Spybot & AVG8.5 wont scan,cant save HJT,ERUNT,Malwarebytes

[northernunicorn]

Hi: I've been reading the threads & I think I may be infected with Rootkit malware?

I followed the steps in "Before you post". and did what I could.

I WASNT able to save anything suggested to desktop or anywhere (except I was able to save a file called ".housecall6.6" but it wont run.

For Spybot, I get this message when I right-click to run as administrator "Windows cant access the specified device,path or file.You may not have the apprpriate permission to access the item."
I can search for updates but cant get into Spybot to Immunize.
Same thing happens in Safe Mode

Antivirus program(AVG8.5) will not scan but will update. Resident Protection says not activated even though it shows it is.
Tried changing & still does the same.
In Safe Mode, most files show as LOCKED when I run a scan.

Windows Defender scans & shows no threats.

Computer Information:
Windows Vista SP2
Spybot-Search & Destroy version 1.6.2 (teatimer deactivated-couldnt figure it out)
Antivirus- AVG Free version: 8.5.409 database 270.13.113/2400
Windows Defender activated
Windows Vista Firewall

Things I've done to try to fix:

<<Turned off System Restore

<<Looked at Windows Uninstall/Change programs-nothing suspicious
<<Ran Disk Clean-up

<<Ran Disk Check with both boxes checked

<<Tried to scan with AVG-just stalls & closes itself very shortly-indicates Resident Shield not active though it is indicated as active-Resident Shield log for Sept.20&21/09 shows following moved to Virus Vault or Deleted--TrojanHorse Crypt.HOA (2 files), Trojan Horse Crypt.HOQ (44 files)
***Explanation: My son mis-typed name of a TV site & thats when all the files/pictures came flashing onto computer.

<<Tried to Save & Run Malwarebytes. Didnt show up anywhere.

<<Tried to run Spybot scan. Couldnt.see "lack of permission" quote above

<<Tried to Save & Run "ERUNT"Didnt show up anywhere.

I use my computer mostly for emails, typing minutes & documents (I am Secretary/Treasurer for 3 organizations) and going to several favourite well-known sites that are safe.
My son goes to TV channel & video game tips sites.

:red:I hope I'm posting to the correct forum. Im not much of a "Techie"; however, I do try to keep safe on the Internet. I sure hope I dont have to re-format(dont know how to do that!!) or completely clear off everything & start from scratch.

I will patiently wait for a reply; I notice Im one of a great many asking for help.
Thank you :thanks:

 

[IndiGenus]

Hello northernunicorn and welcome back to the Spybot S&D forums. Sorry for the delay in getting to your post.

Let's start with a quick diagnostic.

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

 

[northernunicorn]

Hi IndiGenus
Thank you for your reply. I was out of town until today; thus my late reply.

I wasn't able to save the Win32Diag.exe application to my desktop or to anywhere. The "save" seemed to work but didn't show up. I did several searches for it, even after trying to save to my own file.

Seems to be having the same result as when I tried to save things suggested in "Before You Post". Any suggestions?

Waiting for your suggestion.

 

[IndiGenus]

Do you have another PC you can download files on and transfer over or run with a CD/DVD or USB drive?

 

[northernunicorn]

Hi IndiGenus
:red: Do you mean ...can I save the files onto a CD/DVD drive or USB stick on this computer & run from there? Sorry...not too much of a techie? :scratch:

I don't presently have access to another computer. Maybe tomorrow I can see if I can use a neighbour's...if it comes to that.

Waiting for your reply.:bigthumb:

 

[IndiGenus]

I meant downloading them on another PC and transferring over that way.

This may be a new infection or variation that is nasty. I'm watching one other thread in another forum with the same symptoms, and they haven't found a way to get around this yet.

 

[northernunicorn]

Hi from Dorothy: Sorry so long replying. Was away from home a few days.

I've found a neighbour who will let me use their computer to download onto CD. They said their computer is clean. (Thought mine was too until this happened.:sad: )
Please give a list of "things" I need to download to a CD

Thank you:thanks:

 

[IndiGenus]

Okay normally I would post the download link when I advise the tool, but here I'll advise the tools I would expect we may use here. At least to get to the point where you can download files.

