666624 c:\windows\SysWOW64\mssvp.dll
+ 2011-06-28 18:21 . 2011-05-04 04:32666624 c:\windows\SysWOW64\mssvp.dll
- 2011-02-23 19:18 . 2010-11-20 12:19197120 c:\windows\SysWOW64\mssphtb.dll
+ 2011-06-28 18:21 . 2011-05-04 04:32197120 c:\windows\SysWOW64\mssphtb.dll
- 2009-07-14 00:13 . 2009-07-14 01:15337408 c:\windows\SysWOW64\mssph.dll
+ 2011-06-28 18:21 . 2011-05-04 04:32337408 c:\windows\SysWOW64\mssph.dll
+ 2011-06-28 18:21 . 2011-05-24 10:37252928 c:\windows\SysWOW64\drvinst.exe
- 2009-07-13 23:16 . 2009-07-14 01:14252928 c:\windows\SysWOW64\drvinst.exe
+ 2011-06-28 18:21 . 2011-05-24 10:39145920 c:\windows\SysWOW64\cfgmgr32.dll
- 2011-02-23 19:18 . 2010-11-20 12:18145920 c:\windows\SysWOW64\cfgmgr32.dll
+ 2010-06-26 23:39 . 2011-06-29 13:12362562 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2010-06-17 04:47 . 2011-06-29 02:41377912 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2011-06-28 18:21 . 2011-05-24 11:42404480 c:\windows\system32\umpnpmgr.dll
- 2011-02-23 19:19 . 2010-11-20 13:27404480 c:\windows\system32\umpnpmgr.dll
- 2009-07-14 00:30 . 2009-07-14 01:39249856 c:\windows\system32\SearchProtocolHost.exe
+ 2011-06-28 18:21 . 2011-05-04 05:19249856 c:\windows\system32\SearchProtocolHost.exe
+ 2011-06-28 18:21 . 2011-05-04 05:19591872 c:\windows\system32\SearchIndexer.exe
- 2009-07-14 00:29 . 2009-07-14 01:39113664 c:\windows\system32\SearchFilterHost.exe
+ 2011-06-28 18:21 . 2011-05-04 05:19113664 c:\windows\system32\SearchFilterHost.exe
+ 2009-07-14 02:36 . 2011-06-28 17:52676016 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-06-28 17:52126136 c:\windows\system32\perfc009.dat
- 2011-02-23 19:19 . 2010-11-20 13:27778752 c:\windows\system32\mssvp.dll
+ 2011-06-28 18:21 . 2011-05-04 05:22778752 c:\windows\system32\mssvp.dll
- 2011-02-23 19:18 . 2010-11-20 13:27288256 c:\windows\system32\mssphtb.dll
+ 2011-06-28 18:21 . 2011-05-04 05:22288256 c:\windows\system32\mssphtb.dll
- 2009-07-14 00:30 . 2009-07-14 01:41491520 c:\windows\system32\mssph.dll
+ 2011-06-28 18:21 . 2011-05-04 05:22491520 c:\windows\system32\mssph.dll
- 2009-07-14 04:45 . 2011-06-28 15:09444696 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-06-28 18:24444696 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 05:30 . 2011-06-28 18:15143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-20 22:42143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-20 22:42143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-06-28 18:15143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-20 06:02 . 2011-04-20 06:02278528 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\Oemdspif.dll
+ 2011-04-20 06:03 . 2011-04-20 06:03120320 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atitmm64.dll
+ 2011-04-20 06:02 . 2011-04-20 06:02356352 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipdlxx.dll
+ 2011-04-20 06:02 . 2011-04-20 06:02423424 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipdl64.dll
+ 2010-08-27 22:33 . 2010-08-27 22:33332800 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIODE.exe
+ 2011-04-20 05:22 . 2011-04-20 05:22306176 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atikmpag.sys
+ 2011-03-01 01:30 . 2011-03-01 01:30233012 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiicdxx.dat
+ 2011-04-20 06:04 . 2011-04-20 06:04203776 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiesrxx.exe
+ 2011-04-20 06:04 . 2011-04-20 06:04480256 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atieclxx.exe
+ 2011-04-20 06:05 . 2011-04-20 06:05462848 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIDEMGX.dll
+ 2011-04-20 06:07 . 2011-04-20 06:07795648 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticfx64.dll
+ 2011-04-20 06:09 . 2011-04-20 06:09676864 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticfx32.dll
+ 2009-05-12 01:35 . 2009-05-12 01:35118784 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atibtmon.exe
+ 2011-04-20 06:09 . 2011-04-20 06:09151552 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiapfxx.exe
+ 2011-04-20 05:23 . 2011-04-20 05:23262144 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiadlxy.dll
+ 2011-04-20 05:23 . 2011-04-20 05:23366080 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiadlxx.dll
+ 2010-08-27 22:33 . 2010-08-27 22:33332800 c:\windows\system32\ATIODE.exe
+ 2011-03-01 01:30 . 2011-03-01 01:30233012 c:\windows\system32\atiicdxx.dat
- 2009-07-14 04:46 . 2011-06-28 16:56104728 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2011-06-28 19:23104728 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-07-01 01:42439272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-28 18:21 . 2011-05-04 04:341549312 c:\windows\SysWOW64\tquery.dll
+ 2011-06-28 18:21 . 2011-05-04 04:321401344 c:\windows\SysWOW64\mssrch.dll
- 2011-02-23 19:19 . 2010-11-20 12:191401344 c:\windows\SysWOW64\mssrch.dll
+ 2011-06-28 18:21 . 2011-05-04 05:252315776 c:\windows\system32\tquery.dll
+ 2011-06-28 18:21 . 2011-05-04 05:222223616 c:\windows\system32\mssrch.dll
- 2011-02-23 19:19 . 2010-11-20 13:272223616 c:\windows\system32\mssrch.dll
+ 2011-04-20 05:30 . 2011-04-20 05:304056576 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdva.dll
+ 2011-04-20 05:40 . 2011-04-20 05:401923584 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdmv.dll
+ 2011-04-20 05:38 . 2011-04-20 05:384286464 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdag.dll
+ 2011-04-20 05:40 . 2011-04-20 05:401222656 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd6v.dll
+ 2011-04-20 05:40 . 2011-04-20 05:403868672 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd6a.dll
+ 2011-04-20 05:31 . 2011-04-20 05:315440000 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd64.dll
+ 2011-04-20 06:44 . 2011-04-20 06:449319936 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atikmdag.sys
+ 2011-04-20 05:49 . 2011-04-20 05:494951552 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atidxx64.dll
+ 2011-04-20 05:59 . 2011-04-20 05:594161536 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atidxx32.dll
+ 2011-04-20 05:45 . 2011-04-20 05:457768064 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticaldd64.dll
+ 2011-04-20 05:42 . 2011-04-20 05:426389760 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticaldd.dll
- 2009-07-14 04:45 . 2011-06-28 16:237383570 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-06-28 18:267383570 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-05 09:10 . 2011-06-28 17:561693384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1006-8192.dat
+ 2010-06-17 07:14 . 2011-07-01 01:422765752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-8192.dat
+ 2010-06-15 09:13 . 2011-06-29 13:371820484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-12288.dat
+ 2011-01-15 13:46 . 2011-01-15 13:462049536 c:\windows\Installer\49cfd.msi
- 2009-07-14 02:34 . 2011-06-15 07:5410485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-06-28 18:2210485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-04-20 06:07 . 2011-04-20 06:0717693184 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atioglxx.dll
+ 2011-04-20 06:30 . 2011-04-20 06:3022900736 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atio6axx.dll
+ 2011-04-06 19:08 . 2011-07-01 01:4238610644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224318273-3311775750-3685103505-1000-4096.dat
+ 2009-07-14 05:30 . 2011-06-28 18:151036795904 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-06-20 22:421036795904 c:\windows\system32\DriverStore\infpub.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-11-04 380928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"KTbWorks"="c:\program files (x86)\Kensington TrackballWorks\KTbWorksL.exe" [2010-07-01 426064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GBTUpd"="c:\program files (x86)\GIGABYTE\GBTUpd\PreRun.exe" [2008-04-03 297480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files (x86)\Olympus\DeviceDetector\DevDtct2.exe [2010-6-20 118784]
Qshelf.lnk - c:\program files\Microsoft Reference\Bookshelf 98\qshelf98.exe [2010-6-27 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver;AODDriver;c:\program files (x86)\GIGABYTE\ET6\amd64\AODDriver.sys [2010-07-29 52280]
R3 esihdrv;esihdrv;

