Windows won't log on! - Can't use HJT!

K

KopaKura

New member
I'm running a MSI laptop on Windows vista, and whenever I try to log on, it doesn't load passed the 'welcome' screen, although it hasn't frozen as the little round disc is still rotating.

I can get on to safe mode, hence how I'm posting this now, but it has completely blocked any anti-virus software, I have Avast, Spybot and Malwarebytes and none of them will load, neither will Hijackthis.

I get this error when I try to open them:

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

I've tried running system restore but it just doesn't seem to work, I'm not sure why as there's no error message, it goes to restart the machine, says the 'please wait' message for about a second, shuts down and then everything is exactly the same when it starts back up again.

Is there anything I can do?
----------------------------

http://forums.spybot.info/showthread.php?t=51150

----------------------------
Update:

I managed to install and run AVG and it deleted a file that would have lead to the Total Security virus. I then restarted the laptop but it still wouldn't load passed the welcome screen.

This morning, however, I tried logging on again, and it moved passed the welcome screen to a black screen with the mouse, able to move fine, on it. I tried using ctrl-alt-del, but after a while of loading, it comes up with an error saying something like: Logon failed to create security options dialogue.
 
Last edited by a moderator:
Hi,

Are you still able to logon in safe mode? If so, you would need to get following thing done there:

Please save this file to your desktop (you need to download using other system assuming infected one can't access net). Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
 
Okay, new update, I tried to log on this morning and it worked fine, there didn't seem to be too many problems. The main problems I found were MSN signing me in then straight out, Firefox running extremely slow and crashing constantly, the permissions still not letting me open HJT and other security programs, and AVG constantly coming up with the alert that I had the Win32/Rustock.Q virus, although I suspect there may be more than just that one.

I ran Win32kDiag in safemode like you said and here's my log:

Log file is located at: C:\Users\Kopa\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2869.tmp\ZAP2869.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC043.tmp\ZAPC043.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD50B.tmp\ZAPD50B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\652263DD2A7A4254497512D3CDA2CFA2\7.0.0\7.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Options\CABS\CABS

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Options\Install\Install

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Prefetch\ReadyBoot\ReadyBoot

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\DivX\DivX Codec\DivX Codec

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22509_none_4292f60bda5279f0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18101_none_43e7c8d8be626492

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22213_none_4468964bd78652fb

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Branding\en-US\en-US

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\catroot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\cngaudit.dll

[1] 2006-11-02 10:46:03 61952 C:\Windows\System32\cngaudit.dll ()

[2] 2006-11-02 10:46:03 11776 C:\Windows\System32\logevent.dll (Microsoft Corporation)

[1] 2006-11-02 10:46:03 11776 C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll (Microsoft Corporation)



Found mount point : C:\Windows\System32\com\dmp\dmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\Journal\Journal

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Silverlight\Silverlight

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\11

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\14

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\15

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\16

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\20

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\24

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\26

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\28

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\31

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\32

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\33

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\37

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\38

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\39

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\42

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\44

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\45

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\48

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\50

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\54

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\59

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\61

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\62

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\7.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\7.0\Preferences\Preferences

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Flash Player\AssetCache\GSG9JUGJ\GSG9JUGJ

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\AddIns\AddIns

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Word\STARTUP\STARTUP

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\DriverStore\FileRepository\hpodcsla.inf_12338213\I386\I386

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\GroupPolicy\User\User

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\GroupPolicyUsers\GroupPolicyUsers

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\LogFiles\Firewall\Firewall

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-11 10:35:44 216 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-11 10:38:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-09-11 10:38:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-11 10:38:00 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\mrt.exe

[1] 2008-01-05 12:37:43 52696 C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)

[1] 2009-08-28 14:38:22 24689600 C:\Windows\System32\mrt.exe ()

[1] 2006-09-18 22:42:35 6757792 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6000.16386_none_d159daa5e080a3a1\mrt.exe (Microsoft Corporation)

[1] 2008-01-05 12:37:43 52696 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)



Found mount point : C:\Windows\System32\MUI\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\setup\en-US\en-US

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\SMI\Manifests\Manifests

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\drivers\IA64\IA64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\drivers\x64\x64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\spool\SERVERS\SERVERS

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\wbem\MOF\bad\bad

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\wbem\MOF\good\good

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\WerFault.exe

[1] 2008-01-19 08:33:35 217088 C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\System32\WerFault.exe ()

[1] 2006-11-02 10:45:54 216064 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe ()

[1] 2008-01-19 08:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe ()

[1] 2008-09-20 05:00:16 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe (Microsoft Corporation)



Found mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\AskBarDis\bar\Settings\Settings

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SUKDB94.tmp\SUKDB94.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\SxsTemp\SxsTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\VBE\VBE

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\_isTmp_{8675309}\_isTmp_{8675309}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\~msdt\tools\tools

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\~nsu.tmp\~nsu.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\Temp\PendingDeletes\PendingDeletes

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe

[1] 2008-01-19 08:33:35 217088 C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\System32\WerFault.exe ()

[1] 2006-11-02 10:45:54 216064 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe ()

[1] 2008-01-19 08:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe ()

[1] 2008-09-20 05:00:16 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe (Microsoft Corporation)



Cannot access: C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe

[1] 2008-01-19 08:33:35 217088 C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\System32\WerFault.exe ()

[1] 2006-11-02 10:45:54 216064 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe ()

[1] 2008-01-19 08:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe ()

[1] 2008-09-20 05:00:16 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe (Microsoft Corporation)





Finished!
 
Hi,

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Download Combofix*from any of the links below. You must*rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

CF_download_FF.gif



CF_download_rename.gif

--------------------------------------------------------------------

Double click on Combo-Fix.exe*& follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

If you have problems with Combofix usage, see here
 
Combofix won't complete it's scan. Its quit several times before it's completed it's scan and I have no log file. What should I do?
 
Open notepad and then copy and paste the bolded line below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
copy C:\Windows\System32\logevent.dll c:\ >>c:\logit.txt

Double-click on fixes.bat file to execute it.



  • Download The Avenger by Swandog46 from here.
  • Unzip/extract it to a folder on your desktop.
  • Double click on avenger.exe to run The Avenger.
  • Click OK.
  • Make sure that the box next to Scan for rootkits has a tick in it and that the box next to Automatically disable any rootkits found does not have a tick in it.
  • Copy all of the text in the below textbox to the clibpboard by highlighting it and then pressing Ctrl+C.
    Code: 
    Files to move:
c:\logevent.dll|C:\Windows\System32\cngaudit.dll
  • In the avenger window, click the Paste Script from Clipboard,
    pastets4.png
    button.
  • Click the Execute button.
  • You will be asked Are you sure you want to execute the current script?.
  • Click Yes.
  • You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
  • Click Yes.
  • Your PC will now be rebooted.
  • Note: If the above script contains Drivers to delete: or Drivers to disable:, then The Avenger will require two reboots to complete its operation.
  • If that is the case, it will force a BSOD on the first reboot. This is normal & expected behaviour.
  • After your PC has completed the necessary reboots, a log should automatically open. If it does not automatically open, then the log can be found at %systemdrive%\avenger.txt (typically C:\avenger.txt).
  • Please post this log in your next reply.
 
Is this the right one?

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "c:\logevent.dll|C:\Windows\System32\cngaudit.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.
 
Yes, that's correct :)

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Attach the file to your reply (if log is long then better attach the file itself).
"%userprofile%\desktop\win32kdiag.exe" -f -r
 
I tried to run the win32kdiag over night but when I woke up my laptop had restarted, I don't know how long the program went on for, but I know it didn't complete, and it was on for a good five or more hours. Here's the log I have anyway:

Log file is located at: C:\Users\Kopa\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9: 3
Found mount point : C:\Windows\System32\0409\0409

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\Branding\en-US\en-US

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\DriverStore\FileRepository\hpodcsla.inf_12338213\I386\I386

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-11 23:53:37 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-11 23:53:23 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-09-11 23:53:31 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-11 23:53:31 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-09-11 23:54:38 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()
 
Hi,

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@echo off
dir /a/s C:\WINDOWS\scecli.dll C:\WINDOWS\netlogon.dll C:\WINDOWS\eventlog.dll C:\Windows\cngaudit.dll >c:\LogIt.txt
start c:\LogIt.txt

Double-click on fixes.bat file to execute it. LogIt.txt file should open up. Copy-paste contents to your reply.
 
Volume in drive C is OS_Install
Volume Serial Number is 66AA-66B5

Directory of C:\WINDOWS\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

19/01/2008 08:36 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

19/01/2008 08:35 592,384 netlogon.dll
1 File(s) 592,384 bytes

Directory of C:\WINDOWS\System32

19/01/2008 08:36 177,152 scecli.dll

Directory of C:\WINDOWS\System32

19/01/2008 08:35 592,384 netlogon.dll

Directory of C:\WINDOWS\System32

02/11/2006 10:46 11,776 cngaudit.dll
3 File(s) 781,312 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

02/11/2006 10:46 11,776 cngaudit.dll
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e

02/11/2006 10:46 176,640 scecli.dll
1 File(s) 176,640 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

19/01/2008 08:36 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783

02/11/2006 10:46 559,616 netlogon.dll
1 File(s) 559,616 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

19/01/2008 08:35 592,384 netlogon.dll
1 File(s) 592,384 bytes

Total Files Listed:
10 File(s) 3,068,416 bytes
0 Dir(s) 17,668,657,152 bytes free
 
Hi,

Please do this again:
Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the Open box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Attach it to your reply.
"%userprofile%\desktop\win32kdiag.exe" -f -r
 
Log file is located at: C:\Users\Kopa\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\AppPatch\Custom\Custom

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\ehome\CreateDisc\style\style

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Globalization\Globalization

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Microsoft.NET\authman\authman

Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16917_none_8017d2ec639e89ee: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21117_none_80a147d97cbc5cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18320_none_81ec3fa060d3856f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22509_none_829480c379d8ce8d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18101_none_83e953905de8b92f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22213_none_846a2103770ca798: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16917_none_478cf445c1264c69: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21117_none_48166932da441f75: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18320_none_496160f9be5b47ea: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22509_none_4a09a21cd7609108: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18101_none_4b5e74e9bb707baa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22213_none_4bdf425cd4946a13: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16917_none_0a38314ff5279fa3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21117_none_0ac1a63d0e4572af: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22509_none_0cb4df270b61e442: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22213_none_0e8a7f670895bd4d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16917_none_0a393199f526b8fa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21117_none_0ac2a6870e448c06: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18320_none_0c0d9e4df25bb47b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22509_none_0cb5df710b60fd99: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18101_none_0e0ab23def70e83b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22213_none_0e8b7fb10894d6a4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16917_none_0a3a31e3f525d251: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21117_none_0ac3a6d10e43a55d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18320_none_0c0e9e97f25acdd2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22509_none_0cb6dfbb0b6016f0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18101_none_0e0bb287ef700192: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22213_none_0e8c7ffb0893effb: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16917_none_0a3b322df524eba8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21117_none_0ac4a71b0e42beb4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18320_none_0c0f9ee1f259e729: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22509_none_0cb7e0050b5f3047: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18101_none_0e0cb2d1ef6f1ae9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22213_none_0e8d804508930952: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16917_none_0a3c3277f52404ff: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21117_none_0ac5a7650e41d80b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18320_none_0c109f2bf2590080: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22509_none_0cb8e04f0b5e499e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18101_none_0e0db31bef6e3440: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d7480a065993d63dcab7527fa2107fee\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22213_none_0e8e808f089222a9: 3
Found mount point : C:\Windows\System32\0409\0409