Don't run or install tools until advised, but I realize you may not want to go back and forth from your neighbors, so you can get them all on disk.

The first is the Win32kDiag tool I advised earlier. Try and copy it to your desktop to run it. If you cannot then try running from the disk.

Please save this file. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

The other tools to save to disk are as follows.

Root Repeal:
Zip Mirrors (Recommended)

• Primary Mirror
• Secondary Mirror
• Secondary Mirror

Combofix:
Link 1
Link 2

Temp File Cleaner:
TFC

DDS:
From here or here or here.

 

[northernunicorn]

Hi IndiGenous:
Im back and at a friend's computer.
I will try to save to CD the tools you mentioned and then run them on my computer.
Hope this works. I will let you know.
I apologize for the long wait between...family & financial obligations took over my time.

from Dorothy :yes:

 

[northernunicorn]

log from Win32Diag tool part1

Hi IndiGenus:

Okay normally I would post the download link when I advise the tool, but here I'll advise the tools I would expect we may use here. At least to get to the point where you can download files.

Don't run or install tools until advised, but I realize you may not want to go back and forth from your neighbors, so you can get them all on disk.

The first is the Win32kDiag tool I advised earlier. Try and copy it to your desktop to run it. If you cannot then try running from the disk.

Please save this file. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.QUOTE]

I was able to save the tools to a disk.

I was able to copy the Win32Diag tool to my desktop & run it. The log from the scan was saved to my desktop but it is larger than can fit in 1 post so I'll spread it over as many as necessary because I'm not sure if it's ok to send it as an attachment.

Note: I hope I didnt mess up by running it twice. I ran it once then thought I should have done it as administrator & ran it again...thought there would be 2 logs left on desktop but there wasn't...Please let me know if I messed up or not.

Here goes with the log:

Running from: C:\Users\JeffandMom\Desktop\Win32kDiag.exe

Log file at : C:\Users\JeffandMom\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2EBD.tmp\ZAP2EBD.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6673.tmp\ZAP6673.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9AF7.tmp\ZAP9AF7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA5B0.tmp\ZAPA5B0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB0D7.tmp\ZAPB0D7.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Downloaded Program Files\CONFLICT.1\CONFLICT.1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Downloaded Program Files\CONFLICT.2\CONFLICT.2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

 

[IndiGenus]

You can certainly attach the file if too big.

 

[northernunicorn]

log from Win32Diag tool part2

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

 

[northernunicorn]

log from Win32Diag tool part3

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.16868_none_9a40172a0fc4863e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6000.21065_none_9ac68b3928e50d45

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18270_none_9c1383940cfa6868

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.22447_none_9cc4940f25f962e7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.18049_none_9e2369c00a004aef

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6002.22150_none_9e993405232e229b

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.21065_none_0599dfcaf1fae401: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.18270_none_06e6d825d6103f24: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6001.22447_none_0797e8a0ef0f39a3: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.18049_none_08f6be51d31621ab: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\8515290af8e2a11b58a5fdcb5018cdf3\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6002.22150_none_096c8896ec43f957: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16919_none_f0a013de6e53b9ab

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21119_none_f12988cb87718cb7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18322_none_f27480926b88b52c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22511_none_f307eee5849f1cd5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18103_none_f4719482689de8ec

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\900b4a4eda74f4f6355031d2463ada66\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22215_none_f4f261f581c1d755

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.16884_none_83e02be57bf1f0b4: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6000.21082_none_8467a03e95119112: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.18288_none_85ca6bb37914e701: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6001.22468_none_8669aa3c92224c10: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.18064_none_87c27e31762e9c0e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d\x86_microsoft-windows-l..securityhelperclass_31bf3856ad364e35_6.0.6002.22170_none_883d49e88f57f26d: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\98feee1bafb0596b2f2987bc05c79171\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.18091_none_87a35e9f02db5bf5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416\x86_microsoft-windows-l..istry-support-tcpip_31bf3856ad364e35_6.0.6002.22200_none_888d4c521bb0e416: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.16908_en-us_80aa46aabe6988cc: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6000.21108_en-us_8133bb97d7875bd8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.18311_en-us_827eb35ebb9e844d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6001.22497_en-us_82b7d285d4f79ba9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.18091_en-us_840ea5e6b905b8f9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a\x86_microsoft-windows-netevent.resources_31bf3856ad364e35_6.0.6002.22200_en-us_84f89399d1db411a: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.16908_none_586821dd6d61016f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6000.21108_none_58f196ca867ed47b

