JohnB please help with friends computer

Here's the logs its still really slow and 2 things keep coming back on MBAM

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.29.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mike :: MIKE-PC [administrator]
1/29/2012 5:55:51 PM
mbam-log-2012-01-29 (17-55-51).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 297071
Time elapsed: 44 minute(s), 8 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2588 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:52:33 PM, on 1/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
\.\globalroot\C:\Windows\svchost.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{425A1757-F52B-4146-BBE3-1F21368FB0E0}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{425A1757-F52B-4146-BBE3-1F21368FB0E0}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{425A1757-F52B-4146-BBE3-1F21368FB0E0}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdagent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10092 bytes

Please do the following.

1.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.



To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.



If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.


2.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

ComboFix 12-01-29.02 - Mike 01/29/2012 22:05:42.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2534 [GMT -6:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: COMODO Antivirus *Enabled/Updated* {7554F4C5-5EC0-2FC6-8192-8DF831DBED51}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-30 04:18 . 2012-01-30 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 03:40 . 2012-01-30 03:40 -------- d-----w- c:\program files (x86)\7-Zip
2012-01-30 00:51 . 2012-01-30 00:51 388096 ----a-r- c:\users\Mike\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-30 00:51 . 2012-01-30 00:51 -------- d-----w- c:\program files (x86)\Trend Micro
2012-01-24 14:22 . 2012-01-24 14:22 -------- d-----w- c:\windows\Sun
2012-01-22 03:13 . 2012-01-22 03:13 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-21 03:49 . 2012-01-21 03:49 -------- d-----w- c:\users\Mike\AppData\Local\Ilivid Player
2012-01-21 03:49 . 2012-01-29 02:06 -------- dc-h--w- c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2012-01-21 03:48 . 2012-01-21 03:48 -------- d-----w- c:\program files (x86)\Windows iLivid Toolbar
2012-01-21 03:48 . 2012-01-21 03:48 -------- d-----w- c:\users\Mike\AppData\Local\PackageAware
2012-01-19 14:44 . 2011-12-19 18:58 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-01-11 23:39 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 23:39 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 23:39 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 23:39 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 23:39 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 23:39 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 23:39 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 23:39 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-04 15:36 . 2012-01-04 15:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-01-04 15:26 . 2012-01-04 15:26 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2012-01-04 15:26 . 2012-01-04 15:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-04 15:26 . 2012-01-04 15:26 -------- d-----w- c:\programdata\Malwarebytes
2012-01-04 15:26 . 2011-12-10 21:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-01 20:15 . 2012-01-01 20:15 -------- d-----w- c:\program files (x86)\Conduit
2012-01-01 20:14 . 2012-01-04 00:19 -------- d-----w- c:\users\Mike\AppData\Local\Conduit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-17 21:00 . 2011-05-03 01:36 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 18:59 . 2011-05-07 21:17 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2011-12-19 18:59 . 2011-05-03 01:36 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 18:59 . 2011-05-03 01:36 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 18:58 . 2011-05-03 01:36 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2011-12-19 18:58 . 2011-05-03 01:36 389840 ----a-w- c:\windows\system32\guard64.dll