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\0409\0409

Found mount point : C:\Windows\System32\Branding\en-US\en-US

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Branding\en-US\en-US

Found mount point : C:\Windows\System32\DriverStore\FileRepository\hpodcsla.inf_12338213\I386\I386

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\DriverStore\FileRepository\hpodcsla.inf_12338213\I386\I386

Found mount point : C:\Windows\System32\inetsrv\inetsrv

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\inetsrv\inetsrv

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-09-13 11:15:49 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-09-13 11:15:43 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-09-13 11:15:43 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-09-13 11:15:43 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-09-13 11:16:50 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Cannot access: C:\Windows\System32\mrt.exe

Attempting to restore permissions of : C:\Windows\System32\mrt.exe

[1] 2008-01-05 12:37:43 52696 C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)

[1] 2009-08-28 14:38:22 24689600 C:\Windows\System32\mrt.exe (Microsoft Corporation)

[1] 2006-09-18 22:42:35 6757792 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6000.16386_none_d159daa5e080a3a1\mrt.exe (Microsoft Corporation)

[1] 2008-01-05 12:37:43 52696 C:\Windows\winsxs\x86_microsoft-windows-malwareremovaltool_31bf3856ad364e35_6.0.6001.18000_none_d3909ca1dd6bb475\mrt.exe (Microsoft Corporation)



Found mount point : C:\Windows\System32\MUI\dispspec\dispspec

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\MUI\dispspec\dispspec

Found mount point : C:\Windows\System32\setup\en-US\en-US

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\setup\en-US\en-US

Found mount point : C:\Windows\System32\SMI\Manifests\Manifests

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\SMI\Manifests\Manifests

Found mount point : C:\Windows\System32\spool\drivers\IA64\IA64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\spool\drivers\IA64\IA64

Found mount point : C:\Windows\System32\spool\drivers\x64\x64

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\spool\drivers\x64\x64

Found mount point : C:\Windows\System32\spool\PRINTERS\PRINTERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\spool\PRINTERS\PRINTERS

Found mount point : C:\Windows\System32\spool\SERVERS\SERVERS

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\spool\SERVERS\SERVERS

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System\System

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter\SyncCenter

Found mount point : C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\Tasks\Microsoft\Windows\WindowsCalendar\WindowsCalendar

Found mount point : C:\Windows\System32\wbem\MOF\bad\bad

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\wbem\MOF\bad\bad

Found mount point : C:\Windows\System32\wbem\MOF\good\good

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\wbem\MOF\good\good

Found mount point : C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}

Found mount point : C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}

Cannot access: C:\Windows\System32\WerFault.exe

Attempting to restore permissions of : C:\Windows\System32\WerFault.exe

[1] 2008-01-19 08:33:35 217088 C:\Windows\SoftwareDistribution\Download\b1d48c0a5500e900499764daaa6a0385\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\System32\WerFault.exe (Microsoft Corporation)

[1] 2006-11-02 10:45:54 216064 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6000.16386_none_6dd05aa63fde4065\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18000_none_70071ca23cc95139\WerFault.exe (Microsoft Corporation)

[1] 2008-01-19 08:33:35 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe (Microsoft Corporation)

[1] 2008-09-20 05:00:16 217088 C:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.22271_none_70460c29561ecb18\WerFault.exe (Microsoft Corporation)



Found mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\System32\winevt\TraceFormat\TraceFormat

Found mount point : C:\Windows\Temp\AskBarDis\bar\Settings\Settings

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\AskBarDis\bar\Settings\Settings

Found mount point : C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}\cmi{99681151-3537-434F-8D53-AA0EF9812DEC}

Found mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\MPTelemetrySubmit\MPTelemetrySubmit

Found mount point : C:\Windows\Temp\SUKDB94.tmp\SUKDB94.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\SUKDB94.tmp\SUKDB94.tmp

Found mount point : C:\Windows\Temp\SxsTemp\SxsTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\SxsTemp\SxsTemp

Found mount point : C:\Windows\Temp\VBE\VBE

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\VBE\VBE

Found mount point : C:\Windows\Temp\_isTmp_{8675309}\_isTmp_{8675309}

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\_isTmp_{8675309}\_isTmp_{8675309}

Found mount point : C:\Windows\Temp\~msdt\tools\tools

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\~msdt\tools\tools

Found mount point : C:\Windows\Temp\~nsu.tmp\~nsu.tmp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\Temp\~nsu.tmp\~nsu.tmp

Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\tracing\tracing

Found mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\winsxs\InstallTemp\InstallTemp

Found mount point : C:\Windows\winsxs\Temp\PendingDeletes\PendingDeletes

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\winsxs\Temp\PendingDeletes\PendingDeletes

Found mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames

Mount point destination : \Device\__max++>\^

Removing mount point : C:\Windows\winsxs\Temp\PendingRenames\PendingRenames



Finished!
 
Hi,

See if you're able to run ComboFix now.

After that, download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
 
Combofix worked! Just doing DDS now. Here's the Combofix log:

ComboFix 09-09-12.A0 - Kopa 13/09/2009 18:26.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1983.1235 [GMT 1:00]
Running from: c:\users\Kopa\Desktop\Combo-Fix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1209922667-3375327985-2512063574-500
c:\$recycle.bin\S-1-5-21-1729058323-3176270510-1616200201-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.7.1.4630\Data\config.md
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.7.1.4630\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.7.1.4630\unins000.dat
c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.6.0.940\Data\config.md
c:\program files\Media Access Startup\1.6.0.940\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.6.0.940\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.6.0.940\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.6.0.940\FF\install.rdf
c:\program files\Media Access Startup\1.6.0.940\unins000.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\kbiwkmjsxrflnd.sys
c:\windows\system32\drivers\kbiwkmwmqxbsse.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_kbiwkmbppuytmv