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.18311_none_5a3c8e916a95fcf0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6001.22497_none_5a75adb883ef144c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.18091_none_5bcc811967fd319c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd\x86_microsoft-windows-netevent_31bf3856ad364e35_6.0.6002.22200_none_5cb66ecc80d2b9bd

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.16908_none_54bd3631b81fb89b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.21108_none_5546ab1ed13d8ba7: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22497_none_56cac20cceadcb78: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.21108_none_cbcfae32467adc51

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22497_none_cd53c52043eb1c22

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.16908_en-us_f28bf998a1c9cb0c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6000.21108_en-us_f3156e85bae79e18: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.18311_en-us_f460664c9efec68d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6001.22497_en-us_f4998573b857dde9: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.18091_en-us_f5f058d49c65fb39: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a\x86_microsoft-windows-t..p-utility.resources_31bf3856ad364e35_6.0.6002.22200_en-us_f6da4687b53b835a: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.16908_none_30e8bd0651b053ef

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6000.21108_none_317231f36ace26fb

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.18311_none_32bd29ba4ee54f70

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6001.22497_none_32f648e1683e66cc

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.18091_none_344d1c424c4c841c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.0.6002.22200_none_353709f565220c3d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b635b7a7651f5dd1a95f6d85f3bb620f\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\cc9db45d4d7a49bee9efe23f364bf80b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18795_none_656cbc830d360ee8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\cc9db45d4d7a49bee9efe23f364bf80b\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.22886_none_66022984264aac18: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_accessibility_b03f5f7f11d50a3a_6.0.6002.18005_none_4d866065934e5ef7\msil_accessibility_b03f5f7f11d50a3a_6.0.6002.18005_none_4d866065934e5ef7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_aspnetmmcext_b03f5f7f11d50a3a_6.0.6002.18005_none_8054152c96e37e26\msil_aspnetmmcext_b03f5f7f11d50a3a_6.0.6002.18005_none_8054152c96e37e26

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6002.18005_none_eb63fcdad4ebfd16\msil_comsvcconfig_b03f5f7f11d50a3a_6.0.6002.18005_none_eb63fcdad4ebfd16

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_cscompmgd_b03f5f7f11d50a3a_6.0.6002.18005_none_1872efd4aa5a4414\msil_cscompmgd_b03f5f7f11d50a3a_6.0.6002.18005_none_1872efd4aa5a4414

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_dfsvc_b03f5f7f11d50a3a_6.0.6002.18005_none_65a8cc0289501153\msil_dfsvc_b03f5f7f11d50a3a_6.0.6002.18005_none_65a8cc0289501153

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_eventviewer.resources_31bf3856ad364e35_6.0.6002.18005_en-us_cc17da7cb2f2920f\msil_eventviewer.resources_31bf3856ad364e35_6.0.6002.18005_en-us_cc17da7cb2f2920f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6002.18005_none_ef4a58c7c5889e64\msil_ieexecremote_b03f5f7f11d50a3a_6.0.6002.18005_none_ef4a58c7c5889e64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_ieexec_b03f5f7f11d50a3a_6.0.6002.18005_none_7ebbc5c007fec7a8\msil_ieexec_b03f5f7f11d50a3a_6.0.6002.18005_none_7ebbc5c007fec7a8

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_iehost_b03f5f7f11d50a3a_6.0.6002.18005_none_7e35165408616421\msil_iehost_b03f5f7f11d50a3a_6.0.6002.18005_none_7e35165408616421

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_iiehost_b03f5f7f11d50a3a_6.0.6002.18005_none_816442d68bbe18e0\msil_iiehost_b03f5f7f11d50a3a_6.0.6002.18005_none_816442d68bbe18e0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_jsc_b03f5f7f11d50a3a_6.0.6002.18005_none_a7af7d70d7c9356f\msil_jsc_b03f5f7f11d50a3a_6.0.6002.18005_none_a7af7d70d7c9356f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.build.engine_b03f5f7f11d50a3a_6.0.6002.18005_none_387c914c0ed279d3\msil_microsoft.build.engine_b03f5f7f11d50a3a_6.0.6002.18005_none_387c914c0ed279d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.build.framework_b03f5f7f11d50a3a_6.0.6002.18005_none_c2a3acd783e72d57\msil_microsoft.build.framework_b03f5f7f11d50a3a_6.0.6002.18005_none_c2a3acd783e72d57