2011-12-14 14:02 . 2011-12-14 14:02 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-10 06:59 . 2011-12-10 06:59 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-10 06:59 . 2011-12-10 06:59 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-10 06:58 . 2011-12-10 06:58 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-10 06:58 . 2011-12-10 06:58 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-24 04:52 . 2011-12-14 22:33 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 11:54 . 2011-06-16 08:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-05 05:32 . 2011-12-14 22:33 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 22:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-15 09:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-15 09:01 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-15 09:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-15 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-15 09:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-15 09:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-15 09:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-15 09:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot_2012-01-29_01.58.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-11-21 03:24 . 2010-11-21 03:24 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-01-29 01:25 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll
+ 2012-01-29 01:25 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 22016 c:\windows\SysWOW64\secur32.dll
- 2012-01-24 14:58 . 2012-01-29 01:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-24 14:58 . 2012-01-29 02:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-29 09:36 . 2012-01-29 20:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012012920120130\index.dat
+ 2012-01-29 01:41 . 2012-01-29 02:35 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012012820120129\index.dat
- 2012-01-22 00:38 . 2012-01-29 01:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-01-22 00:38 . 2012-01-29 20:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-04-20 07:21 . 2011-04-20 07:21 31232 c:\windows\SysWOW64\atiuxpag.dll
+ 2011-04-20 07:21 . 2011-04-20 07:21 29184 c:\windows\SysWOW64\atiu9pag.dll
+ 2011-04-20 07:13 . 2011-04-20 07:13 52736 c:\windows\SysWOW64\atimpc32.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 12800 c:\windows\SysWOW64\atiglpxx.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 32768 c:\windows\SysWOW64\atigktxx.dll
+ 2011-04-20 07:46 . 2011-04-20 07:46 46080 c:\windows\SysWOW64\aticalrt.dll
+ 2011-04-20 07:46 . 2011-04-20 07:46 44032 c:\windows\SysWOW64\aticalcl.dll
+ 2011-04-20 08:02 . 2011-04-20 08:02 43520 c:\windows\SysWOW64\ati2edxx.dll
- 2011-06-16 09:46 . 2009-07-15 06:12 43520 c:\windows\SysWOW64\ati2edxx.dll
+ 2011-04-20 07:13 . 2011-04-20 07:13 52736 c:\windows\SysWOW64\amdpcom32.dll
+ 2010-11-21 03:09 . 2012-01-30 04:02 29970 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-30 04:02 38810 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-11-21 03:24 . 2010-11-21 03:24 29184 c:\windows\system32\sspisrv.dll
+ 2012-01-29 01:25 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 28160 c:\windows\system32\secur32.dll
+ 2012-01-29 01:25 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll
+ 2012-01-29 01:25 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe
- 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe
+ 2009-07-14 05:30 . 2012-01-29 04:10 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-12-17 04:26 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-20 07:27 . 2011-04-20 07:27 58880 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\coinst.dll
+ 2011-04-20 07:21 . 2011-04-20 07:21 31232 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiuxpag.dll
+ 2011-04-20 07:21 . 2011-04-20 07:21 40960 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiuxp64.dll
+ 2011-04-20 07:21 . 2011-04-20 07:21 29184 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiu9pag.dll
+ 2011-04-20 07:21 . 2011-04-20 07:21 38912 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiu9p64.dll
+ 2009-06-22 21:34 . 2009-06-22 21:34 51200 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIODCLI.exe
+ 2011-04-20 08:02 . 2011-04-20 08:02 16384 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimuixx.dll
+ 2011-04-20 07:13 . 2011-04-20 07:13 53760 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimpc64.dll
+ 2011-04-20 07:13 . 2011-04-20 07:13 52736 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atimpc32.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 12800 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiglpxx.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 32768 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atigktxx.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 39936 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atig6txx.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 14848 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atig6pxx.dll
+ 2011-04-20 08:02 . 2011-04-20 08:02 59392 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiedu64.dll
+ 2011-04-20 07:46 . 2011-04-20 07:46 51200 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalrt64.dll
+ 2011-04-20 07:46 . 2011-04-20 07:46 46080 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalrt.dll
+ 2011-04-20 07:46 . 2011-04-20 07:46 44544 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalcl64.dll