((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 17:45 . 2009-09-13 17:45 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-09-13 17:45 . 2009-09-13 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-13 17:14 . 2009-09-13 17:14 -------- d-----w- C:\Combo-Fix
2009-09-11 19:40 . 2006-11-02 09:46 11776 ----a-w- c:\windows\system32\cngaudit.dll
2009-09-11 16:14 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-11 16:14 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-11 16:14 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-11 16:14 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-11 16:14 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-11 16:14 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-11 16:14 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-11 16:14 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-11 16:14 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-11 16:14 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-11 16:13 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 16:13 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 16:13 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 16:13 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 16:13 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-11 09:26 . 2009-09-11 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-09-11 09:14 . 2009-09-11 09:14 -------- d-----w- c:\program files\Trend Micro7
2009-09-11 09:00 . 2009-09-11 09:00 -------- d-----w- c:\program files\Trend Micro0
2009-09-09 16:16 . 2009-09-09 16:16 0 ----a-w- c:\windows\system32\cd.dat
2009-09-08 22:13 . 2009-09-11 20:04 -------- d--h--w- c:\windows\PIF
2009-09-08 13:22 . 2009-09-08 13:22 -------- d-----w- c:\program files\Trend Micro9
2009-09-08 13:15 . 2009-09-08 13:15 -------- d-----w- c:\program files\Trend Micro3
2009-09-08 13:00 . 2009-09-08 13:00 -------- d-----w- c:\program files\Trend Micro2
2009-09-07 20:49 . 2009-09-11 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-07 20:49 . 2009-09-11 09:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-07 20:49 . 2009-09-11 09:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-07 20:49 . 2009-09-13 10:18 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-07 20:49 . 2009-09-11 09:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-07 20:33 . 2009-09-07 20:33 -------- d-----w- c:\program files\Trend Micro
2009-09-07 15:43 . 2009-09-07 20:50 -------- d-----w- c:\programdata\15989144
2009-09-06 22:36 . 2009-09-06 22:36 -------- d-----w- c:\users\Kopa\dwhelper
2009-09-05 22:47 . 2009-09-05 22:47 -------- d-----w- c:\users\Kopa\AppData\Local\Cooliris
2009-09-05 21:41 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-05 21:41 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-05 18:05 . 2009-09-05 18:05 -------- d-----w- C:\found.000
2009-09-03 18:13 . 2009-09-03 18:13 -------- d-----w- c:\program files\System Search Dispatcher
2009-09-03 18:12 . 2009-09-03 18:12 -------- d-----w- c:\program files\DoubleD
2009-09-03 14:05 . 2009-09-03 14:05 -------- d-----w- c:\program files\Sophos
2009-09-03 14:02 . 2009-09-03 14:02 -------- d-----w- c:\users\Kopa\Pavark
2009-08-30 23:45 . 2009-08-30 23:45 -------- d-----w- C:\Hotspot Shield
2009-08-30 23:41 . 2009-08-30 23:45 -------- d-----w- c:\program files\Hotspot Shield
2009-08-29 19:42 . 2009-08-29 19:42 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-08-29 19:41 . 2009-08-29 19:41 -------- d-----w- c:\program files\MSECACHE
2009-08-29 19:11 . 2009-08-29 19:46 -------- d-----w- c:\program files\Windows Live
2009-08-29 19:11 . 2009-08-29 19:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-29 18:58 . 2009-08-29 18:58 -------- d-----w- c:\programdata\WLInstaller
2009-08-29 10:25 . 2009-08-29 10:25 -------- d-----w- c:\program files\Alwil Software
2009-08-27 02:03 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:28 . 2009-09-05 21:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-26 17:28 . 2009-08-26 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-26 03:18 . 2009-08-26 03:18 -------- d-----w- C:\PerfLogs
2009-08-26 01:35 . 2009-08-26 01:35 -------- d-----w- c:\users\Kopa\AppData\Local\Opera
2009-08-26 01:34 . 2009-08-26 01:35 -------- d-----w- c:\program files\Opera
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\users\Kopa\AppData\Roaming\Malwarebytes
2009-08-22 15:45 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-22 15:45 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\programdata\Malwarebytes
2009-08-22 13:05 . 2009-08-22 13:05 -------- d-----w- C:\ubuntu
2009-08-19 17:11 . 2009-08-19 17:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-19 17:10 . 2009-08-19 17:10 -------- d-----w- c:\users\Kopa\AppData\Roaming\SUPERAntiSpyware.com
2009-08-19 16:44 . 2009-08-19 16:44 -------- d-----w- c:\programdata\RegCure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 17:16 . 2009-07-09 20:57 0 ----a-w- c:\users\Kopa\AppData\Local\prvlcl.dat
2009-09-12 02:11 . 2009-02-13 14:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 02:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-12 02:02 . 2007-07-23 18:56 -------- d-----w- c:\programdata\Microsoft Help
2009-09-11 17:24 . 2009-02-13 14:38 1356 ----a-w- c:\users\Kopa\AppData\Local\d3d9caps.dat
2009-09-11 16:01 . 2009-02-13 14:46 -------- d-----w- c:\programdata\avg8
2009-09-06 22:34 . 2009-03-21 08:48 -------- d-----w- c:\users\Kopa\AppData\Roaming\LimeWire
2009-09-05 21:24 . 2009-02-13 12:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-05 21:24 . 2009-02-06 23:13 -------- d-----w- c:\programdata\FLEXnet
2009-08-29 19:50 . 2009-02-05 16:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-29 19:11 . 2009-02-05 16:20 -------- d-----w- c:\program files\Microsoft
2009-08-29 17:27 . 2009-03-20 22:36 -------- d-----w- c:\program files\Java
2009-08-29 12:49 . 2009-04-20 10:52 -------- d-----w- c:\program files\FLAC to MP3 Converter
2009-08-26 17:26 . 2009-08-26 17:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-26 03:34 . 2009-02-13 14:53 -------- d-----w- c:\programdata\NVIDIA
2009-08-26 03:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-26 03:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-26 02:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-08-26 02:23 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-08-22 15:24 . 2009-02-12 23:04 -------- d-----w- c:\program files\Electronic Arts
2009-08-22 15:24 . 2007-07-23 17:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 14:42 . 2009-06-16 18:53 -------- d-----w- c:\users\Kopa\AppData\Roaming\SystemRequirementsLab
2009-08-10 12:12 . 2009-02-05 17:55 40768 ----a-w- c:\users\Kopa\AppData\Roaming\nvModes.dat
2009-08-07 17:01 . 2009-08-07 17:01 -------- d-----w- c:\program files\Paint.NET
2009-08-07 16:28 . 2009-08-07 16:27 -------- d-----w- c:\users\Kopa\AppData\Roaming\SecondLife
2009-08-05 10:40 . 2009-08-04 20:30 -------- d-----w- c:\programdata\NOS
2009-08-05 10:40 . 2009-08-04 20:30 -------- d-----w- c:\program files\NOS
2009-08-04 12:57 . 2009-07-23 23:36 -------- d-----w- c:\users\Kopa\AppData\Roaming\Spotify
2009-08-01 11:46 . 2009-07-17 19:01 -------- d-----w- c:\users\Kopa\AppData\Roaming\vlc
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 04:23 . 2009-03-20 22:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 09:48 . 2009-07-08 13:10 -------- d-----w- c:\program files\Yahoo!
2009-07-24 01:39 . 2007-07-23 19:27 -------- d-----w- c:\program files\CyberLink
2009-07-24 01:37 . 2009-07-08 13:10 -------- d-----w- c:\programdata\Yahoo!
2009-07-23 23:35 . 2009-07-23 23:35 -------- d-----w- c:\program files\Spotify
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-21 18:13 . 2009-07-21 18:13 -------- d-----w- c:\users\Mcx1\AppData\Roaming\DivX
2009-07-18 16:06 . 2009-07-29 10:34 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 10:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 10:34 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 10:16 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-13 10:16 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 10:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-13 10:16 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-13 10:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-10 11:15 . 2009-07-10 11:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-08 21:41 . 2009-07-08 21:41 0 ----a-w- c:\windows\nsreg.dat
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-23 10:54 . 2009-06-23 10:54 61760 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-06-23 10:53 . 2009-07-08 22:01 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-06-23 10:53 . 2009-07-08 22:01 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-06-15 18:20 . 2009-08-13 10:16 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-30 23:41 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-11 2007832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B7608790-E3C6-4ECE-88C9-1B8B8CB4B0FB}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{EAAF542C-EE68-45AA-8DE2-B536D283758E}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{45F84AD7-EAD0-41CF-89C7-3EC8FB1FCB7F}c:\\users\\kopa\\program files\\dna\\btdna.exe"= UDP:c:\users\kopa\program files\dna\btdna.exe:btdna.exe
"UDP Query User{72526A77-F4DA-447A-9790-138F08E37873}c:\\users\\kopa\\program files\\dna\\btdna.exe"= TCP:c:\users\kopa\program files\dna\btdna.exe:btdna.exe
"TCP Query User{23975C86-F4E6-4F70-AA33-322B69C05B96}c:\\users\\kopa\\program files\\dna\\btdna.exe"= UDP:c:\users\kopa\program files\dna\btdna.exe:btdna.exe
"UDP Query User{37FE85BA-4ED0-4804-8841-A78BCAF4FDCF}c:\\users\\kopa\\program files\\dna\\btdna.exe"= TCP:c:\users\kopa\program files\dna\btdna.exe:btdna.exe
"{F5F06F40-D905-41D7-9C4E-651F5AB846AC}"= UDP:5353:Adobe CSI CS4
"{74F62B14-A768-4AB8-950A-4C74AA38A745}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{1B9D7951-6486-4832-B437-58F39ED2CB58}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{8941E7AC-5A9E-4260-B11A-34210D5185BB}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{798FECC3-668A-456C-A215-6EEF135B16B3}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{0081E1AD-118A-424C-A420-A9D393665C13}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{D6368C98-4B50-49C7-9F0E-B9289B23B600}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{2C2C12C5-181A-438B-854E-4EDC2980E63F}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{8401C258-859F-4592-B049-1803B2E44603}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"TCP Query User{8390A3AF-61DF-43CC-9DEC-D0A9F20F17B0}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exe:DNA
"UDP Query User{DC769637-2B23-405C-B3D8-6891FDF08410}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exe:DNA
"{53CC6A46-724C-40F2-ADE4-DEBB4B457DB3}"= UDP:5353:Adobe CSI CS4
"{38212378-4C07-4A42-AC4F-70BFD62F249D}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A83AFD3A-6738-4B83-920C-F3BF37ED63FC}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{70DF70AC-145B-443A-A324-F34106464240}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{13692021-5419-4FF9-AC9C-3897CCF4F15F}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{109A5013-B24F-4AEA-8EC7-64D004DE4BBB}c:\\program files\\team fortress 2\\hl2.exe"= UDP:c:\program files\team fortress 2\hl2.exe:hl2
"UDP Query User{FB3924FC-E7F2-4DCF-A1CC-A877C56EFF67}c:\\program files\\team fortress 2\\hl2.exe"= TCP:c:\program files\team fortress 2\hl2.exe:hl2
"{7EF71B37-5583-4756-BA9E-4D84784535CF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E2261E2D-BFED-4028-B7F5-5D4A18A6965B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{FAC1569E-8923-4B5E-8183-A6AA50861AEA}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{D187C165-6662-4444-8B11-D26D645D6060}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B1C1C000-F3C1-41DF-AE40-3D104FA3802F}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{EC309C56-C451-44D2-BFEF-751BC86595FF}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{E2CDA4DA-2F6D-458A-AADB-762AC7DC3EA2}c:\\program files\\xchat\\xchat.exe"= UDP:c:\program files\xchat\xchat.exe:XChat IRC Client
"UDP Query User{D888DD60-B5D9-4BE5-9451-E8CA3D1ABEA0}c:\\program files\\xchat\\xchat.exe"= TCP:c:\program files\xchat\xchat.exe:XChat IRC Client
"TCP Query User{C7C28DDA-45E2-4AB2-AEBE-8517CA503BF9}c:\\program files\\microsoft chat\\cchat.exe"= UDP:c:\program files\microsoft chat\cchat.exe:Microsoft Chat
"UDP Query User{EF7EFC75-99A0-4DC5-823E-5287549DCFD3}c:\\program files\\microsoft chat\\cchat.exe"= TCP:c:\program files\microsoft chat\cchat.exe:Microsoft Chat
"TCP Query User{1212A521-0101-4F92-9C69-F1AA4152A9B8}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{9A45A62A-75CC-4EAE-BEC1-ADB88E2236C2}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{8ACF5768-08AE-44C9-8EFE-4EA9FEE2ABE1}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{12EA07CC-17DF-4E3D-982E-E0F6EE244535}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"{51D8B2B7-E21F-49CB-9DE6-2CBE63D27707}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2F05DBB9-DDF7-49C2-B2C7-146BB5A24B5C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{BE1D6881-5218-4634-8169-B07AD7EFA046}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"UDP Query User{664E72B9-1C01-47AD-9D83-F205B80BB284}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"TCP Query User{4797D5B9-96EC-4BA4-99A8-4F60B216800E}c:\\program files\\ea games\\american mcgee's alice\\alice.exe"= UDP:c:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"UDP Query User{B9164609-67AC-4F7E-8A86-671D9B1AA9CC}c:\\program files\\ea games\\american mcgee's alice\\alice.exe"= TCP:c:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"TCP Query User{B8929E70-B6B6-43A7-B685-27F408109A49}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"UDP Query User{CBE64D25-42D8-41DD-823B-7580D7FFE1BA}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"{FC14F6C1-5629-4DA3-9618-4A93C215F571}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8AFF59C0-F8B3-4332-BAA5-87068CFDFAF5}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FD660F16-53FC-4913-846A-E93CB57C8870}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{23FF3633-A910-478F-8905-A8A85CFFBEBD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8F597F5-9A33-43F7-8D29-F382CC520F09}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B06B7B1E-83DC-468F-8603-7ADBDDCC0CA6}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{5CC737E4-1E79-49FB-A127-8AF1C4F6D0A6}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"TCP Query User{B6F4F494-017D-4868-A9D4-CAED4C4AC811}c:\\program files\\pando networks\\media booster\\pmb.exe"= UDP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"UDP Query User{5A7290D3-4B34-423E-8BC2-68D580935D2B}c:\\program files\\pando networks\\media booster\\pmb.exe"= TCP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"{2DB6CFEC-BF6D-45C6-B132-B5739DF2BBDF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{47DB2A9D-CB88-4719-98B3-6A266C7AAD0A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6982B654-0F5D-4C1D-84E6-382CD164F6C7}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{FD99BD80-7502-4F04-B754-9A5C85C457D8}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{1302AE23-A0F6-4D52-8A4D-E0CCE160CBE9}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{11AACA35-6380-4959-B0B6-FA472E894FE7}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{82FC70D3-BA9D-439C-AC5B-039B47E667E5}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{F3428E68-A875-41D6-B9EF-A747F6C5553A}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{34B8BAC4-1664-427A-B915-85AADE3C3980}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{2E667820-49A4-4945-A184-68BD91391ACF}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{FE73858A-A0E2-40C3-8823-3F57B6BFE7B6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{0AF96662-8DEA-4D7A-9048-F5656A862E33}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{5E6813CB-A420-42CE-87F7-AF2BDA585B11}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [20/11/2006 08:14 AM 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [17/11/2006 06:58 AM 31360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/09/2009 09:49 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/09/2009 09:49 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/09/2009 10:06 AM 297752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 07:58 PM 331824]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [23/06/2009 11:55 AM 188736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/08/2009 06:28 PM 1153368]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\System32\drivers\HssDrv.sys [02/07/2009 03:34 AM 33840]
R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [23/07/2007 06:24 PM 19456]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr61.sys [28/09/2007 02:37 PM 316928]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\System32\drivers\tap0901.sys [22/07/2009 08:13 PM 28592]
S2 AdobeAeLookupSvc;Adobe LM Service AdobeAeLookupSvc;c:\windows\TEMP\fnxpyglahb.exe service --> c:\windows\TEMP\fnxpyglahb.exe service [?]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [23/07/2007 06:24 PM 40960]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 01:44 PM 30088]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25/09/2007 03:59 PM 15152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 12:19 AM 57640]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 03:54 PM 52080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\CChat25.inf,PerUserRemove
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msi.com.tw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\
FF - prefs.js: browser.search.selectedEngine - Element
FF - prefs.js: browser.startup.homepage - hxxp://gaiaonline.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59287&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
HKCU-Run-AdobeBridge - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 18:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\windows\System32\ASTSRV.EXE
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\o2flash.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18226_none_1053243b8b6fd401\WmiPrvSE.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-13 18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-13 17:56

