whitesmoke toolbar virus trouble - computer help forum

ComboFix 11-03-13.02 - Connor 03/14/2011 17:28:33.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2447 [GMT -4:00]
Running from: c:\users\Connor\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Connor\AppData\Local\Temp\VPN_77D6\9218E5A4.dll
c:\windows\TEMP\VPN_57C7\9218E5A4.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-14 to 2011-03-14 )))))))))))))))))))))))))))))))
.
.
2011-03-14 21:44 . 2011-03-14 21:44   --------   d-----w-   c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-03-14 21:44 . 2011-03-14 21:44   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-03-14 21:24 . 2011-03-14 21:25   --------   d-----w-   C:\32788R22FWJFW
2011-03-14 03:03 . 2011-02-11 04:31   7947600   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4300CDD2-4DB3-47E4-88F4-D19C9343D8E6}\mpengine.dll
2011-03-10 21:20 . 2011-03-10 21:20   --------   d-----w-   C:\_OTL
2011-03-08 20:20 . 2011-03-08 20:20   --------   d-----w-   c:\program files (x86)\Common Files\Skype
2011-03-06 03:29 . 2011-03-06 03:29   --------   d-----w-   C:\LazyNewbPack[0.31.19][V8.0]
2011-03-05 12:31 . 2008-10-15 11:22   519000   ----a-w-   c:\windows\system32\d3dx10_40.dll
2011-03-05 12:31 . 2008-10-15 11:22   452440   ----a-w-   c:\windows\SysWow64\d3dx10_40.dll
2011-03-05 12:31 . 2008-10-15 11:22   2605920   ----a-w-   c:\windows\system32\D3DCompiler_40.dll
2011-03-05 12:31 . 2008-10-15 11:22   2036576   ----a-w-   c:\windows\SysWow64\D3DCompiler_40.dll
2011-03-05 12:31 . 2008-10-15 11:22   5631312   ----a-w-   c:\windows\system32\D3DX9_40.dll
2011-03-05 12:31 . 2008-10-15 11:22   4379984   ----a-w-   c:\windows\SysWow64\D3DX9_40.dll
2011-03-05 12:30 . 2011-03-05 12:30   --------   d-----w-   c:\users\Public\Games
2011-03-05 01:26 . 2011-03-05 01:37   364201984   ----a-w-   C:\WindSlayer-01_09_0000.exe
2011-03-05 00:23 . 2011-03-05 00:23   --------   d-----w-   C:\gPotato
2011-03-05 00:11 . 2011-03-05 00:23   472781133   ----a-w-   C:\AIKAOnline_US_Setup_20101103.exe
2011-03-04 03:33 . 2011-03-04 03:35   --------   d-----w-   c:\users\Connor\AppData\Roaming\BugTrap Console Test108
2011-02-28 23:57 . 2011-02-11 04:31   7947600   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-28 23:57 . 2011-02-28 23:56   601424   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92021A4C-7412-4852-B81E-546412346036}\gapaengine.dll
2011-02-28 23:46 . 2011-02-28 23:46   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2011-02-28 23:46 . 2011-02-28 23:47   --------   d-----w-   c:\program files\Microsoft Security Client
2011-02-28 23:46 . 2010-04-09 11:06   374664   ----a-w-   c:\windows\system32\drivers\netio.sys
2011-02-27 23:37 . 2011-02-27 23:37   388096   ----a-r-   c:\users\Connor\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-02-27 23:37 . 2011-02-27 23:37   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-02-27 23:17 . 2011-02-27 23:17   --------   d-sh--w-   c:\windows\SysWow64\%APPDATA%
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\users\Connor\AppData\Roaming\SUPERAntiSpyware.com
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\programdata\!SASCORE
2011-02-27 21:04 . 2011-02-27 21:04   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-02-27 20:46 . 2011-02-27 20:46   --------   d-----w-   c:\program files\CCleaner
2011-02-27 20:38 . 2010-03-29 16:06   233488   ----a-w-   c:\windows\system32\drivers\PCTCore64.sys
2011-02-27 20:38 . 2010-11-17 15:20   331368   ----a-w-   c:\windows\system32\drivers\pctgntdi64.sys
2011-02-27 20:38 . 2010-11-17 15:20   136168   ----a-w-   c:\windows\system32\drivers\pctwfpfilter64.sys
2011-02-27 20:38 . 2011-02-27 23:17   --------   d-----w-   c:\users\Connor\AppData\Roaming\PCToolsFirewallPlus
2011-02-27 20:37 . 2011-02-27 20:38   --------   d-----w-   c:\program files (x86)\Common Files\PC Tools
2011-02-27 20:37 . 2010-11-24 14:18   119688   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2011-02-27 20:37 . 2010-07-08 14:49   79000   ----a-w-   c:\windows\system32\drivers\pctNdis64.sys
2011-02-27 20:37 . 2010-02-05 14:26   42968   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS64.sys
2011-02-27 20:37 . 2010-11-25 15:42   179464   ----a-w-   c:\windows\system32\drivers\pctplfw64.sys