+ 2011-04-20 07:46 . 2011-04-20 07:46 44032 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticalcl.dll
+ 2011-04-20 07:20 . 2011-04-20 07:20 53248 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ati2erec.dll
+ 2011-04-20 08:02 . 2011-04-20 08:02 43520 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ati2edxx.dll
+ 2012-01-29 01:25 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys
+ 2011-04-20 07:20 . 2011-04-20 07:20 53248 c:\windows\system32\drivers\ati2erec.dll
- 2011-06-16 09:46 . 2009-07-15 05:11 53248 c:\windows\system32\drivers\ati2erec.dll
+ 2011-07-01 20:53 . 2012-01-30 04:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-07-01 20:53 . 2012-01-29 01:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-07-01 20:53 . 2012-01-30 04:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-07-01 20:53 . 2012-01-29 01:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-29 01:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-30 04:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-20 07:27 . 2011-04-20 07:27 58880 c:\windows\system32\coinst.dll
+ 2011-04-20 07:21 . 2011-04-20 07:21 40960 c:\windows\system32\atiuxp64.dll
+ 2011-04-20 07:21 . 2011-04-20 07:21 38912 c:\windows\system32\atiu9p64.dll
+ 2009-06-22 21:34 . 2009-06-22 21:34 51200 c:\windows\system32\ATIODCLI.exe
- 2011-06-16 09:46 . 2009-02-04 00:52 51200 c:\windows\system32\ATIODCLI.exe
+ 2011-04-20 08:02 . 2011-04-20 08:02 16384 c:\windows\system32\atimuixx.dll
+ 2011-04-20 07:13 . 2011-04-20 07:13 53760 c:\windows\system32\atimpc64.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 12800 c:\windows\system32\atiglpxx.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 39936 c:\windows\system32\atig6txx.dll
+ 2011-04-20 07:22 . 2011-04-20 07:22 14848 c:\windows\system32\atig6pxx.dll
- 2011-06-16 09:46 . 2009-07-15 06:12 59392 c:\windows\system32\atiedu64.dll
+ 2011-04-20 08:02 . 2011-04-20 08:02 59392 c:\windows\system32\atiedu64.dll
+ 2011-04-20 07:46 . 2011-04-20 07:46 51200 c:\windows\system32\aticalrt64.dll
+ 2011-04-20 07:46 . 2011-04-20 07:46 44544 c:\windows\system32\aticalcl64.dll
+ 2011-04-20 07:13 . 2011-04-20 07:13 53760 c:\windows\system32\amdpcom64.dll
+ 2012-01-29 02:38 . 2012-01-30 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-29 21:05 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-01-29 14:33 . 2012-01-29 14:33 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-29 14:33 . 2012-01-29 14:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-01-29 14:33 . 2012-01-29 14:33 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2012-01-29 02:38 . 2012-01-30 02:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-29 02:38 . 2012-01-30 02:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-06-06 17:55 . 2011-06-06 17:55 64952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\armsvc.exe
+ 2011-03-17 23:51 . 2011-03-17 23:51 3929 c:\windows\SysWOW64\atipblag.dat
+ 2011-07-02 13:29 . 2012-01-30 04:02 6864 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2910048519-2990363648-2158176684-1001_UserData.bin
+ 2011-03-17 23:51 . 2011-03-17 23:51 3929 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipblag.dat
+ 2011-03-17 23:51 . 2011-03-17 23:51 3929 c:\windows\system32\atipblag.dat
+ 2012-01-30 04:19 . 2012-01-30 04:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-29 01:37 . 2012-01-29 01:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-30 04:19 . 2012-01-30 04:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-29 01:37 . 2012-01-29 01:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-29 01:25 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll
- 2010-11-21 03:23 . 2010-11-21 03:23 314880 c:\windows\SysWOW64\webio.dll
+ 2012-01-29 01:25 . 2011-11-17 05:34 224768 c:\windows\SysWOW64\schannel.dll
+ 2011-04-20 08:02 . 2011-04-20 08:02 278528 c:\windows\SysWOW64\Oemdspif.dll
+ 2009-07-14 04:54 . 2012-01-30 04:19 147456 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-06-16 09:46 . 2009-07-15 06:12 356352 c:\windows\SysWOW64\atipdlxx.dll
+ 2011-04-20 08:02 . 2011-04-20 08:02 356352 c:\windows\SysWOW64\atipdlxx.dll
+ 2011-04-20 08:09 . 2011-04-20 08:09 676864 c:\windows\SysWOW64\aticfx32.dll
+ 2011-04-20 07:23 . 2011-04-20 07:23 262144 c:\windows\SysWOW64\atiadlxy.dll
- 2012-01-22 03:13 . 2012-01-24 14:18 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-22 03:13 . 2012-01-29 20:58 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-01-29 01:25 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 395776 c:\windows\system32\webio.dll
+ 2011-07-02 01:07 . 2012-01-30 13:17 311862 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2010-11-21 03:24 . 2010-11-21 03:24 136192 c:\windows\system32\sspicli.dll