Pre-Run: 18,151,211,008 bytes free
Post-Run: 18,221,957,120 bytes free

372 --- E O F --- 2009-09-13 10:20
 
And here's the DDS log, and I also attached the other one like it told me to.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Kopa at 19:01:31.82 on 13/09/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1983.939 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\ASTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\alg.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kopa\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msi.com.tw
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\kopa\appdata\roaming\mozilla\firefox\profiles\hekitc3k.default\
FF - prefs.js: browser.search.selectedEngine - Element
FF - prefs.js: browser.startup.homepage - hxxp://gaiaonline.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59287&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\kopa\appdata\roaming\mozilla\firefox\profiles\hekitc3k.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\kopa\appdata\roaming\mozilla\firefox\profiles\hekitc3k.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-11-20 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-11-17 31360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-7 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-7 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-11 297752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-6 331824]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-6-23 188736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-26 1153368]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [2009-7-2 33840]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2007-7-23 19456]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2007-9-28 316928]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-22 28592]
S2 AdobeAeLookupSvc;Adobe LM Service AdobeAeLookupSvc;c:\windows\temp\fnxpyglahb.exe service --> c:\windows\temp\fnxpyglahb.exe service [?]
S2 NishService;SCM Driver Daemon;c:\program files\system control manager\edd.exe [2007-7-23 40960]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-8-11 57640]
S3 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-4-21 52080]

=============== Created Last 30 ================

2009-09-13 18:49 <DIR> --d----- C:\$RECYCLE.BIN
2009-09-13 18:14 <DIR> --d----- C:\Combo-Fix
2009-09-11 20:40 11,776 -------- c:\windows\system32\cngaudit.dll
2009-09-11 17:18 230,912 a------- c:\windows\PEV.exe
2009-09-11 17:18 161,792 a------- c:\windows\SWREG.exe
2009-09-11 17:18 98,816 a------- c:\windows\sed.exe
2009-09-11 17:14 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-11 17:14 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-11 17:14 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-11 17:14 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-11 17:14 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-11 17:14 10,240 a------- c:\windows\system32\finger.exe
2009-09-11 17:14 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-11 17:14 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-11 17:14 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-11 17:14 17,920 a------- c:\windows\system32\netevent.dll
2009-09-11 17:13 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-11 17:13 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-11 17:13 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-11 17:13 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-11 17:13 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-11 17:13 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-11 10:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2
2009-09-11 10:14 <DIR> --d----- c:\program files\Trend Micro7
2009-09-11 10:00 <DIR> --d----- c:\program files\Trend Micro0
2009-09-09 17:16 0 a------- c:\windows\system32\cd.dat
2009-09-08 23:13 <DIR> --d-h--- c:\windows\PIF
2009-09-08 14:22 <DIR> --d----- c:\program files\Trend Micro9
2009-09-08 14:15 <DIR> --d----- c:\program files\Trend Micro3
2009-09-08 14:00 <DIR> --d----- c:\program files\Trend Micro2
2009-09-07 22:18 165,277,579 a------- c:\windows\MEMORY.DMP
2009-09-07 21:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-07 21:49 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-07 21:49 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-07 21:49 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-07 21:33 <DIR> --d----- c:\program files\Trend Micro
2009-09-07 16:43 <DIR> --d----- c:\programdata\15989144
2009-09-07 16:43 <DIR> --d----- c:\progra~2\15989144
2009-09-06 23:36 <DIR> --d----- c:\users\kopa\dwhelper
2009-09-05 22:41 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-05 22:41 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-05 19:05 <DIR> --d----- C:\found.000
2009-09-03 19:13 <DIR> --d----- c:\program files\System Search Dispatcher
2009-09-03 19:12 <DIR> --d----- c:\program files\DoubleD
2009-09-03 15:05 <DIR> --d----- c:\program files\Sophos
2009-09-03 15:02 <DIR> --d----- c:\users\kopa\Pavark
2009-08-31 00:45 <DIR> --d----- C:\Hotspot Shield
2009-08-31 00:41 <DIR> --d----- c:\program files\Hotspot Shield
2009-08-29 20:42 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-08-29 20:41 <DIR> --d----- c:\program files\MSECACHE
2009-08-29 20:11 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-29 19:58 <DIR> --d----- c:\programdata\WLInstaller
2009-08-28 17:05 <DIR> --d----- c:\windows\pss
2009-08-27 03:03 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 19:25 1,744 a------- c:\windows\wininit.ini
2009-08-26 18:28 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-08-26 18:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-26 18:28 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-08-26 18:26 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-26 04:18 <DIR> --d----- C:\PerfLogs
2009-08-22 16:45 <DIR> --d----- c:\users\kopa\appdata\roaming\Malwarebytes
2009-08-22 16:45 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-22 16:45 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-22 16:45 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-22 16:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 16:45 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-22 14:25 197,915 a------- C:\wubildr
2009-08-22 14:25 8,192 a------- C:\wubildr.mbr
2009-08-22 14:05 <DIR> --d----- C:\ubuntu
2009-08-19 18:11 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-08-19 18:11 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-08-19 18:10 <DIR> --d----- c:\users\kopa\appdata\roaming\SUPERAntiSpyware.com
2009-08-19 17:44 <DIR> --d----- c:\programdata\RegCure
2009-08-19 17:44 <DIR> --d----- c:\progra~2\RegCure

==================== Find3M ====================

2009-08-31 00:44 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-31 00:44 51,200 a------- c:\windows\inf\infpub.dat
2009-08-31 00:44 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-26 04:31 174 a--sh--- c:\program files\desktop.ini
2009-08-26 04:18 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-26 03:24 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-08-26 03:23 82,432 a------- c:\windows\system32\axaltocm.dll
2009-08-10 13:12 40,768 a------- c:\users\kopa\appdata\roaming\nvModes.dat
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-22 20:13 28,592 a------- c:\windows\system32\drivers\tap0901.sys
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-10 12:15 306,544 a------- c:\windows\WLXPGSS.SCR
2009-06-23 11:54 61,760 a------- c:\windows\system32\ASTSRV.EXE
2009-06-23 11:53 17,728 a------- c:\windows\system32\nitrolocalui.dll
2009-06-23 11:53 26,432 a------- c:\windows\system32\nitrolocalmon.dll
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 19:02:37.50 ===============
 
Hi,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
DirLook::
c:\programdata\15989144
c:\progra~2\15989144
Folder::
c:\program files\bittorrent
c:\users\kopa\program files\dna
c:\program files\LimeWire
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B7608790-E3C6-4ECE-88C9-1B8B8CB4B0FB}c:\\program files\\bittorrent\\bittorrent.exe"=-
"UDP Query User{EAAF542C-EE68-45AA-8DE2-B536D283758E}c:\\program files\\bittorrent\\bittorrent.exe"=-
"TCP Query User{45F84AD7-EAD0-41CF-89C7-3EC8FB1FCB7F}c:\\users\\kopa\\program files\\dna\\btdna.exe"=-
"UDP Query User{72526A77-F4DA-447A-9790-138F08E37873}c:\\users\\kopa\\program files\\dna\\btdna.exe"=-
"TCP Query User{23975C86-F4E6-4F70-AA33-322B69C05B96}c:\\users\\kopa\\program files\\dna\\btdna.exe"=-
"UDP Query User{37FE85BA-4ED0-4804-8841-A78BCAF4FDCF}c:\\users\\kopa\\program files\\dna\\btdna.exe"=-
"TCP Query User{8941E7AC-5A9E-4260-B11A-34210D5185BB}c:\\program files\\bittorrent\\bittorrent.exe"=-
"UDP Query User{798FECC3-668A-456C-A215-6EEF135B16B3}c:\\program files\\bittorrent\\bittorrent.exe"=-
"{2C2C12C5-181A-438B-854E-4EDC2980E63F}"=-
"{8401C258-859F-4592-B049-1803B2E44603}"=-
"TCP Query User{8390A3AF-61DF-43CC-9DEC-D0A9F20F17B0}c:\\program files\\dna\\btdna.exe"=-
"UDP Query User{DC769637-2B23-405C-B3D8-6891FDF08410}c:\\program files\\dna\\btdna.exe"=-
"{7EF71B37-5583-4756-BA9E-4D84784535CF}"=-
"{E2261E2D-BFED-4028-B7F5-5D4A18A6965B}"=-
"{51D8B2B7-E21F-49CB-9DE6-2CBE63D27707}"=-
"{2F05DBB9-DDF7-49C2-B2C7-146BB5A24B5C}"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one (9.1 + updates 9.1.2 & 9.1.3) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.




Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
I tried doing the Kapersky scan by leaving it on overnight, but when I came back to it, it had been running for 10 hours and was still on 25%, it had picked up 1 threat and when I tried to stop it to get the log, Firefox crashed and didn't recover. Here's the DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Kopa at 20:39:06.08 on 14/09/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1983.882 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\ASTSRV.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\System Control Manager\edd.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Windows\system32\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\vsnp2std.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kopa\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msi.com.tw
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\kopa\appdata\roaming\mozilla\firefox\profiles\hekitc3k.default\
FF - prefs.js: browser.search.selectedEngine - Element
FF - prefs.js: browser.startup.homepage - hxxp://gaiaonline.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59287&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\users\kopa\appdata\roaming\mozilla\firefox\profiles\hekitc3k.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\kopa\appdata\roaming\mozilla\firefox\profiles\hekitc3k.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-11-20 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-11-17 31360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-7 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-7 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-11 297752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-6 331824]
R2 NishService;SCM Driver Daemon;c:\program files\system control manager\edd.exe [2007-7-23 40960]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-6-23 188736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-26 1153368]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\system32\drivers\HssDrv.sys [2009-7-2 33840]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2007-7-23 19456]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr61.sys [2007-9-28 316928]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-22 28592]
S2 AdobeAeLookupSvc;Adobe LM Service AdobeAeLookupSvc;c:\windows\temp\fnxpyglahb.exe service --> c:\windows\temp\fnxpyglahb.exe service [?]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\hotspot shield\bin\HssTrayService.exe [2009-8-11 57640]
S3 Start BT in service;Start BT in service;c:\program files\ivt corporation\bluesoleil\StartSkysolSvc.exe [2007-4-21 52080]