2011-02-27 20:37 . 2011-02-27 23:17   --------   d-----w-   c:\program files (x86)\PC Tools Firewall Plus
2011-02-27 16:31 . 2011-02-27 21:01   --------   d-----w-   c:\program files (x86)\Spybot - Search & Destroy
2011-02-27 16:31 . 2011-02-27 21:01   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2011-02-27 15:52 . 2010-12-20 23:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-27 07:49 . 2011-02-27 15:52   --------   d-----w-   c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-02-24 13:49 . 2010-09-14 06:45   367104   ----a-w-   c:\windows\system32\wcncsvc.dll
2011-02-24 13:49 . 2010-09-14 06:07   276992   ----a-w-   c:\windows\SysWow64\wcncsvc.dll
2011-02-23 21:20 . 2011-02-23 21:20   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-02-23 21:19 . 2011-02-03 02:40   472808   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-02-23 21:18 . 2011-02-23 21:18   --------   d-----w-   c:\programdata\McAfee
2011-02-23 20:23 . 2011-02-23 20:23   --------   d-----w-   c:\program files (x86)\LOLReplay
2011-02-23 16:55 . 2011-01-07 08:07   662528   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-02-23 16:55 . 2011-01-07 08:07   475648   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-02-23 16:55 . 2011-01-07 07:31   442880   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2011-02-23 16:55 . 2011-01-07 07:31   288256   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-21 20:44 . 2008-10-15 14:25   461680   ----a-w-   C:\Dbgview.exe
2011-02-20 21:17 . 2011-02-20 21:17   --------   d--h--w-   c:\windows\system32\CanonMF Uninstaller Information
2011-02-20 21:17 . 2011-02-20 21:17   --------   d-----w-   c:\program files\Canon
2011-02-20 21:16 . 2007-04-18 22:13   66048   ----a-w-   c:\windows\system32\CNAS0MMK.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-03 02:40 . 2011-01-13 14:44   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-01-30 03:17 . 2011-01-30 03:17   29808   ----a-w-   c:\windows\system32\drivers\Neo_0014.sys
2011-01-30 03:16 . 2011-01-30 03:16   81920   ----a-w-   c:\windows\SysWow64\vpncmd.exe
2011-01-26 06:53 . 2011-02-09 20:22   982912   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 20:22   265088   ----a-w-   c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 20:22   144384   ----a-w-   c:\windows\system32\cdd.dll
2011-01-19 08:26 . 2011-01-19 08:26   86016   ----a-w-   c:\windows\SysWow64\frapsvid.dll
2011-01-19 08:26 . 2011-01-19 08:26   84992   ----a-w-   c:\windows\system32\frapsv64.dll
2011-01-07 08:06 . 2011-02-09 20:22   46080   ----a-w-   c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 20:22   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 20:22   366080   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 20:22   294400   ----a-w-   c:\windows\SysWow64\atmfd.dll
2011-01-05 06:20 . 2011-02-09 20:22   612352   ----a-w-   c:\windows\system32\vbscript.dll
2011-01-05 05:37 . 2011-02-09 20:22   428032   ----a-w-   c:\windows\SysWow64\vbscript.dll
2011-01-05 04:00 . 2011-02-09 20:22   3127808   ----a-w-   c:\windows\system32\win32k.sys
2011-01-03 06:32 . 2010-01-08 14:14   45056   ----a-w-   c:\windows\system32\acovcnt.exe
2010-12-27 18:55 . 2008-11-25 16:12   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2010-12-27 18:55 . 2008-11-25 16:12   499712   ----a-w-   c:\windows\SysWow64\msvcp71.dll
2010-12-21 06:16 . 2011-02-09 20:22   62976   ----a-w-   c:\windows\system32\wscapi.dll
2010-12-21 06:16 . 2011-02-09 20:22   97280   ----a-w-   c:\windows\system32\wscsvc.dll
2010-12-21 06:16 . 2011-02-09 20:22   214016   ----a-w-   c:\windows\system32\winsrv.dll
2010-12-21 06:16 . 2011-02-09 20:22   1197056   ----a-w-   c:\windows\system32\wininet.dll
2010-12-21 06:16 . 2011-02-09 20:22   442880   ----a-w-   c:\windows\system32\winhttp.dll
2010-12-21 06:16 . 2011-02-09 20:22   258048   ----a-w-   c:\windows\system32\WebClnt.dll
2010-12-21 06:15 . 2011-02-09 20:22   264192   ----a-w-   c:\windows\system32\upnp.dll
2010-12-21 06:15 . 2011-02-09 20:22   15360   ----a-w-   c:\windows\system32\slwga.dll
2010-12-21 06:13 . 2011-02-09 20:22   2003968   ----a-w-   c:\windows\system32\msxml6.dll
2010-12-21 06:13 . 2011-02-09 20:22   1880576   ----a-w-   c:\windows\system32\msxml3.dll