+ 2012-01-29 01:25 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll
+ 2012-01-29 01:25 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 340992 c:\windows\system32\schannel.dll
+ 2009-07-14 02:36 . 2012-01-30 04:23 660280 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-29 01:43 660280 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-29 01:43 121208 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-01-30 04:23 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2011-12-17 04:26 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-01-29 04:10 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-07-13 11:40 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-01-29 04:08 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-04-20 08:02 . 2011-04-20 08:02 278528 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\Oemdspif.dll
+ 2011-04-20 08:03 . 2011-04-20 08:03 120320 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atitmm64.dll
+ 2011-04-20 08:02 . 2011-04-20 08:02 356352 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipdlxx.dll
+ 2011-04-20 08:02 . 2011-04-20 08:02 423424 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atipdl64.dll
+ 2010-08-28 00:33 . 2010-08-28 00:33 332800 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIODE.exe
+ 2011-04-20 07:22 . 2011-04-20 07:22 306176 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atikmpag.sys
+ 2011-03-01 03:30 . 2011-03-01 03:30 233012 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiicdxx.dat
+ 2011-04-20 08:04 . 2011-04-20 08:04 203776 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiesrxx.exe
+ 2011-04-20 08:04 . 2011-04-20 08:04 480256 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atieclxx.exe
+ 2011-04-20 08:05 . 2011-04-20 08:05 462848 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\ATIDEMGX.dll
+ 2011-04-20 08:07 . 2011-04-20 08:07 795648 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticfx64.dll
+ 2011-04-20 08:09 . 2011-04-20 08:09 676864 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticfx32.dll
+ 2009-05-12 03:35 . 2009-05-12 03:35 118784 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atibtmon.exe
+ 2011-04-20 08:09 . 2011-04-20 08:09 151552 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiapfxx.exe
+ 2011-04-20 07:23 . 2011-04-20 07:23 262144 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiadlxy.dll
+ 2011-04-20 07:23 . 2011-04-20 07:23 366080 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiadlxx.dll
+ 2012-01-29 01:25 . 2011-11-17 06:49 152432 c:\windows\system32\drivers\ksecpkg.sys
+ 2012-01-29 01:25 . 2011-11-17 06:44 459232 c:\windows\system32\drivers\cng.sys
+ 2011-04-20 07:22 . 2011-04-20 07:22 306176 c:\windows\system32\drivers\atikmpag.sys
- 2011-06-16 09:46 . 2009-07-15 06:13 120320 c:\windows\system32\atitmm64.dll
+ 2011-04-20 08:03 . 2011-04-20 08:03 120320 c:\windows\system32\atitmm64.dll
+ 2011-06-16 09:46 . 2011-04-20 08:02 423424 c:\windows\system32\atipdl64.dll
+ 2010-08-28 00:33 . 2010-08-28 00:33 332800 c:\windows\system32\ATIODE.exe
+ 2011-03-01 03:30 . 2011-03-01 03:30 233012 c:\windows\system32\atiicdxx.dat
+ 2011-06-16 09:46 . 2011-04-20 08:04 203776 c:\windows\system32\atiesrxx.exe
+ 2011-06-16 09:46 . 2011-04-20 08:04 480256 c:\windows\system32\atieclxx.exe
+ 2011-06-16 09:46 . 2011-04-20 08:05 462848 c:\windows\system32\ATIDEMGX.dll
+ 2011-04-20 08:07 . 2011-04-20 08:07 795648 c:\windows\system32\aticfx64.dll
+ 2011-04-20 08:09 . 2011-04-20 08:09 151552 c:\windows\system32\atiapfxx.exe
+ 2011-06-16 09:46 . 2011-04-20 07:23 366080 c:\windows\system32\atiadlxx.dll
+ 2012-01-29 09:46 . 2012-01-29 09:45 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-01-30 04:19 425364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-21 22:27 425364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-29 09:44 . 2012-01-30 03:45 426132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-01-30 04:19 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-29 01:58 3997696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-30 04:19 5488640 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-20 07:30 . 2011-04-20 07:30 4056576 c:\windows\SysWOW64\atiumdva.dll
+ 2011-04-20 07:40 . 2011-04-20 07:40 1923584 c:\windows\SysWOW64\atiumdmv.dll
+ 2011-04-20 07:38 . 2011-04-20 07:38 4286464 c:\windows\SysWOW64\atiumdag.dll
+ 2011-04-20 07:59 . 2011-04-20 07:59 4161536 c:\windows\SysWOW64\atidxx32.dll
+ 2011-04-20 07:42 . 2011-04-20 07:42 6389760 c:\windows\SysWOW64\aticaldd.dll
+ 2012-01-29 01:25 . 2011-11-17 06:35 1447936 c:\windows\system32\lsasrv.dll
- 2010-11-21 03:24 . 2010-11-21 03:24 1447936 c:\windows\system32\lsasrv.dll
+ 2011-04-20 07:30 . 2011-04-20 07:30 4056576 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdva.dll