=============== Created Last 30 ================

2009-09-14 08:18 <DIR> --d----- c:\programdata\WindowsSearch
2009-09-13 20:18 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-13 18:14 <DIR> --d----- C:\Combo-Fix
2009-09-11 20:40 11,776 -------- c:\windows\system32\cngaudit.dll
2009-09-11 17:18 229,888 a------- c:\windows\PEV.exe
2009-09-11 17:18 161,792 a------- c:\windows\SWREG.exe
2009-09-11 17:18 98,816 a------- c:\windows\sed.exe
2009-09-11 17:14 897,608 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-11 17:14 104,960 a------- c:\windows\system32\netiohlp.dll
2009-09-11 17:14 27,136 a------- c:\windows\system32\NETSTAT.EXE
2009-09-11 17:14 19,968 a------- c:\windows\system32\ARP.EXE
2009-09-11 17:14 11,264 a------- c:\windows\system32\MRINFO.EXE
2009-09-11 17:14 10,240 a------- c:\windows\system32\finger.exe
2009-09-11 17:14 9,728 a------- c:\windows\system32\TCPSVCS.EXE
2009-09-11 17:14 8,704 a------- c:\windows\system32\HOSTNAME.EXE
2009-09-11 17:14 17,920 a------- c:\windows\system32\ROUTE.EXE
2009-09-11 17:14 17,920 a------- c:\windows\system32\netevent.dll
2009-09-11 17:13 2,501,921 a------- c:\windows\system32\wlan.tmf
2009-09-11 17:13 293,376 a------- c:\windows\system32\wlanmsm.dll
2009-09-11 17:13 513,024 a------- c:\windows\system32\wlansvc.dll
2009-09-11 17:13 302,592 a------- c:\windows\system32\wlansec.dll
2009-09-11 17:13 127,488 a------- c:\windows\system32\L2SecHC.dll
2009-09-11 17:13 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-11 10:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware2
2009-09-11 10:14 <DIR> --d----- c:\program files\Trend Micro7
2009-09-11 10:00 <DIR> --d----- c:\program files\Trend Micro0
2009-09-09 17:16 0 a------- c:\windows\system32\cd.dat
2009-09-08 23:13 <DIR> --d-h--- c:\windows\PIF
2009-09-08 14:22 <DIR> --d----- c:\program files\Trend Micro9
2009-09-08 14:15 <DIR> --d----- c:\program files\Trend Micro3
2009-09-08 14:00 <DIR> --d----- c:\program files\Trend Micro2
2009-09-07 22:18 165,277,579 a------- c:\windows\MEMORY.DMP
2009-09-07 21:49 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-07 21:49 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-07 21:49 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-07 21:49 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-07 21:33 <DIR> --d----- c:\program files\Trend Micro
2009-09-07 16:43 <DIR> --d----- c:\programdata\15989144
2009-09-07 16:43 <DIR> --d----- c:\progra~2\15989144
2009-09-06 23:36 <DIR> --d----- c:\users\kopa\dwhelper
2009-09-05 22:41 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-05 22:41 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-05 19:05 <DIR> --d----- C:\found.000
2009-09-03 19:13 <DIR> --d----- c:\program files\System Search Dispatcher
2009-09-03 19:12 <DIR> --d----- c:\program files\DoubleD
2009-09-03 15:05 <DIR> --d----- c:\program files\Sophos
2009-09-03 15:02 <DIR> --d----- c:\users\kopa\Pavark
2009-08-31 00:45 <DIR> --d----- C:\Hotspot Shield
2009-08-31 00:41 <DIR> --d----- c:\program files\Hotspot Shield
2009-08-29 20:42 <DIR> --d----- c:\program files\Windows Installer Clean Up
2009-08-29 20:41 <DIR> --d----- c:\program files\MSECACHE
2009-08-29 20:11 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-29 19:58 <DIR> --d----- c:\programdata\WLInstaller
2009-08-28 17:05 <DIR> --d----- c:\windows\pss
2009-08-27 03:03 2,048 a------- c:\windows\system32\tzres.dll
2009-08-26 19:25 1,744 a------- c:\windows\wininit.ini
2009-08-26 18:28 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-08-26 18:28 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-08-26 18:28 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-08-26 18:26 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-26 04:18 <DIR> --d----- C:\PerfLogs
2009-08-22 16:45 <DIR> --d----- c:\users\kopa\appdata\roaming\Malwarebytes
2009-08-22 16:45 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-22 16:45 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-08-22 16:45 <DIR> --d----- c:\programdata\Malwarebytes
2009-08-22 16:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 16:45 <DIR> --d----- c:\progra~2\Malwarebytes
2009-08-22 14:25 197,915 a------- C:\wubildr
2009-08-22 14:25 8,192 a------- C:\wubildr.mbr
2009-08-22 14:05 <DIR> --d----- C:\ubuntu
2009-08-19 18:11 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2009-08-19 18:11 <DIR> --d----- c:\progra~2\SUPERAntiSpyware.com
2009-08-19 18:10 <DIR> --d----- c:\users\kopa\appdata\roaming\SUPERAntiSpyware.com
2009-08-19 17:44 <DIR> --d----- c:\programdata\RegCure
2009-08-19 17:44 <DIR> --d----- c:\progra~2\RegCure

==================== Find3M ====================

2009-08-31 00:44 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-31 00:44 51,200 a------- c:\windows\inf\infpub.dat
2009-08-31 00:44 86,016 a------- c:\windows\inf\infstor.dat
2009-08-28 13:39 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 13:38 2,153,984 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 13:38 541,696 a------- c:\windows\apppatch\AcLayers.dll
2009-08-28 13:38 459,776 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-26 04:31 174 a--sh--- c:\program files\desktop.ini
2009-08-26 04:18 665,600 a------- c:\windows\inf\drvindex.dat
2009-08-26 03:24 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-08-26 03:23 82,432 a------- c:\windows\system32\axaltocm.dll
2009-08-10 13:12 40,768 a------- c:\users\kopa\appdata\roaming\nvModes.dat
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-22 20:13 28,592 a------- c:\windows\system32\drivers\tap0901.sys
2009-07-18 17:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 17:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 10:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-17 15:35 71,680 a------- c:\windows\system32\atl.dll
2009-07-14 14:00 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-07-14 13:59 4,096 a------- c:\windows\system32\dxmasf.dll
2009-07-14 13:58 7,680 a------- c:\windows\system32\spwmp.dll
2009-07-14 11:59 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-07-10 12:15 306,544 a------- c:\windows\WLXPGSS.SCR
2009-06-23 11:54 61,760 a------- c:\windows\system32\ASTSRV.EXE
2009-06-23 11:53 17,728 a------- c:\windows\system32\nitrolocalui.dll
2009-06-23 11:53 26,432 a------- c:\windows\system32\nitrolocalmon.dll
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:40:30.33 ===============

And here's Combofix:

ComboFix 09-09-13.03 - Kopa 13/09/2009 19:59.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1983.1191 [GMT 1:00]
Running from: c:\users\Kopa\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Kopa\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\kopa\program files\dna
c:\users\kopa\program files\dna\btdna.exe
c:\users\kopa\program files\dna\chrome.manifest
c:\users\kopa\program files\dna\DNAcpl.cpl
c:\users\kopa\program files\dna\install.rdf
c:\users\kopa\program files\dna\plugins\npbtdna.dll
c:\users\kopa\program files\dna\plugins\npbtdna.ico

.
((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 )))))))))))))))))))))))))))))))
.

2009-09-13 19:14 . 2009-09-13 19:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-13 19:14 . 2009-09-13 19:14 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-09-13 19:14 . 2009-09-13 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-13 17:14 . 2009-09-13 17:14 -------- d-----w- C:\Combo-Fix
2009-09-11 19:40 . 2006-11-02 09:46 11776 ------w- c:\windows\system32\cngaudit.dll
2009-09-11 16:14 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-11 16:14 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-11 16:14 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-11 16:14 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-11 16:14 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-11 16:14 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-11 16:14 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-11 16:14 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-11 16:14 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-11 16:14 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-11 16:13 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 16:13 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 16:13 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 16:13 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 16:13 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-11 09:26 . 2009-09-11 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-09-11 09:14 . 2009-09-11 09:14 -------- d-----w- c:\program files\Trend Micro7
2009-09-11 09:00 . 2009-09-11 09:00 -------- d-----w- c:\program files\Trend Micro0
2009-09-09 16:16 . 2009-09-09 16:16 0 ----a-w- c:\windows\system32\cd.dat
2009-09-08 22:13 . 2009-09-11 20:04 -------- d--h--w- c:\windows\PIF
2009-09-08 13:22 . 2009-09-08 13:22 -------- d-----w- c:\program files\Trend Micro9
2009-09-08 13:15 . 2009-09-08 13:15 -------- d-----w- c:\program files\Trend Micro3
2009-09-08 13:00 . 2009-09-08 13:00 -------- d-----w- c:\program files\Trend Micro2
2009-09-07 20:49 . 2009-09-11 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-07 20:49 . 2009-09-11 09:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-07 20:49 . 2009-09-11 09:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-07 20:49 . 2009-09-13 10:18 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-07 20:49 . 2009-09-11 09:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-07 20:33 . 2009-09-07 20:33 -------- d-----w- c:\program files\Trend Micro
2009-09-07 15:43 . 2009-09-07 20:50 -------- d-----w- c:\programdata\15989144
2009-09-06 22:36 . 2009-09-06 22:36 -------- d-----w- c:\users\Kopa\dwhelper
2009-09-05 22:47 . 2009-09-05 22:47 -------- d-----w- c:\users\Kopa\AppData\Local\Cooliris
2009-09-05 21:41 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-05 21:41 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-05 18:05 . 2009-09-05 18:05 -------- d-----w- C:\found.000
2009-09-03 18:13 . 2009-09-03 18:13 -------- d-----w- c:\program files\System Search Dispatcher
2009-09-03 18:12 . 2009-09-03 18:12 -------- d-----w- c:\program files\DoubleD
2009-09-03 14:05 . 2009-09-03 14:05 -------- d-----w- c:\program files\Sophos
2009-09-03 14:02 . 2009-09-03 14:02 -------- d-----w- c:\users\Kopa\Pavark
2009-08-30 23:45 . 2009-08-30 23:45 -------- d-----w- C:\Hotspot Shield
2009-08-30 23:41 . 2009-08-30 23:45 -------- d-----w- c:\program files\Hotspot Shield
2009-08-29 19:42 . 2009-08-29 19:42 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-08-29 19:41 . 2009-08-29 19:41 -------- d-----w- c:\program files\MSECACHE
2009-08-29 19:11 . 2009-08-29 19:46 -------- d-----w- c:\program files\Windows Live
2009-08-29 19:11 . 2009-08-29 19:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-29 18:58 . 2009-08-29 18:58 -------- d-----w- c:\programdata\WLInstaller
2009-08-29 10:25 . 2009-08-29 10:25 -------- d-----w- c:\program files\Alwil Software
2009-08-27 02:03 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:28 . 2009-09-05 21:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-26 17:28 . 2009-08-26 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-26 03:18 . 2009-08-26 03:18 -------- d-----w- C:\PerfLogs
2009-08-26 01:35 . 2009-08-26 01:35 -------- d-----w- c:\users\Kopa\AppData\Local\Opera
2009-08-26 01:34 . 2009-08-26 01:35 -------- d-----w- c:\program files\Opera
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\users\Kopa\AppData\Roaming\Malwarebytes
2009-08-22 15:45 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-22 15:45 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\programdata\Malwarebytes
2009-08-22 13:05 . 2009-08-22 13:05 -------- d-----w- C:\ubuntu
2009-08-19 17:11 . 2009-08-19 17:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-19 17:10 . 2009-08-19 17:10 -------- d-----w- c:\users\Kopa\AppData\Roaming\SUPERAntiSpyware.com
2009-08-19 16:44 . 2009-08-19 16:44 -------- d-----w- c:\programdata\RegCure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 18:16 . 2009-07-09 20:57 0 ----a-w- c:\users\Kopa\AppData\Local\prvlcl.dat
2009-09-12 02:11 . 2009-02-13 14:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 02:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-12 02:02 . 2007-07-23 18:56 -------- d-----w- c:\programdata\Microsoft Help
2009-09-11 17:24 . 2009-02-13 14:38 1356 ----a-w- c:\users\Kopa\AppData\Local\d3d9caps.dat
2009-09-11 16:01 . 2009-02-13 14:46 -------- d-----w- c:\programdata\avg8
2009-09-06 22:34 . 2009-03-21 08:48 -------- d-----w- c:\users\Kopa\AppData\Roaming\LimeWire
2009-09-05 21:24 . 2009-02-13 12:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-05 21:24 . 2009-02-06 23:13 -------- d-----w- c:\programdata\FLEXnet
2009-08-29 19:50 . 2009-02-05 16:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-29 19:11 . 2009-02-05 16:20 -------- d-----w- c:\program files\Microsoft
2009-08-29 17:27 . 2009-03-20 22:36 -------- d-----w- c:\program files\Java
2009-08-29 12:49 . 2009-04-20 10:52 -------- d-----w- c:\program files\FLAC to MP3 Converter
2009-08-26 17:26 . 2009-08-26 17:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-26 03:34 . 2009-02-13 14:53 -------- d-----w- c:\programdata\NVIDIA
2009-08-26 03:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-26 03:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-26 02:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-08-26 02:23 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-08-22 15:24 . 2009-02-12 23:04 -------- d-----w- c:\program files\Electronic Arts
2009-08-22 15:24 . 2007-07-23 17:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 14:42 . 2009-06-16 18:53 -------- d-----w- c:\users\Kopa\AppData\Roaming\SystemRequirementsLab
2009-08-10 12:12 . 2009-02-05 17:55 40768 ----a-w- c:\users\Kopa\AppData\Roaming\nvModes.dat
2009-08-07 17:01 . 2009-08-07 17:01 -------- d-----w- c:\program files\Paint.NET
2009-08-07 16:28 . 2009-08-07 16:27 -------- d-----w- c:\users\Kopa\AppData\Roaming\SecondLife
2009-08-05 10:40 . 2009-08-04 20:30 -------- d-----w- c:\programdata\NOS
2009-08-05 10:40 . 2009-08-04 20:30 -------- d-----w- c:\program files\NOS
2009-08-04 12:57 . 2009-07-23 23:36 -------- d-----w- c:\users\Kopa\AppData\Roaming\Spotify
2009-08-01 11:46 . 2009-07-17 19:01 -------- d-----w- c:\users\Kopa\AppData\Roaming\vlc
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 04:23 . 2009-03-20 22:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 09:48 . 2009-07-08 13:10 -------- d-----w- c:\program files\Yahoo!
2009-07-24 01:39 . 2007-07-23 19:27 -------- d-----w- c:\program files\CyberLink
2009-07-24 01:37 . 2009-07-08 13:10 -------- d-----w- c:\programdata\Yahoo!
2009-07-23 23:35 . 2009-07-23 23:35 -------- d-----w- c:\program files\Spotify
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-21 18:13 . 2009-07-21 18:13 -------- d-----w- c:\users\Mcx1\AppData\Roaming\DivX
2009-07-18 16:06 . 2009-07-29 10:34 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 10:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 10:34 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 10:16 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-13 10:16 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 10:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-13 10:16 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-13 10:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-10 11:15 . 2009-07-10 11:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-08 21:41 . 2009-07-08 21:41 0 ----a-w- c:\windows\nsreg.dat
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-23 10:54 . 2009-06-23 10:54 61760 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-06-23 10:53 . 2009-07-08 22:01 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-06-23 10:53 . 2009-07-08 22:01 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\progra~2\15989144 ----