2010-12-21 06:10 . 2011-02-09 20:22   100864   ----a-w-   c:\windows\system32\davclnt.dll
2010-12-21 05:38 . 2011-02-09 20:22   51200   ----a-w-   c:\windows\SysWow64\wscapi.dll
2010-12-21 05:38 . 2011-02-09 20:22   981504   ----a-w-   c:\windows\SysWow64\wininet.dll
2010-12-21 05:38 . 2011-02-09 20:22   350720   ----a-w-   c:\windows\SysWow64\winhttp.dll
2010-12-21 05:38 . 2011-02-09 20:22   204800   ----a-w-   c:\windows\SysWow64\WebClnt.dll
2010-12-21 05:38 . 2011-02-09 20:22   204288   ----a-w-   c:\windows\SysWow64\upnp.dll
2010-12-21 05:38 . 2011-02-09 20:22   14336   ----a-w-   c:\windows\SysWow64\slwga.dll
2010-12-21 05:36 . 2011-02-09 20:22   1389568   ----a-w-   c:\windows\SysWow64\msxml6.dll
2010-12-21 05:36 . 2011-02-09 20:22   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2010-12-21 05:34 . 2011-02-09 20:22   80384   ----a-w-   c:\windows\SysWow64\davclnt.dll
2010-12-20 23:08 . 2010-12-04 20:31   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-12-18 06:11 . 2011-02-09 20:22   57856   ----a-w-   c:\windows\system32\licmgr10.dll
2010-12-18 06:11 . 2011-02-09 20:22   714752   ----a-w-   c:\windows\system32\kerberos.dll
2010-12-18 05:29 . 2011-02-09 20:22   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2010-12-18 05:29 . 2011-02-09 20:22   541184   ----a-w-   c:\windows\SysWow64\kerberos.dll
2010-12-18 04:55 . 2011-02-09 20:22   482816   ----a-w-   c:\windows\system32\html.iec
2010-12-18 04:20 . 2011-02-09 20:22   386048   ----a-w-   c:\windows\SysWow64\html.iec
2010-12-18 04:13 . 2011-02-09 20:22   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2010-12-18 03:47 . 2011-02-09 20:22   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-01_00.19.51 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-27 23:17 . 2011-02-27 23:16   16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-02-27 23:17 . 2011-03-14 17:56   16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-09-16 01:36 . 2011-03-14 21:18   57818 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-14 21:48   48854 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-15 10:07 . 2011-03-14 21:48   26572 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-712587676-1097138996-4050794247-1000_UserData.bin
+ 2010-11-21 04:55 . 2011-03-09 08:53   16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-11-21 04:55 . 2011-02-28 05:49   16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-11-15 10:12 . 2011-03-01 00:05   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-15 10:12 . 2011-03-14 21:47   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-03-12 15:27   80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-11-15 10:12 . 2011-03-14 21:47   32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-15 10:12 . 2011-03-01 00:05   32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-15 10:12 . 2011-03-14 21:47   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-15 10:12 . 2011-03-01 00:05   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-15 10:09 . 2011-03-01 00:05   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-15 10:09 . 2011-03-14 21:48   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-15 10:09 . 2011-03-14 21:48   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-15 10:09 . 2011-03-01 00:05   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-16 03:17 . 2011-03-09 08:01   35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-11-16 03:17 . 2011-02-10 12:46   35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-11-16 03:17 . 2011-03-09 08:01   18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-16 03:17 . 2011-02-10 12:46   18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01   20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-02-13 04:50 . 2010-02-13 04:50   12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-02-13 04:50 . 2010-02-13 04:50   53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-03-08 02:05 . 2011-03-08 02:05   9560 c:\windows\system32\NetworkList\Icons\{D891C3B3-3BF7-4431-9FC1-850715DE7EC8}_48.bin
+ 2011-03-08 02:05 . 2011-03-08 02:05   4280 c:\windows\system32\NetworkList\Icons\{D891C3B3-3BF7-4431-9FC1-850715DE7EC8}_32.bin
+ 2011-03-08 02:05 . 2011-03-08 02:05   2456 c:\windows\system32\NetworkList\Icons\{D891C3B3-3BF7-4431-9FC1-850715DE7EC8}_24.bin
