seankga

Seems like everything is back to normal except my clock is on 24hr not am and pm. Thanks for all the help.

Here they are, thanks. DDS.txt: DDS (Ver_09-03-16.01) - NTFSx86 Run by skelley at 9:34:02.35 on 2009-03-18 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.532 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\DesktopAuthority\RaMaint.exe C:\Program Files\DesktopAuthority\DesktopAuthority.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\slagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxpers.exe C:\Program Files\DesktopAuthority\ragui.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Apoint\HidFind.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcrobatInfo.exe C:\Documents and Settings\skelley\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = file://rsbc1/intranet/index.htm BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File BHO: {C9C42510-9B21-41c1-9DCD-8382A2D07C61} - No File BHO: IE Developer Toolbar BHO: {cc7e636d-39aa-49b6-b511-65413da137a1} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll EB: IE Developer Toolbar: {a202b231-ef71-4a08-bdb9-4ce5ae8bde0a} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\skelley\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [bitTorrent DNA] "c:\program files\dna\btdna.exe" uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [Desktop Authority GUI] "c:\program files\desktopauthority\ragui.exe" mRun: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [WinVNC] "c:\program files\ultravnc\WinVNC.exe" -servicehelper mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [Realtime Monitor] c:\progra~1\ca\etrust~1\realmon.exe -s mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe mRun: [Apoint] c:\program files\apoint\Apoint.exe StartupFolder: c:\docume~1\skelley\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE uPolicies-explorer: DisablePersonalDirChange = 1 (0x1) IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - c:\program files\microsoft\internet explorer developer toolbar\IEDevToolbar.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.roswellstreet.com/XTSAC.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235193978000 DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://remote.roswellstreet.com/msrdp.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\pkmcdo.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\skelley\applic~1\mozilla\firefox\profiles\hwcek3z2.default\ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\skelley\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\adobe\reader\browser\nppdf32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-24 325128] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-24 27656] R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\desktopauthority\rainfo.sys [2008-6-4 6400] R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\desktopauthority\ramaint.exe [2008-6-4 49152] R2 DesktopAuthority;Desktop Authority Service;c:\program files\desktopauthority\DesktopAuthority.exe [2008-6-4 1081344] R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-6-4 2944] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-26 29744] S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-4 298264] =============== Created Last 30 ================ 2009-03-16 21:42 113,847 a----r-- c:\windows\system32\drivers\Apfiltr.sys 2009-03-16 21:42 95,511 a----r-- c:\windows\system32\Vxdif.dll 2009-03-16 21:42 <DIR> --d----- c:\program files\Apoint 2009-03-16 15:47 <DIR> --d----- c:\program files\Trend Micro 2009-03-16 09:49 161,792 a------- c:\windows\SWREG.exe 2009-03-16 09:49 98,816 a------- c:\windows\sed.exe 2009-03-16 09:47 <DIR> --d----- C:\123456789 2009-03-16 09:40 <DIR> --d----- C:\renoFix 2009-03-13 10:49 45,056 a------- c:\windows\system32\WNASPI32.DLL 2009-03-13 10:49 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS 2009-03-13 09:20 <DIR> --dshr-- C:\cmdcons 2009-03-13 09:20 <DIR> --d----- c:\windows\setup.pss 2009-03-13 09:20 <DIR> --d----- c:\windows\setupupd 2009-03-11 10:23 21,622 a------- c:\windows\system32\AAWService_2009_03_11_10_23_58.dmp 2009-03-11 00:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-03-11 00:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-03-10 23:39 <DIR> --d----- c:\program files\Lavasoft 2009-03-10 22:52 <DIR> --d----- C:\31.6.6389 2009-03-10 15:05 1,152 a------- c:\windows\system32\windrv.sys 2009-03-09 21:46 <DIR> --d----- c:\program files\Enigma Software Group 2009-03-05 17:53 <DIR> --d----- c:\program files\DNA 2009-03-05 17:53 <DIR> --d----- c:\docume~1\skelley\applic~1\DNA 2009-03-04 09:37 <DIR> --d----- c:\docume~1\skelley\applic~1\Malwarebytes 2009-03-04 09:37 15,504 a------- c:\windows\system32\drivers\mbam.sys 2009-03-04 09:37 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-04 09:37 