2009-09-07 15:43 . 2009-09-07 16:01 0 ----a-w- c:\progra~2\15989144\pc15989144ins
2009-09-07 15:43 . 2009-09-07 15:43 56 ----a-w- c:\progra~2\15989144\15989144

---- Directory of c:\programdata\15989144 ----

2009-09-07 15:43 . 2009-09-07 16:01 0 ----a-w- c:\programdata\15989144\pc15989144ins
2009-09-07 15:43 . 2009-09-07 15:43 56 ----a-w- c:\programdata\15989144\15989144


((((((((((((((((((((((((((((( SnapShot@2009-09-13_17.50.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-23 17:17 . 2009-09-13 18:53 51170 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-13 18:53 66946 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-05 02:21 . 2009-09-13 18:53 11010 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1729058323-3176270510-1616200201-1000_UserData.bin
+ 2009-02-05 02:14 . 2009-09-13 18:51 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-05 02:14 . 2009-09-13 17:21 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-05 02:14 . 2009-09-13 18:51 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-05 02:14 . 2009-09-13 17:21 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:22 . 2009-09-13 17:46 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-09-13 19:08 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-02-05 02:14 . 2009-09-13 18:51 1556480 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-05 02:14 . 2009-09-13 17:21 1556480 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-30 23:41 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-11 2007832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F5F06F40-D905-41D7-9C4E-651F5AB846AC}"= UDP:5353:Adobe CSI CS4
"{74F62B14-A768-4AB8-950A-4C74AA38A745}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{1B9D7951-6486-4832-B437-58F39ED2CB58}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{0081E1AD-118A-424C-A420-A9D393665C13}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{D6368C98-4B50-49C7-9F0E-B9289B23B600}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{53CC6A46-724C-40F2-ADE4-DEBB4B457DB3}"= UDP:5353:Adobe CSI CS4
"{38212378-4C07-4A42-AC4F-70BFD62F249D}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A83AFD3A-6738-4B83-920C-F3BF37ED63FC}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{70DF70AC-145B-443A-A324-F34106464240}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{13692021-5419-4FF9-AC9C-3897CCF4F15F}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{109A5013-B24F-4AEA-8EC7-64D004DE4BBB}c:\\program files\\team fortress 2\\hl2.exe"= UDP:c:\program files\team fortress 2\hl2.exe:hl2
"UDP Query User{FB3924FC-E7F2-4DCF-A1CC-A877C56EFF67}c:\\program files\\team fortress 2\\hl2.exe"= TCP:c:\program files\team fortress 2\hl2.exe:hl2
"TCP Query User{FAC1569E-8923-4B5E-8183-A6AA50861AEA}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{D187C165-6662-4444-8B11-D26D645D6060}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B1C1C000-F3C1-41DF-AE40-3D104FA3802F}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{EC309C56-C451-44D2-BFEF-751BC86595FF}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{E2CDA4DA-2F6D-458A-AADB-762AC7DC3EA2}c:\\program files\\xchat\\xchat.exe"= UDP:c:\program files\xchat\xchat.exe:XChat IRC Client
"UDP Query User{D888DD60-B5D9-4BE5-9451-E8CA3D1ABEA0}c:\\program files\\xchat\\xchat.exe"= TCP:c:\program files\xchat\xchat.exe:XChat IRC Client
"TCP Query User{C7C28DDA-45E2-4AB2-AEBE-8517CA503BF9}c:\\program files\\microsoft chat\\cchat.exe"= UDP:c:\program files\microsoft chat\cchat.exe:Microsoft Chat
"UDP Query User{EF7EFC75-99A0-4DC5-823E-5287549DCFD3}c:\\program files\\microsoft chat\\cchat.exe"= TCP:c:\program files\microsoft chat\cchat.exe:Microsoft Chat
"TCP Query User{1212A521-0101-4F92-9C69-F1AA4152A9B8}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{9A45A62A-75CC-4EAE-BEC1-ADB88E2236C2}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{8ACF5768-08AE-44C9-8EFE-4EA9FEE2ABE1}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{12EA07CC-17DF-4E3D-982E-E0F6EE244535}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{BE1D6881-5218-4634-8169-B07AD7EFA046}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"UDP Query User{664E72B9-1C01-47AD-9D83-F205B80BB284}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"TCP Query User{4797D5B9-96EC-4BA4-99A8-4F60B216800E}c:\\program files\\ea games\\american mcgee's alice\\alice.exe"= UDP:c:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"UDP Query User{B9164609-67AC-4F7E-8A86-671D9B1AA9CC}c:\\program files\\ea games\\american mcgee's alice\\alice.exe"= TCP:c:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"TCP Query User{B8929E70-B6B6-43A7-B685-27F408109A49}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"UDP Query User{CBE64D25-42D8-41DD-823B-7580D7FFE1BA}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"{FC14F6C1-5629-4DA3-9618-4A93C215F571}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8AFF59C0-F8B3-4332-BAA5-87068CFDFAF5}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FD660F16-53FC-4913-846A-E93CB57C8870}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{23FF3633-A910-478F-8905-A8A85CFFBEBD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8F597F5-9A33-43F7-8D29-F382CC520F09}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B06B7B1E-83DC-468F-8603-7ADBDDCC0CA6}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{5CC737E4-1E79-49FB-A127-8AF1C4F6D0A6}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"TCP Query User{B6F4F494-017D-4868-A9D4-CAED4C4AC811}c:\\program files\\pando networks\\media booster\\pmb.exe"= UDP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"UDP Query User{5A7290D3-4B34-423E-8BC2-68D580935D2B}c:\\program files\\pando networks\\media booster\\pmb.exe"= TCP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"{2DB6CFEC-BF6D-45C6-B132-B5739DF2BBDF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{47DB2A9D-CB88-4719-98B3-6A266C7AAD0A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6982B654-0F5D-4C1D-84E6-382CD164F6C7}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{FD99BD80-7502-4F04-B754-9A5C85C457D8}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{1302AE23-A0F6-4D52-8A4D-E0CCE160CBE9}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{11AACA35-6380-4959-B0B6-FA472E894FE7}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{82FC70D3-BA9D-439C-AC5B-039B47E667E5}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{F3428E68-A875-41D6-B9EF-A747F6C5553A}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{34B8BAC4-1664-427A-B915-85AADE3C3980}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{2E667820-49A4-4945-A184-68BD91391ACF}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{FE73858A-A0E2-40C3-8823-3F57B6BFE7B6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{0AF96662-8DEA-4D7A-9048-F5656A862E33}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{5E6813CB-A420-42CE-87F7-AF2BDA585B11}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [20/11/2006 08:14 AM 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [17/11/2006 06:58 AM 31360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/09/2009 09:49 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/09/2009 09:49 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/09/2009 10:06 AM 297752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 07:58 PM 331824]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [23/06/2009 11:55 AM 188736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/08/2009 06:28 PM 1153368]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\System32\drivers\HssDrv.sys [02/07/2009 03:34 AM 33840]
R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [23/07/2007 06:24 PM 19456]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr61.sys [28/09/2007 02:37 PM 316928]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\System32\drivers\tap0901.sys [22/07/2009 08:13 PM 28592]
S2 AdobeAeLookupSvc;Adobe LM Service AdobeAeLookupSvc;c:\windows\TEMP\fnxpyglahb.exe service --> c:\windows\TEMP\fnxpyglahb.exe service [?]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [23/07/2007 06:24 PM 40960]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 01:44 PM 30088]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25/09/2007 03:59 PM 15152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 12:19 AM 57640]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 03:54 PM 52080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\CChat25.inf,PerUserRemove
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msi.com.tw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\
FF - prefs.js: browser.search.selectedEngine - Element
FF - prefs.js: browser.startup.homepage - hxxp://gaiaonline.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59287&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-13 20:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\kbiwkmbetokorg.dat 24338 bytes
c:\windows\system32\kbiwkmcmfibyex.dll 41472 bytes executable
c:\windows\system32\kbiwkmgupbtpse.dat 11930 bytes
c:\windows\system32\kbiwkmiscpwxey.dll 18944 bytes executable
c:\windows\system32\kbiwkmiyetvqxw.dat 91 bytes
c:\windows\system32\kbiwkmjvcuoyuu.dll 18944 bytes executable
c:\windows\system32\kbiwkmocuyjbum.dll 41472 bytes executable
c:\windows\system32\kbiwkmqyxvarea.dll 41472 bytes executable
c:\windows\system32\kbiwkmrssxqohd.dat 121120 bytes
c:\windows\system32\kbiwkmthbypntc.dat 91 bytes
c:\windows\system32\kbiwkmuodtocri.dll 19456 bytes executable
c:\windows\system32\kbiwkmvcvoqpwy.dll 20480 bytes executable
c:\windows\system32\kbiwkmvssmngqm.dat 43 bytes
c:\windows\system32\drivers\kbiwkmwmqxbsse.sys 66048 bytes executable
c:\users\Kopa\AppData\Local\Temp\kbiwkm000 0 bytes

scan completed successfully
hidden files: 15

**************************************************************************
.
Completion time: 2009-09-13 20:18
ComboFix-quarantined-files.txt 2009-09-13 19:18
ComboFix2.txt 2009-09-13 17:57

Pre-Run: 18,243,760,128 bytes free
Post-Run: 18,201,321,472 bytes free

343 --- E O F --- 2009-09-13 10:20
 
Hi,

Uninstall Ask Toolbar.