R3 etdrv;etdrv;c:\windows\etdrv.sys [2010-07-03 25640]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2010-08-11 30528]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys

R3 rtkio;rtkio;c:\program files (x86)\Realtek\Smart Dual Lan\rtkio.sys [2009-07-15 17392]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\drivers\vpcuxd.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R4 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe [2009-08-06 65536]
R4 SDLService;SDLService;c:\program files (x86)\Realtek\Smart Dual Lan\SDLService.exe [2009-10-23 88064]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
R4 WTService;WTService;c:\windows\System32\atwtusb.exe

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe

S2 KTbWorksService;Kensington TrackballWorks Service;c:\program files (x86)\Kensington TrackballWorks\KTbWorksS.exe [2010-07-01 50256]
S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\FixCleaner Startup.job
- c:\program files (x86)\FixCleaner\FixCleaner.exe [2011-06-01 18:33]
.
2011-06-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000Core.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3224318273-3311775750-3685103505-1000UA.job
- c:\users\Frank C\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 02:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF840.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-19 9996320]
"MacroKeyManager"="WTMKM.exe" [2009-05-21 5594272]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2011-06-30 21:49:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-01 01:49
ComboFix2.txt 2011-06-28 17:49
ComboFix3.txt 2011-06-16 14:12
.
Pre-Run: 441,730,760,704 bytes free
Post-Run: 441,197,662,208 bytes free
.
- - End Of File - - 1FC31389D708BFFA6EAC8EA99E20EC6A

I'll not try ESET in another post.
Frank C.

I tried ESET. To get some type of response I had to right click the Download button and select Copy Shortcut and Paste it into the address bar. But that did not work. I was just taken back to the same page. So I was not able to download ESET.
Frank C.
Ok. Let's try this one.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window COMES up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.
Won't run. A big black top margin box appears with a big green arrow pointing to the Home icon and the Panning Hand icon but there is no browser confirmation message the green arrow is supposed to be pointing towards. There is a notice that the BitDefender Quick Scan is running but I let it run for over an hour and nothing is happening. I would guess its waiting for me to click on the browser confirmation message. Frank C. Let's try this one.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus DEFINITIONS. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

5. Click on My Computer under Scan.
6. Once the scan is complete, it will display the results. Click on View Scan Report.
7. You will see a list of infected items there. Click on Save Report As....
8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
9. Please post this log in your next reply along with a fresh HijackThis log.


Discussion

No Comment Found

Related InterviewSolutions