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2009-03-04 09:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2009-02-21 03:44 <DIR> --d----- C:\0bdcdda7fbb2ea5367e69b75 2009-02-21 03:30 63,488 -c------ c:\windows\system32\dllcache\icardie.dll 2009-02-21 03:04 333,952 -c------ c:\windows\system32\dllcache\srv.sys 2009-02-21 03:02 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-02-21 03:01 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll 2009-02-21 03:01 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2009-02-21 03:01 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-21 03:01 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-21 03:00 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys 2009-02-21 03:00 331,776 -c------ c:\windows\system32\dllcache\msadce.dll 2009-02-21 02:59 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll 2009-02-21 02:57 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-02-21 02:57 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys 2009-02-21 02:40 221,184 a------- c:\windows\system32\wmpns.dll 2009-02-21 02:26 <DIR> --d----- c:\windows\system32\scripting 2009-02-21 02:26 <DIR> --d----- c:\windows\l2schemas 2009-02-21 02:26 <DIR> --d----- c:\windows\system32\en 2009-02-21 02:26 <DIR> --d----- c:\windows\system32\bits 2009-02-21 02:19 <DIR> --d----- c:\windows\ServicePackFiles 2009-02-21 02:15 <DIR> --d----- c:\windows\network diagnostic 2009-02-21 01:49 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys 2009-02-21 01:27 31,768 a------- c:\windows\system32\wucltui.dll.mui 2009-02-21 01:27 18,456 a------- c:\windows\system32\wuaueng.dll.mui 2009-02-21 01:27 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-02-21 01:27 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui 2009-02-21 01:27 23,576 a------- c:\windows\system32\wuapi.dll.mui 2009-02-21 01:20 <DIR> --d----- C:\4604f652beba65845e8ead18d6e313 2009-02-17 16:45 <DIR> --d----- c:\program files\MSECache ==================== Find3M ==================== 2009-02-21 02:31 88,579 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-02-04 09:55 325,128 a------- c:\windows\system32\drivers\avgldx86.sys 2009-02-04 09:55 10,520 a------- c:\windows\system32\avgrsstx.dll 2008-12-27 04:03 89,480 a------- c:\docume~1\skelley\applic~1\GDIPFONTCACHEV1.DAT 2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll ============= FINISH: 9:34:38.94 =============== Attach.txt Attach.txt

OK, I still could not run Mbam at first, but was able to rename combofix and it worked. It deleted a bunch of files. After it was done I was able to run mbam. Here is the Mbam log: Malwarebytes' Anti-Malware 1.34 Database version: 1854 Windows 5.1.2600 Service Pack 3 2009-03-16 11:14:18 mbam-log-2009-03-16 (11-14-18).txt Scan type: Full Scan (C:\|) Objects scanned: 202367 Time elapsed: 50 minute(s), 11 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\WINDOWS\system32\UACivxepatn.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClutosupq.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrtqsqmtw.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwefqrssj.dll.vir (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\UACwoekwqqp.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully. I ran Mbam again after it found those infections and the second time it found nothing. The combo fix log info is below. Hopefully I am all done. ComboFix 09-03-15.01 - skelley 2009-03-16 10:01:35.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.622 [GMT -4:00] Running from: c:\documents and settings\skelley\Desktop\stupid.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\skelley\Application Data\Google\mcscrlp32.dll c:\windows\f49f4daa.dat c:\windows\system32\drivers\UACfuxdqbrp.sys c:\windows\system32\lowsec c:\windows\system32\lowsec\local.ds c:\windows\system32\lowsec\user.ds c:\windows\system32\lowsec\user.ds.lll c:\windows\system32\sdra64.exe c:\windows\system32\uacinit.dll c:\windows\system32\UACivxepatn.dll c:\windows\system32\UACltoarlar.log c:\windows\system32\UAClutosupq.dll c:\windows\system32\UACrtqsqmtw.dll c:\windows\system32\UACsjenxdap.log c:\windows\system32\UACtmiawgfm.log c:\windows\system32\UACwefqrssj.dll c:\windows\system32\UACwoekwqqp.dll c:\windows\system32\UACwxjoepap.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-02-16 to 2009-03-16 ))))))))))))))))))))))))))))))) . 2009-03-16 09:47 . 2009-03-16 09:47 <DIR> d-------- C:\123456789 2009-03-16 09:40 . 2009-03-16 09:44 <DIR> d-------- C:\renoFix 2009-03-16 09:25 . 2009-03-16 09:25 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\HotSync 2009-03-16 09:24 . 2008-06-04 23:47 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\Intel 2009-03-16 09:24 . 2009-03-16 09:25 <DIR> d-------- c:\documents and settings\administrator.DOMAIN\Application Data\AVGTOOLBAR 2009-03-16 09:24 . 