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?p=336218#post336218
Collect::
c:\windows\system32\kbiwkmbetokorg.dat
c:\windows\system32\kbiwkmcmfibyex.dll
c:\windows\system32\kbiwkmgupbtpse.dat
c:\windows\system32\kbiwkmiscpwxey.dll
c:\windows\system32\kbiwkmiyetvqxw.dat
c:\windows\system32\kbiwkmjvcuoyuu.dll
c:\windows\system32\kbiwkmocuyjbum.dll
c:\windows\system32\kbiwkmqyxvarea.dll
c:\windows\system32\kbiwkmrssxqohd.dat
c:\windows\system32\kbiwkmthbypntc.dat
c:\windows\system32\kbiwkmuodtocri.dll
c:\windows\system32\kbiwkmvcvoqpwy.dll
c:\windows\system32\kbiwkmvssmngqm.dat
c:\windows\system32\drivers\kbiwkmwmqxbsse.sys
c:\users\Kopa\AppData\Local\Temp\kbiwkm000
Folder::
c:\progra~2\15989144
c:\programdata\15989144


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe. You'll be asked to submit some samples.
Then post the resultant log.


Let's replace Kaspersky scan with ESET solution.

* Go here to run an online scanner from ESET.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new dds.txt log & a description of any remaining problems
 
I tried the ESET but that stopped working at 49%. Also, the Total Security virus has appeared on my laptop. I know how to stop it from working, but not how to get rid of it. I'm running an AVG scan now if the log from that would help? Also, AVG is still picking up all the 'kbiwkmwmqxbsse' etc. files constantly.

Here's the Combofix:

ComboFix 09-09-14.02 - Kopa 15/09/2009 11:34.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1983.1177 [GMT 1:00]
Running from: c:\users\Kopa\Desktop\Combo-Fix.exe
Command switches used :: c:\users\Kopa\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\users\Kopa\AppData\Local\Temp\kbiwkm000
file zipped: c:\windows\system32\drivers\kbiwkmwmqxbsse.sys
file zipped: c:\windows\system32\kbiwkmbetokorg.dat
file zipped: c:\windows\system32\kbiwkmcmfibyex.dll
file zipped: c:\windows\system32\kbiwkmgupbtpse.dat
file zipped: c:\windows\system32\kbiwkmiscpwxey.dll
file zipped: c:\windows\system32\kbiwkmiyetvqxw.dat
file zipped: c:\windows\system32\kbiwkmjvcuoyuu.dll
file zipped: c:\windows\system32\kbiwkmocuyjbum.dll
file zipped: c:\windows\system32\kbiwkmqyxvarea.dll
file zipped: c:\windows\system32\kbiwkmrssxqohd.dat
file zipped: c:\windows\system32\kbiwkmthbypntc.dat
file zipped: c:\windows\system32\kbiwkmuodtocri.dll
file zipped: c:\windows\system32\kbiwkmvcvoqpwy.dll
file zipped: c:\windows\system32\kbiwkmvssmngqm.dat
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~2\15989144
c:\progra~2\15989144\15989144
c:\progra~2\15989144\pc15989144ins
c:\programdata\15989144\15989144
c:\programdata\15989144\pc15989144ins
c:\users\Kopa\AppData\Local\Temp\kbiwkm000
c:\users\Kopa\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
c:\users\Kopa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZapMessenger.exe
c:\windows\system32\drivers\kbiwkmwmqxbsse.sys
c:\windows\system32\kbiwkmbetokorg.dat
c:\windows\system32\kbiwkmcmfibyex.dll
c:\windows\system32\kbiwkmgupbtpse.dat
c:\windows\system32\kbiwkmiscpwxey.dll
c:\windows\system32\kbiwkmiyetvqxw.dat
c:\windows\system32\kbiwkmjvcuoyuu.dll
c:\windows\system32\kbiwkmocuyjbum.dll
c:\windows\system32\kbiwkmqyxvarea.dll
c:\windows\system32\kbiwkmrssxqohd.dat
c:\windows\system32\kbiwkmthbypntc.dat
c:\windows\system32\kbiwkmuodtocri.dll
c:\windows\system32\kbiwkmvcvoqpwy.dll
c:\windows\system32\kbiwkmvssmngqm.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmbppuytmv


((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-15 10:49 . 2009-09-15 10:52 -------- d-----w- c:\users\Kopa\AppData\Local\temp
2009-09-15 10:49 . 2009-09-15 10:49 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2009-09-15 10:49 . 2009-09-15 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-14 07:18 . 2009-09-14 07:18 -------- d-----w- c:\programdata\WindowsSearch
2009-09-13 20:04 . 2009-09-13 20:04 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-13 17:14 . 2009-09-13 17:14 -------- d-----w- C:\Combo-Fix
2009-09-11 19:40 . 2006-11-02 09:46 11776 ------w- c:\windows\system32\cngaudit.dll
2009-09-11 16:14 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-11 16:14 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-11 16:14 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-11 16:14 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-11 16:14 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-11 16:14 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-11 16:14 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-11 16:14 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-11 16:14 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-11 16:14 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-11 16:13 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-11 16:13 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-11 16:13 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-11 16:13 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-11 16:13 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-11 09:26 . 2009-09-11 09:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2
2009-09-11 09:14 . 2009-09-11 09:14 -------- d-----w- c:\program files\Trend Micro7
2009-09-11 09:00 . 2009-09-11 09:00 -------- d-----w- c:\program files\Trend Micro0
2009-09-09 16:16 . 2009-09-09 16:16 0 ----a-w- c:\windows\system32\cd.dat
2009-09-08 22:13 . 2009-09-11 20:04 -------- d--h--w- c:\windows\PIF
2009-09-08 13:22 . 2009-09-08 13:22 -------- d-----w- c:\program files\Trend Micro9
2009-09-08 13:15 . 2009-09-08 13:15 -------- d-----w- c:\program files\Trend Micro3
2009-09-08 13:00 . 2009-09-08 13:00 -------- d-----w- c:\program files\Trend Micro2
2009-09-07 20:49 . 2009-09-11 09:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-07 20:49 . 2009-09-11 09:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-07 20:49 . 2009-09-11 09:06 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-07 20:49 . 2009-09-15 10:09 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-07 20:49 . 2009-09-11 09:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-07 20:33 . 2009-09-07 20:33 -------- d-----w- c:\program files\Trend Micro
2009-09-06 22:36 . 2009-09-06 22:36 -------- d-----w- c:\users\Kopa\dwhelper
2009-09-05 22:47 . 2009-09-05 22:47 -------- d-----w- c:\users\Kopa\AppData\Local\Cooliris
2009-09-05 21:41 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-05 21:41 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-05 18:05 . 2009-09-05 18:05 -------- d-----w- C:\found.000
2009-09-03 18:13 . 2009-09-03 18:13 -------- d-----w- c:\program files\System Search Dispatcher
2009-09-03 18:12 . 2009-09-03 18:12 -------- d-----w- c:\program files\DoubleD
2009-09-03 14:05 . 2009-09-03 14:05 -------- d-----w- c:\program files\Sophos
2009-09-03 14:02 . 2009-09-03 14:02 -------- d-----w- c:\users\Kopa\Pavark
2009-08-30 23:45 . 2009-08-30 23:45 -------- d-----w- C:\Hotspot Shield
2009-08-30 23:41 . 2009-08-30 23:45 -------- d-----w- c:\program files\Hotspot Shield
2009-08-29 19:42 . 2009-08-29 19:42 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-08-29 19:41 . 2009-08-29 19:41 -------- d-----w- c:\program files\MSECACHE
2009-08-29 19:11 . 2009-08-29 19:46 -------- d-----w- c:\program files\Windows Live
2009-08-29 19:11 . 2009-08-29 19:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-29 18:58 . 2009-08-29 18:58 -------- d-----w- c:\programdata\WLInstaller
2009-08-29 10:25 . 2009-08-29 10:25 -------- d-----w- c:\program files\Alwil Software
2009-08-27 02:03 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-26 17:28 . 2009-09-05 21:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-26 17:28 . 2009-08-26 17:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-26 03:18 . 2009-08-26 03:18 -------- d-----w- C:\PerfLogs
2009-08-26 01:35 . 2009-08-26 01:35 -------- d-----w- c:\users\Kopa\AppData\Local\Opera
2009-08-26 01:34 . 2009-09-13 21:19 -------- d-----w- c:\program files\Opera
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\users\Kopa\AppData\Roaming\Malwarebytes
2009-08-22 15:45 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-22 15:45 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 15:45 . 2009-08-22 15:45 -------- d-----w- c:\programdata\Malwarebytes
2009-08-22 13:05 . 2009-08-22 13:05 -------- d-----w- C:\ubuntu
2009-08-19 17:11 . 2009-08-19 17:11 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-08-19 17:10 . 2009-08-19 17:10 -------- d-----w- c:\users\Kopa\AppData\Roaming\SUPERAntiSpyware.com
2009-08-19 16:44 . 2009-08-19 16:44 -------- d-----w- c:\programdata\RegCure