+ 2011-04-20 07:40 . 2011-04-20 07:40 1923584 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdmv.dll
+ 2011-04-20 07:38 . 2011-04-20 07:38 4286464 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumdag.dll
+ 2011-04-20 07:40 . 2011-04-20 07:40 1222656 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd6v.dll
+ 2011-04-20 07:40 . 2011-04-20 07:40 3868672 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd6a.dll
+ 2011-04-20 07:31 . 2011-04-20 07:31 5440000 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atiumd64.dll
+ 2011-04-20 08:44 . 2011-04-20 08:44 9319936 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atikmdag.sys
+ 2011-04-20 07:49 . 2011-04-20 07:49 4951552 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atidxx64.dll
+ 2011-04-20 07:59 . 2011-04-20 07:59 4161536 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atidxx32.dll
+ 2011-04-20 07:45 . 2011-04-20 07:45 7768064 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticaldd64.dll
+ 2011-04-20 07:42 . 2011-04-20 07:42 6389760 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\aticaldd.dll
- 2011-07-01 21:29 . 2012-01-29 01:47 1474832 c:\windows\system32\drivers\sfi.dat
+ 2011-07-01 21:29 . 2012-01-30 13:16 1474832 c:\windows\system32\drivers\sfi.dat
+ 2011-04-20 08:44 . 2011-04-20 08:44 9319936 c:\windows\system32\drivers\atikmdag.sys
+ 2011-04-20 07:40 . 2011-04-20 07:40 1222656 c:\windows\system32\atiumd6v.dll
+ 2011-04-20 07:40 . 2011-04-20 07:40 3868672 c:\windows\system32\atiumd6a.dll
+ 2011-04-20 07:31 . 2011-04-20 07:31 5440000 c:\windows\system32\atiumd64.dll
+ 2011-06-16 09:46 . 2011-04-20 07:49 4951552 c:\windows\system32\atidxx64.dll
+ 2011-04-20 07:45 . 2011-04-20 07:45 7768064 c:\windows\system32\aticaldd64.dll
+ 2009-07-14 04:45 . 2012-01-29 09:47 7187221 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-01-12 09:32 7187221 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-07-02 03:36 . 2012-01-30 04:19 5557312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2910048519-2990363648-2158176684-1001-12288.dat
+ 2012-01-30 00:50 . 2012-01-30 00:50 1402880 c:\windows\Installer\d591da.msi
+ 2012-01-29 04:04 . 2011-08-30 04:21 12872704 c:\windows\SysWOW64\shell32.dll
+ 2011-04-20 08:07 . 2011-04-20 08:07 17693184 c:\windows\SysWOW64\atioglxx.dll
+ 2009-07-14 02:34 . 2012-01-29 09:44 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-12-15 09:20 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-01-29 04:04 . 2011-08-30 05:25 14173184 c:\windows\system32\shell32.dll
+ 2011-04-20 08:07 . 2011-04-20 08:07 17693184 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atioglxx.dll
+ 2011-04-20 08:30 . 2011-04-20 08:30 22900736 c:\windows\system32\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atio6axx.dll
+ 2011-04-20 08:30 . 2011-04-20 08:30 22900736 c:\windows\system32\atio6axx.dll
+ 2012-01-03 17:58 . 2012-01-03 17:58 20320256 c:\windows\Installer\50dcb7.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-15 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-10 8321568]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-12-21 9454920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll c:\windows\System32\guard64.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{425A1757-F52B-4146-BBE3-1F21368FB0E0}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version7\tv_w32.exe
c:\program files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
.
**************************************************************************
.
Completion time: 2012-01-30 07:27:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 13:27
ComboFix2.txt 2012-01-04 02:32
.
Pre-Run: 938,455,097,344 bytes free
Post-Run: 938,423,898,112 bytes free
.
- - End Of File - - ABA5CC1CBC1566E38381BC9B83464634


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:37 AM, on 1/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{425A1757-F52B-4146-BBE3-1F21368FB0E0}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{425A1757-F52B-4146-BBE3-1F21368FB0E0}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CS2\Services\Tcpip\..\{425A1757-F52B-4146-BBE3-1F21368FB0E0}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll C:\Windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdagent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9643 bytes


The computer is a little faster but it appears the browser still isnt back to 100% normal not sure if i missed anything else.

Did you run tdsskiller? What browser are you using? Has Ccleaner been ran or a defrag been completed?

I noticed that IE 9 is installed. Sometimes IE 9 causes issues, may want to think about reverting back to IE 8.

I did run tddsskiller and it removed an infection and I then ran CCleaner and defrag it appears to be running better at this point and he is ok with it thank you for all of your help