2009-03-16 09:24 <DIR> d-------- c:\documents and settings\administrator.DOMAIN 2009-03-13 10:49 . 2005-11-21 01:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL 2009-03-13 10:49 . 2005-11-21 01:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS 2009-03-11 10:23 . 2009-03-11 10:23 21,622 --a------ c:\windows\system32\AAWService_2009_03_11_10_23_58.dmp 2009-03-11 00:46 . 2009-03-11 16:40 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-03-11 00:46 . 2009-03-11 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-10 23:39 . 2009-03-11 15:03 <DIR> d-------- c:\program files\Lavasoft 2009-03-10 23:39 . 2009-03-11 15:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-03-10 22:52 . 2009-03-10 22:52 <DIR> d-------- C:\31.6.6389 2009-03-10 15:05 . 2009-03-10 15:05 1,152 --a------ c:\windows\system32\windrv.sys 2009-03-10 15:01 . 2009-03-10 15:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\PKWARE 2009-03-10 00:02 . 2008-06-04 23:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intel 2009-03-10 00:02 . 2009-03-10 00:02 <DIR> d-------- c:\documents and settings\Administrator 2009-03-09 21:46 . 2009-03-11 14:57 <DIR> d-------- c:\program files\Enigma Software Group 2009-03-05 17:53 . 2009-03-16 10:12 <DIR> d-------- c:\program files\DNA 2009-03-05 17:53 . 2009-03-16 10:12 <DIR> d-------- c:\documents and settings\skelley\Application Data\DNA 2009-03-04 09:37 . 2009-03-16 09:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-04 09:37 . 2009-03-04 09:37 <DIR> d-------- c:\documents and settings\skelley\Application Data\Malwarebytes 2009-03-04 09:37 . 2009-03-04 09:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-04 09:37 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-04 09:37 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-02 17:29 . 2009-03-02 17:29 <DIR> d-------- c:\program files\Opera 2009-02-21 03:44 . 2009-02-21 03:45 <DIR> d-------- C:\0bdcdda7fbb2ea5367e69b75 2009-02-21 03:30 . 2008-12-20 19:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-02-21 03:04 . 2008-12-11 06:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-02-21 03:02 . 2008-10-24 07:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-02-21 03:01 . 2008-08-14 06:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-02-21 03:01 . 2008-08-14 05:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-02-21 03:01 . 2008-09-04 13:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-02-21 03:01 . 2008-10-15 12:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-02-21 03:00 . 2008-09-15 08:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys 2009-02-21 03:00 . 2008-05-01 10:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-02-21 02:59 . 2008-04-11 15:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-02-21 02:57 . 2008-06-13 07:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-02-21 02:57 . 2008-05-08 10:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-02-21 02:40 . 2004-08-04 06:00 221,184 --a------ c:\windows\system32\wmpns.dll 2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\scripting 2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\en 2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\system32\bits 2009-02-21 02:26 . 2009-02-21 02:26 <DIR> d-------- c:\windows\l2schemas 2009-02-21 02:19 . 2009-02-21 02:19 <DIR> d-------- c:\windows\ServicePackFiles 2009-02-21 01:49 . 2004-08-03 23:29 701,440 --------- c:\windows\system32\drivers\ati2mtag.sys 2009-02-21 01:27 . 2008-10-16 15:09 43,544 --a------ c:\windows\system32\wups2.dll 2009-02-21 01:27 . 2008-10-16 15:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2009-02-21 01:27 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2009-02-21 01:27 . 2008-10-16 15:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-02-21 01:27 . 2008-10-16 15:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2009-02-21 01:20 . 2009-02-21 02:38 <DIR> d-------- C:\4604f652beba65845e8ead18d6e313 2009-02-17 16:45 . 2009-02-17 16:45 <DIR> d-------- c:\program files\MSECache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-16 13:59 --------- d-----w c:\program files\DesktopAuthority 2009-03-11 19:13 --------- d-----w c:\program files\Google 2009-03-10 07:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-03-01 20:37 --------- d-----w c:\documents and settings\skelley\Application Data\Nvu 2009-02-25 20:01 --------- d-----w c:\program files\Paint.NET 2009-02-06 21:18 --------- d-----w c:\documents and settings\skelley\Application Data\FileZilla 2009-02-06 06:49 --------- d-----w c:\program files\FileZilla 2009-02-04 17:26 --------- d-----w c:\program files\IrfanView 2009-02-04 13:55 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-03 19:42 --------- d-----w c:\documents and settings\skelley\Application Data\VSRevoGroup 2009-01-30 16:52 --------- d-----w