- 2011-03-01 00:19 . 2011-03-01 00:19   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-14 21:45 . 2011-03-14 21:45   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-14 21:45 . 2011-03-14 21:45   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-01 00:19 . 2011-03-01 00:19   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-14 21:46 . 2011-03-14 21:46   119808 c:\windows\temp\VPN_25DD\0FC343C0.dll
- 2009-07-14 00:06 . 2009-07-14 01:16   850432 c:\windows\SysWOW64\sbe.dll
+ 2011-03-08 23:40 . 2010-12-23 05:28   850432 c:\windows\SysWOW64\sbe.dll
+ 2011-03-05 00:06 . 2011-03-05 00:06   235168 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10n_Plugin.exe
- 2009-07-14 00:41 . 2009-07-14 01:16   534528 c:\windows\SysWOW64\EncDec.dll
+ 2011-03-08 23:40 . 2010-12-23 05:28   534528 c:\windows\SysWOW64\EncDec.dll
+ 2011-03-08 23:40 . 2011-02-19 05:32   739840 c:\windows\SysWOW64\d2d1.dll
- 2011-01-12 13:35 . 2010-11-02 04:35   739840 c:\windows\SysWOW64\d2d1.dll
+ 2011-03-08 23:40 . 2010-12-23 05:28   642048 c:\windows\SysWOW64\CPFilters.dll
- 2009-07-14 02:36 . 2011-02-28 23:46   703262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-14 21:20   703262 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-03-14 21:20   136794 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-02-28 23:46   136794 c:\windows\system32\perfc009.dat
+ 2011-03-08 23:40 . 2010-12-23 06:07   723968 c:\windows\system32\EncDec.dll
+ 2011-03-08 23:40 . 2011-02-19 06:36   902656 c:\windows\system32\d2d1.dll
- 2011-01-12 13:35 . 2010-11-02 05:12   902656 c:\windows\system32\d2d1.dll
- 2010-10-26 20:40 . 2010-08-04 07:07   961024 c:\windows\system32\CPFilters.dll
+ 2011-03-08 23:40 . 2010-12-23 06:07   961024 c:\windows\system32\CPFilters.dll
+ 2009-07-14 05:01 . 2011-03-14 21:45   421204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-03-01 00:18   421204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-08 23:58 . 2010-12-08 23:58   752640 c:\windows\Installer\5af3d60.msi
+ 2011-03-08 20:20 . 2011-03-08 20:20   371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
- 2010-12-29 18:52 . 2010-12-29 18:52   371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
- 2009-11-16 03:17 . 2011-02-10 12:46   888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-16 03:17 . 2011-03-09 08:01   888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01   272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01   922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01   845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01   217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01   184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01   159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-02-14 11:04 . 2009-02-14 11:04   625520 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVEWEBSERVICES.DLL
+ 2009-02-12 20:19 . 2009-02-12 20:19   688512 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVEWEBPLATFORMSERVICES.DLL
+ 2009-03-06 09:33 . 2009-03-06 09:33   961888 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVEUTIL.DLL
+ 2009-02-14 11:03 . 2009-02-14 11:03   337264 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVE.EXE
- 2010-02-13 04:50 . 2010-02-13 04:50   223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-02-13 04:50 . 2010-02-13 04:50   178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-02-13 04:50 . 2010-02-13 04:50   364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-02-13 04:50 . 2010-02-13 04:50   159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-02-13 04:50 . 2010-02-13 04:50   145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-11-16 03:08 . 2009-11-16 03:08   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-02-13 04:50 . 2010-02-13 04:50   577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08   576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08   567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08   563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-02-13 04:50 . 2010-02-13 04:50   473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-03-14 21:46 . 2011-03-14 21:46   2240512 c:\windows\temp\VPN_25DD\9218E5A4.dll