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 00:16 . 2009-07-09 20:57 0 ----a-w- c:\users\Kopa\AppData\Local\prvlcl.dat
2009-09-14 23:30 . 2009-07-23 23:36 -------- d-----w- c:\users\Kopa\AppData\Roaming\Spotify
2009-09-14 19:30 . 2009-08-04 20:30 -------- d-----w- c:\programdata\NOS
2009-09-13 20:08 . 2007-07-23 17:49 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-12 02:11 . 2009-02-13 14:58 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-12 02:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-12 02:02 . 2007-07-23 18:56 -------- d-----w- c:\programdata\Microsoft Help
2009-09-11 17:24 . 2009-02-13 14:38 1356 ----a-w- c:\users\Kopa\AppData\Local\d3d9caps.dat
2009-09-11 16:01 . 2009-02-13 14:46 -------- d-----w- c:\programdata\avg8
2009-09-06 22:34 . 2009-03-21 08:48 -------- d-----w- c:\users\Kopa\AppData\Roaming\LimeWire
2009-09-05 21:24 . 2009-02-13 12:58 -------- d-----w- c:\program files\SystemRequirementsLab
2009-09-05 21:24 . 2009-02-06 23:13 -------- d-----w- c:\programdata\FLEXnet
2009-08-29 19:50 . 2009-02-05 16:33 -------- d-----w- c:\program files\Messenger Plus! Live
2009-08-29 19:11 . 2009-02-05 16:20 -------- d-----w- c:\program files\Microsoft
2009-08-29 17:27 . 2009-03-20 22:36 -------- d-----w- c:\program files\Java
2009-08-29 12:49 . 2009-04-20 10:52 -------- d-----w- c:\program files\FLAC to MP3 Converter
2009-08-26 17:26 . 2009-08-26 17:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-08-26 03:34 . 2009-02-13 14:53 -------- d-----w- c:\programdata\NVIDIA
2009-08-26 03:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-26 03:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-26 03:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-26 02:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-08-26 02:23 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-08-22 15:24 . 2009-02-12 23:04 -------- d-----w- c:\program files\Electronic Arts
2009-08-22 15:24 . 2007-07-23 17:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-18 14:42 . 2009-06-16 18:53 -------- d-----w- c:\users\Kopa\AppData\Roaming\SystemRequirementsLab
2009-08-10 12:12 . 2009-02-05 17:55 40768 ----a-w- c:\users\Kopa\AppData\Roaming\nvModes.dat
2009-08-07 17:01 . 2009-08-07 17:01 -------- d-----w- c:\program files\Paint.NET
2009-08-07 16:28 . 2009-08-07 16:27 -------- d-----w- c:\users\Kopa\AppData\Roaming\SecondLife
2009-08-01 11:46 . 2009-07-17 19:01 -------- d-----w- c:\users\Kopa\AppData\Roaming\vlc
2009-07-26 15:44 . 2009-07-26 15:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 04:23 . 2009-03-20 22:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-24 09:48 . 2009-07-08 13:10 -------- d-----w- c:\program files\Yahoo!
2009-07-24 01:39 . 2007-07-23 19:27 -------- d-----w- c:\program files\CyberLink
2009-07-24 01:37 . 2009-07-08 13:10 -------- d-----w- c:\programdata\Yahoo!
2009-07-23 23:35 . 2009-07-23 23:35 -------- d-----w- c:\program files\Spotify
2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys
2009-07-21 18:13 . 2009-07-21 18:13 -------- d-----w- c:\users\Mcx1\AppData\Roaming\DivX
2009-07-18 16:06 . 2009-07-29 10:34 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 10:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 10:34 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 10:16 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-13 10:16 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 10:16 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-13 10:16 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-13 10:16 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-10 11:15 . 2009-07-10 11:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-08 21:41 . 2009-07-08 21:41 0 ----a-w- c:\windows\nsreg.dat
2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys
2009-06-23 10:54 . 2009-06-23 10:54 61760 ----a-w- c:\windows\system32\ASTSRV.EXE
2009-06-23 10:53 . 2009-07-08 22:01 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2009-06-23 10:53 . 2009-07-08 22:01 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-13_17.50.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-07-23 17:17 . 2009-09-15 10:53 51644 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-15 10:53 67034 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-05 02:21 . 2009-09-15 10:53 11058 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1729058323-3176270510-1616200201-1000_UserData.bin
+ 2009-02-05 02:14 . 2009-09-15 10:29 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-05 02:14 . 2009-09-13 17:21 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-13 20:04 . 2009-09-13 20:04 21504 c:\windows\Installer\16fd6c.msi
+ 2009-09-13 20:04 . 2009-09-13 20:04 27648 c:\windows\Installer\16fd66.msi
- 2009-02-05 02:14 . 2009-09-13 17:21 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-05 02:14 . 2009-09-15 10:29 131072 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 10:22 . 2009-09-13 17:46 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2009-09-15 10:49 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-02-05 02:14 . 2009-09-13 17:21 1556480 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-05 02:14 . 2009-09-15 10:29 1556480 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-13 21:19 . 2009-09-13 21:19 2215424 c:\windows\Installer\5b2dc3.msi
+ 2009-09-13 20:09 . 2009-09-13 20:09 3938816 c:\windows\Installer\16fea3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-30 23:41 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-11 2007832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F5F06F40-D905-41D7-9C4E-651F5AB846AC}"= UDP:5353:Adobe CSI CS4
"{74F62B14-A768-4AB8-950A-4C74AA38A745}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{1B9D7951-6486-4832-B437-58F39ED2CB58}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"TCP Query User{0081E1AD-118A-424C-A420-A9D393665C13}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{D6368C98-4B50-49C7-9F0E-B9289B23B600}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{53CC6A46-724C-40F2-ADE4-DEBB4B457DB3}"= UDP:5353:Adobe CSI CS4
"{38212378-4C07-4A42-AC4F-70BFD62F249D}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{A83AFD3A-6738-4B83-920C-F3BF37ED63FC}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{70DF70AC-145B-443A-A324-F34106464240}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{13692021-5419-4FF9-AC9C-3897CCF4F15F}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{109A5013-B24F-4AEA-8EC7-64D004DE4BBB}c:\\program files\\team fortress 2\\hl2.exe"= UDP:c:\program files\team fortress 2\hl2.exe:hl2
"UDP Query User{FB3924FC-E7F2-4DCF-A1CC-A877C56EFF67}c:\\program files\\team fortress 2\\hl2.exe"= TCP:c:\program files\team fortress 2\hl2.exe:hl2
"TCP Query User{FAC1569E-8923-4B5E-8183-A6AA50861AEA}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{D187C165-6662-4444-8B11-D26D645D6060}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{B1C1C000-F3C1-41DF-AE40-3D104FA3802F}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{EC309C56-C451-44D2-BFEF-751BC86595FF}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{E2CDA4DA-2F6D-458A-AADB-762AC7DC3EA2}c:\\program files\\xchat\\xchat.exe"= UDP:c:\program files\xchat\xchat.exe:XChat IRC Client
"UDP Query User{D888DD60-B5D9-4BE5-9451-E8CA3D1ABEA0}c:\\program files\\xchat\\xchat.exe"= TCP:c:\program files\xchat\xchat.exe:XChat IRC Client
"TCP Query User{C7C28DDA-45E2-4AB2-AEBE-8517CA503BF9}c:\\program files\\microsoft chat\\cchat.exe"= UDP:c:\program files\microsoft chat\cchat.exe:Microsoft Chat
"UDP Query User{EF7EFC75-99A0-4DC5-823E-5287549DCFD3}c:\\program files\\microsoft chat\\cchat.exe"= TCP:c:\program files\microsoft chat\cchat.exe:Microsoft Chat
"TCP Query User{1212A521-0101-4F92-9C69-F1AA4152A9B8}c:\\windows\\system32\\javaw.exe"= UDP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{9A45A62A-75CC-4EAE-BEC1-ADB88E2236C2}c:\\windows\\system32\\javaw.exe"= TCP:c:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{8ACF5768-08AE-44C9-8EFE-4EA9FEE2ABE1}c:\\program files\\java\\jre6\\bin\\javaw.exe"= UDP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{12EA07CC-17DF-4E3D-982E-E0F6EE244535}c:\\program files\\java\\jre6\\bin\\javaw.exe"= TCP:c:\program files\java\jre6\bin\javaw.exe:Java(TM) Platform SE binary
"TCP Query User{BE1D6881-5218-4634-8169-B07AD7EFA046}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"UDP Query User{664E72B9-1C01-47AD-9D83-F205B80BB284}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"TCP Query User{4797D5B9-96EC-4BA4-99A8-4F60B216800E}c:\\program files\\ea games\\american mcgee's alice\\alice.exe"= UDP:c:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"UDP Query User{B9164609-67AC-4F7E-8A86-671D9B1AA9CC}c:\\program files\\ea games\\american mcgee's alice\\alice.exe"= TCP:c:\program files\ea games\american mcgee's alice\alice.exe:American McGee's Alice
"TCP Query User{B8929E70-B6B6-43A7-B685-27F408109A49}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= UDP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"UDP Query User{CBE64D25-42D8-41DD-823B-7580D7FFE1BA}c:\\program files\\gametap web player\\bin\\release\\gametapplayer.exe"= TCP:c:\program files\gametap web player\bin\release\gametapplayer.exe:GameTap Headless Application
"{FC14F6C1-5629-4DA3-9618-4A93C215F571}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{8AFF59C0-F8B3-4332-BAA5-87068CFDFAF5}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{FD660F16-53FC-4913-846A-E93CB57C8870}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{23FF3633-A910-478F-8905-A8A85CFFBEBD}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8F597F5-9A33-43F7-8D29-F382CC520F09}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B06B7B1E-83DC-468F-8603-7ADBDDCC0CA6}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{5CC737E4-1E79-49FB-A127-8AF1C4F6D0A6}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"TCP Query User{B6F4F494-017D-4868-A9D4-CAED4C4AC811}c:\\program files\\pando networks\\media booster\\pmb.exe"= UDP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"UDP Query User{5A7290D3-4B34-423E-8BC2-68D580935D2B}c:\\program files\\pando networks\\media booster\\pmb.exe"= TCP:c:\program files\pando networks\media booster\pmb.exe:Pando Media Booster
"{2DB6CFEC-BF6D-45C6-B132-B5739DF2BBDF}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{47DB2A9D-CB88-4719-98B3-6A266C7AAD0A}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{6982B654-0F5D-4C1D-84E6-382CD164F6C7}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{FD99BD80-7502-4F04-B754-9A5C85C457D8}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{1302AE23-A0F6-4D52-8A4D-E0CCE160CBE9}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{11AACA35-6380-4959-B0B6-FA472E894FE7}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{82FC70D3-BA9D-439C-AC5B-039B47E667E5}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{F3428E68-A875-41D6-B9EF-A747F6C5553A}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"TCP Query User{34B8BAC4-1664-427A-B915-85AADE3C3980}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{2E667820-49A4-4945-A184-68BD91391ACF}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{FE73858A-A0E2-40C3-8823-3F57B6BFE7B6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{0AF96662-8DEA-4D7A-9048-F5656A862E33}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{5E6813CB-A420-42CE-87F7-AF2BDA585B11}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\xchat\\xchat.exe"= c:\program files\xchat\xchat.exe:*:Enabled:XChat IRC Client

R0 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [20/11/2006 08:14 AM 38400]
R0 O2SDRDR;O2SDRDR;c:\windows\System32\drivers\o2sd.sys [17/11/2006 06:58 AM 31360]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/09/2009 09:49 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/09/2009 09:49 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/09/2009 10:06 AM 297752]
R2 HssSrv;Hotspot Shield Routing Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [06/08/2009 07:58 PM 331824]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [23/06/2009 11:55 AM 188736]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [26/08/2009 06:28 PM 1153368]
R3 HssDrv;Hotspot Shield Helper Miniport;c:\windows\System32\drivers\HssDrv.sys [02/07/2009 03:34 AM 33840]
R3 MGHwCtrl;MGHwCtrl;c:\windows\System32\drivers\MGHwCtrl.sys [23/07/2007 06:24 PM 19456]
R3 rt61x86;Ralink RT61 Wireless Driver for Windows Vista;c:\windows\System32\drivers\netr61.sys [28/09/2007 02:37 PM 316928]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\System32\drivers\tap0901.sys [22/07/2009 08:13 PM 28592]
S2 AdobeAeLookupSvc;Adobe LM Service AdobeAeLookupSvc;c:\windows\TEMP\fnxpyglahb.exe service --> c:\windows\TEMP\fnxpyglahb.exe service [?]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [23/07/2007 06:24 PM 40960]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/2008 01:44 PM 30088]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25/09/2007 03:59 PM 15152]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [11/08/2009 12:19 AM 57640]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 03:54 PM 52080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\CChat25.inf,PerUserRemove
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msi.com.tw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\
FF - prefs.js: browser.search.selectedEngine - Element
FF - prefs.js: browser.startup.homepage - hxxp://gaiaonline.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=59287&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Kopa\AppData\Roaming\Mozilla\Firefox\Profiles\hekitc3k.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 11:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3812)
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\windows\System32\ASTSRV.EXE
c:\windows\System32\CTSVCCDA.EXE
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\o2flash.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\microsoft shared\ink\InputPersonalization.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\AVG\AVG8\avgscanx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2009-09-15 12:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-15 11:00
ComboFix2.txt 2009-09-13 19:18
ComboFix3.txt 2009-09-13 17:57

Pre-Run: 17,770,569,728 bytes free
Post-Run: 17,714,798,592 bytes free

377 --- E O F --- 2009-09-13 10:20
Upload was successful
 
You must log in or register to reply here.
Back
Top