c:\documents and settings\skelley\Application Data\OpenOffice.org 2009-01-30 16:46 --------- d-----w c:\program files\OpenOffice.org 3 2009-01-30 16:46 --------- d-----w c:\program files\JRE 2009-01-30 16:42 --------- d-----w c:\program files\OpenOffice.org 2.4 2009-01-30 16:16 --------- d-----w c:\documents and settings\skelley\Application Data\CoreFTP 2009-01-30 16:16 --------- d-----w c:\documents and settings\All Users\Application Data\TEMP 2009-01-30 16:12 --------- d-----w c:\program files\FileZilla FTP Client 2009-01-30 15:13 --------- d-----w c:\documents and settings\skelley\Application Data\OpenOffice.org2 2009-01-29 22:19 --------- d-----w c:\program files\MSBuild 2009-01-29 22:14 --------- d-----w c:\program files\Reference Assemblies 2009-01-29 19:32 --------- d-----w c:\program files\PhotoScape 2009-01-29 19:29 --------- d-----w c:\documents and settings\skelley\Application Data\gtk-2.0 2009-01-29 19:04 --------- d-----w c:\program files\GIMP-2.0 2009-01-23 20:49 --------- d-----w c:\documents and settings\skelley\Application Data\SecondLife 2009-01-23 16:13 --------- d-----w c:\program files\Support Tools 2009-01-23 16:13 --------- d-----w c:\program files\Nvu 2009-01-23 16:06 --------- d-----w c:\program files\VS Revo Group 2009-01-21 16:26 --------- d-----w c:\documents and settings\skelley\Application Data\ACSTechnologies 2008-12-27 08:03 89,480 ----a-w c:\documents and settings\skelley\Application Data\GDIPFONTCACHEV1.DAT 2008-06-26 18:58 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Google Update"="c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-04 133104] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-05 321344] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-07-14 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-07-14 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-07-14 118784] "Desktop Authority GUI"="c:\program files\DesktopAuthority\ragui.exe" [2005-03-24 409600] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-13 143360] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320] "WinVNC"="c:\program files\UltraVNC\WinVNC.exe" [2004-02-15 622661] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-04 1601304] "Realtime Monitor"="c:\progra~1\CA\ETRUST~1\realmon.exe" [2004-04-06 504080] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "PKWARE Certificate Proxy Client"="c:\progra~1\PKWARE\PKZIPW\pkpcsr.exe" [2008-08-04 238928] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 c:\windows\stsystra.exe] c:\documents and settings\skelley\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-06-09 471040] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-04 09:55 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3IV2"= 3ivxVfWCodec_dec.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Macromedia\\Contribute 3\\Contribute.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\drivers\\svchost.exe"= "c:\\Program Files\\DNA\\btdna.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2000:TCP"= 2000:TCP:DA Remote Management R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-08-24 325128] R2 DAInfo;Desktop Authority Kernel Information Provider;c:\program files\DesktopAuthority\rainfo.sys [2008-06-04 6400] R2 DAMaint;Desktop Authority Maintenance Service;c:\program files\DesktopAuthority\ramaint.exe [2008-06-04 49152] R2 DesktopAuthority;Desktop Authority Service;c:\program files\DesktopAuthority\DesktopAuthority.exe [2008-06-04 1081344] R3 DAmirr;DAmirr;c:\windows\system32\drivers\DAmirr.sys [2008-06-04 2944] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-26 29744] S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-04 298264] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1576e50c-3ba6-11dd-b848-0015c559bbd9}] \Shell\AutoRun\command - f:\system\viewer\FlipVideoforPC.exe \Shell\Flip Video for PC\command - f:\system\viewer\FlipVideoforPC.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d60d8d77-c668-11dd-b95a-0015c559bbd9}] \Shell\AutoRun\command - E:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder 2009-03-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [] 2009-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1580436667-1202660629-1282.job - c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 08:56] . - - - - ORPHANS REMOVED - - - - BHO-{C9C42510-9B21-41c1-9DCD-8382A2D07C61} - (no file) HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe . ------- Supplementary Scan ------- . uStart Page = file://rsbc1/intranet/index.htm IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\skelley\Application Data\Mozilla\Firefox\Profiles\hwcek3z2.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - plugin: c:\documents and settings\skelley\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\Adobe\Reader\browser\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-16 10:13:28 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Intel\Wireless\Bin\WLKEEPER.exe c:\windows\system32\WLTRYSVC.EXE c:\windows\system32\BCMWLTRY.EXE c:\windows\system32\scardsvr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\windows\system32\SLAgent.exe . ************************************************************************** . Completion time: 2009-03-16 10:16:43 - machine was rebooted [skelley] ComboFix-quarantined-files.txt 2009-03-16 14:16:40 Pre-Run: 32,336,429,056 bytes free Post-Run: 32,718,430,208 bytes free 244