+ 2011-03-14 21:46 . 2011-03-14 21:46   1185288 c:\windows\temp\.unicode_cache_78ae99a9.dat
+ 2011-03-08 23:40 . 2010-12-18 05:30   2690560 c:\windows\SysWOW64\mstscax.dll
+ 2011-03-08 23:40 . 2010-12-18 05:26   1034240 c:\windows\SysWOW64\mstsc.exe
- 2010-01-27 01:07 . 2011-02-11 21:41   6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2010-01-27 01:07 . 2011-03-05 00:06   6053536 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-03-08 23:40 . 2011-02-19 05:32   1074176 c:\windows\SysWOW64\DWrite.dll
- 2011-01-12 13:35 . 2010-11-02 04:35   1074176 c:\windows\SysWOW64\DWrite.dll
+ 2011-03-08 23:40 . 2010-12-23 06:07   1118720 c:\windows\system32\sbe.dll
- 2009-07-14 00:21 . 2009-07-14 01:41   1118720 c:\windows\system32\sbe.dll
+ 2011-03-08 23:40 . 2010-12-18 06:12   3138048 c:\windows\system32\mstscax.dll
+ 2011-03-08 23:40 . 2010-12-18 06:08   1097216 c:\windows\system32\mstsc.exe
+ 2011-03-08 23:40 . 2011-02-19 06:37   1135104 c:\windows\system32\FntCache.dll
- 2011-01-12 13:35 . 2010-11-02 05:12   1540608 c:\windows\system32\DWrite.dll
+ 2011-03-08 23:40 . 2011-02-19 06:37   1540608 c:\windows\system32\DWrite.dll
- 2009-07-14 04:45 . 2011-02-28 23:51   3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2011-03-09 08:22   3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-02-16 18:54 . 2011-02-16 18:54   4992000 c:\windows\Installer\1d0321f.msp
+ 2011-01-11 22:53 . 2011-01-11 22:53   1763328 c:\windows\Installer\1d03209.msp
+ 2009-11-16 05:33 . 2011-03-09 08:01   1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-11-16 05:33 . 2011-02-10 12:46   1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-11-16 05:33 . 2011-03-09 08:01   1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-02-14 11:03 . 2009-02-14 11:03   3070832 c:\windows\Installer\$PatchCache$\Managed\00002119E20000000000000000F01FEC\12.0.6425\GROOVEDOCUMENTSHARETOOL.DLL
- 2009-11-16 03:08 . 2009-11-16 03:08   2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-03-05 12:31 . 2011-03-05 12:31   2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-11-16 03:08 . 2009-11-16 03:08   2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-07-14 02:34 . 2011-03-01 00:17   10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-03-14 21:30   10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-11-15 13:25 . 2011-03-09 08:01   39946696 c:\windows\system32\MRT.exe
+ 2011-03-08 20:19 . 2011-03-08 20:19   18307072 c:\windows\Installer\2f64c.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
2010-11-06 03:14   2735200   ----a-w-   c:\program files (x86)\OnRPG\tbOnR0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}"= "c:\program files (x86)\OnRPG\tbOnR0.dll" [2010-11-06 2735200]
.
[HKEY_CLASSES_ROOT\clsid\{d22f6f66-2f47-4184-8625-fbfa4cbdb7ce}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08   143360   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files (x86)\DNA\btdna.exe" [2010-11-19 323392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CinemaNowMediaManagerApp"="c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe" [2009-06-11 2088296]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-07-07 8493624]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]
"cwcptray"="c:\program files (x86)\ContentWatch\Internet Protection\cwtray.exe" [2010-11-16 353088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-9-15 12862]
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2011-3-3 201728]
PacketiX VPN Client Task Tray.lnk - c:\program files (x86)\PacketiX VPN Client English\vpncmgr.exe [2008-5-15 2682880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44   35760   ----a-w-   c:\program files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
2009-06-24 19:30   272952   ----a-w-   c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
2009-09-16 01:33   72248   ----a-w-   c:\windows\AsScrProlog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2009-09-16 01:33   3054136   ----a-w-   c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-07-19 00:52   104936   ------w-   c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]
2008-06-13 23:11   210216   ------w-   c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;c:\hanpurple\elsword\data\GameGuard\dump_wmimmc.sys

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys

R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe

R3 X6va003;X6va003;c:\users\Connor\AppData\Local\Temp\003CFBB.tmp

R3 X6va005;X6va005;c:\users\Connor\AppData\Local\Temp\005845B.tmp

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2009-06-11 127352]
S2 CwAltaService20;ContentWatch;c:\program files (x86)\ContentWatch\Internet Protection\cwsvc.exe [2010-11-16 2109440]
S2 FastBootAgent;FastBootAgent;c:\windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-07-24 306232]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2011-02-25 23680]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe

S2 vpnclient;PacketiX VPN Client;c:\program files (x86)\PacketiX VPN Client English\vpnclient.exe [2008-05-15 2478080]
S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [2009-11-24 127784]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys

S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0014.sys

S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys

S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys

S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys

S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys

.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pctESPInject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 23:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z023&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\cwalsp.dll
Trusted Zone: cinemanow.com
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {E2729F99-A050-4F4D-AE9F-7492C5532F49} - hxxp://down.hangame.co.jp/jp/dist/hgtagent2/hgtagent2.cab
DPF: {F8160836-0C11-4CA4-AD87-944542C7BCBD} - hxxp://down.hangame.co.jp/jp/purple/launcher/PubPlugin.cab
FF - ProfilePath - c:\users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\ecx7ksuv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z023&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z023&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Connor\AppData\Roaming\Move Networks
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
FF - Ext: SyncPlaces: syncplaces@andyhalford.com - %profile%\extensions\syncplaces@andyhalford.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va003]
"ImagePath"="\??\c:\users\Connor\AppData\Local\Temp\003CFBB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\Connor\AppData\Local\Temp\005845B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
.
**************************************************************************
.
Completion time: 2011-03-14 17:58:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-14 21:58
ComboFix2.txt 2011-03-02 19:28
ComboFix3.txt 2011-03-01 00:27
.
Pre-Run: 137,372,893,184 bytes free
Post-Run: 137,028,952,064 bytes free
.
- - End Of File - - F509B404EEE2E4C542C804E8620E1182