While I am waiting on the next response I wanted to try installing other programs. I had no issue installing a DVD Ripper program and MWSnap, a screenshot program. There is something in here keeping it from installing helpful programs. I have personally never seen anything like this.

OK, I followed those instructions and was able to get the Recovery Console installed. I got ComboFix downloaded fine, but it will not run. I am not clicking anything to see if it runs while I am reporting this. Thanks

OK I have been fighting this thing for a couple days now trying to get something working with almost no success. I am running WinXP, CA Etrust Antivirus and for extra protection I have AVG free version. I had Malwarebytes installed but would not run until this morning. My computer got a Trojan horse Pakes.CKF and the Spyware Protect 2009. At first it was just annoying with the on top pop ups Spyware Protect 2009, and also one for Google INstaller that is still poping up. I also cannot boot into Windows every time. Sometimes as soon as I hit OK after entering my password it just stays on the blue screen, other times I see my desktop wallpaper and that is all. When that happens I can run things from Taskmanager. I scanned with both virus scanners, Etrust apparently was not up to date because it did not find anything. AVG found the Trojan but would not clean it. Later on Etrust found and cleaned it once I got it updated. The popups are gone and I am getting a clean scan. However, I cannot install or run any spyware removal tools. I cannot even go to their websites. I have been able to download them through Download.com, but when trying to go to the websites I get a blank page. I can go to other webpages unless they involve spyware removal. I already had Malwarebytes installed, but it would not run. ONe note here is that when I try and run it the process shows up in Task Manager. Through Download.com I have redownloaded the Malwarebytes install and it will not do anything. Spybot installed, but will not run. Adaware installed but would not run. This morning I removed Malwarebytes to reinstall because now I can boot into Windows almost every time, so its looking better but Malwarebytes would not install. I also tried Hijackthis with the same results, download from Download.com and try to install with no results. I tried this yesterday and it worked, but today it will not. CMD /C SC QUERY >C:\MYSERVICES.TXT | NOTEPAD C:\MYSERVICES.TXT I will post the results from yesterday below. I have disabled both virus scans by following these instructions "Click on START - RUN and type in SERVICES.MSC and click OK Then scroll down through the entire list and look for ALL services with the word Etrust and AVG in the list. Write down on a piece of paper their current STARTUP TYPE setting. ie. AUTO, MANUAL, DISABLED Then set all of those with the word McAfee in them to DISABLED and reboot your computer and attempt to install MBAM again."I did the things here http://www.malwarebytes.org/forums/index.php?showtopic=2936 Logs from yesterday - not sure why when I run this today it just brings up a blank txt document. SERVICE_NAME: ALGDISPLAY_NAME: Application Layer Gateway Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: Apple Mobile DeviceDISPLAY_NAME: Apple Mobile Device TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: AudioSrvDISPLAY_NAME: Windows Audio TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: avg8wdDISPLAY_NAME: AVG Free8 WatchDog TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: BrowserDISPLAY_NAME: Computer Browser TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: CryptSvcDISPLAY_NAME: Cryptographic Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: DAMaintDISPLAY_NAME: Desktop Authority Maintenance Service TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: DcomLaunchDISPLAY_NAME: DCOM Server Process Launcher TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: DesktopAuthorityDISPLAY_NAME: Desktop Authority Service TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: DhcpDISPLAY_NAME: DHCP Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: DnscacheDISPLAY_NAME: DNS Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: ERSvcDISPLAY_NAME: Error Reporting Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: EventlogDISPLAY_NAME: Event Log TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: EventSystemDISPLAY_NAME: COM+ Event System TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: EvtEngDISPLAY_NAME: Intel® PROSet/Wireless Event Log TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: helpsvcDISPLAY_NAME: Help and Support TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: HidServDISPLAY_NAME: HID Input Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: InoRPCDISPLAY_NAME: eTrust Antivirus RPC Server TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: InoRTDISPLAY_NAME: eTrust Antivirus Realtime Server TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: InoTaskDISPLAY_NAME: eTrust Antivirus Job Server TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: JavaQuickStarterServiceDISPLAY_NAME: Java Quick Starter TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: lanmanserverDISPLAY_NAME: Server TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: lanmanworkstationDISPLAY_NAME: Workstation TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: LmHostsDISPLAY_NAME: TCP/IP NetBIOS Helper TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: MessengerDISPLAY_NAME: Messenger TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: NetlogonDISPLAY_NAME: Net Logon TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: NetmanDISPLAY_NAME: Network Connections TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: NlaDISPLAY_NAME: Network Location Awareness (NLA) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: PlugPlayDISPLAY_NAME: Plug and Play TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: PolicyAgentDISPLAY_NAME: IPSEC Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: ProtectedStorageDISPLAY_NAME: Protected Storage TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: RasManDISPLAY_NAME: Remote Access Connection Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: RegSrvcDISPLAY_NAME: Intel® PROSet/Wireless Registry Service TYPE : 10 WIN32_OWN_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: RemoteRegistryDISPLAY_NAME: Remote Registry TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: RpcSsDISPLAY_NAME: Remote Procedure Call (RPC) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: S24EventMonitorDISPLAY_NAME: Intel® PROSet/Wireless Service TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: SamSsDISPLAY_NAME: Security Accounts Manager TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: SCardSvrDISPLAY_NAME: Smart Card TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: ScheduleDISPLAY_NAME: Task Scheduler TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: seclogonDISPLAY_NAME: Secondary Logon TYPE : 120 WIN32_SHARE_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: SENSDISPLAY_NAME: System Event Notification TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: SharedAccessDISPLAY_NAME: Windows Firewall/Internet Connection Sharing (ICS) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: ShellHWDetectionDISPLAY_NAME: Shell Hardware Detection TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: SpoolerDISPLAY_NAME: Print Spooler TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: srserviceDISPLAY_NAME: System Restore Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: SSDPSRVDISPLAY_NAME: SSDP Discovery Service TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: stisvcDISPLAY_NAME: Windows Image Acquisition (WIA) TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: TapiSrvDISPLAY_NAME: Telephony TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: TermServiceDISPLAY_NAME: Terminal Services TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: ThemesDISPLAY_NAME: Themes TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: TrkWksDISPLAY_NAME: Distributed Link Tracking Client TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: W32TimeDISPLAY_NAME: Windows Time TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: WebClientDISPLAY_NAME: WebClient TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: winmgmtDISPLAY_NAME: Windows Management Instrumentation TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: WLANKEEPERDISPLAY_NAME: Intel® PROSet/Wireless SSO Service TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: wltrysvcDISPLAY_NAME: Dell Wireless WLAN Tray Service TYPE : 110 WIN32_OWN_PROCESS (interactive) STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: wuauservDISPLAY_NAME: Automatic Updates TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0SERVICE_NAME: WudfSvcDISPLAY_NAME: Windows Driver Foundation - User-mode Driver Framework TYPE : 20 WIN32_SHARE_PROCESS STATE : 4 RUNNING (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 Thanks