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6002.18005_none_9d3ca2208d80c419\msil_microsoft.build.tasks_b03f5f7f11d50a3a_6.0.6002.18005_none_9d3ca2208d80c419

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.0.6002.18005_none_e1e4fa8ea5567225\msil_microsoft.build.utilities_b03f5f7f11d50a3a_6.0.6002.18005_none_e1e4fa8ea5567225

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.jscript_b03f5f7f11d50a3a_6.0.6002.18005_none_d20884118360c004\msil_microsoft.jscript_b03f5f7f11d50a3a_6.0.6002.18005_none_d20884118360c004

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.managementconsole_31bf3856ad364e35_6.0.6002.18005_none_404ed32b1170eb50\msil_microsoft.managementconsole_31bf3856ad364e35_6.0.6002.18005_none_404ed32b1170eb50

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6002.18005_none_c7bec71ffdedf435\msil_microsoft.transactions.bridge_b03f5f7f11d50a3a_6.0.6002.18005_none_c7bec71ffdedf435

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.visualbasic.compatibility.data_b03f5f7f11d50a3a_6.0.6002.18005_none_5f17fcdf1d21af33\msil_microsoft.visualbasic.compatibility.data_b03f5f7f11d50a3a_6.0.6002.18005_none_5f17fcdf1d21af33: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.visualbasic.compatibility_b03f5f7f11d50a3a_6.0.6002.18005_none_ed4030cc958ae321\msil_microsoft.visualbasic.compatibility_b03f5f7f11d50a3a_6.0.6002.18005_none_ed4030cc958ae321: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.0.6002.18005_none_f2b3e9f14ccc4d0f\msil_microsoft.visualbasic.vsa_b03f5f7f11d50a3a_6.0.6002.18005_none_f2b3e9f14ccc4d0f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.visualbasic_b03f5f7f11d50a3a_6.0.6002.18005_none_ad69093e0186cb39\msil_microsoft.visualbasic_b03f5f7f11d50a3a_6.0.6002.18005_none_ad69093e0186cb39

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.0.6002.18005_none_44578232f2ea7160\msil_microsoft.vsa.vb.codedomprocessor_b03f5f7f11d50a3a_6.0.6002.18005_none_44578232f2ea7160

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.vsa_b03f5f7f11d50a3a_6.0.6002.18005_none_682aad423a72f74b\msil_microsoft.vsa_b03f5f7f11d50a3a_6.0.6002.18005_none_682aad423a72f74b

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.web.administration.resources_31bf3856ad364e35_6.0.6002.18005_en-us_9e7284d03365a901\msil_microsoft.web.administration.resources_31bf3856ad364e35_6.0.6002.18005_en-us_9e7284d03365a901: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_microsoft.web.administration_31bf3856ad364e35_6.0.6002.18005_none_b8c9781d8fcc849c\msil_microsoft.web.administration_31bf3856ad364e35_6.0.6002.18005_none_b8c9781d8fcc849c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_miguicontrols_31bf3856ad364e35_6.0.6002.18005_none_b034519a39bcde59\msil_miguicontrols_31bf3856ad364e35_6.0.6002.18005_none_b034519a39bcde59

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_mmcex_31bf3856ad364e35_6.0.6002.18005_none_fdd3b6785be3af44\msil_mmcex_31bf3856ad364e35_6.0.6002.18005_none_fdd3b6785be3af44

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_mmcfxcommon_31bf3856ad364e35_6.0.6002.18005_none_5452e9e5750caf3c\msil_mmcfxcommon_31bf3856ad364e35_6.0.6002.18005_none_5452e9e5750caf3c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_napsnap.resources_31bf3856ad364e35_6.0.6002.18005_en-us_d14785aeef1f0902\msil_napsnap.resources_31bf3856ad364e35_6.0.6002.18005_en-us_d14785aeef1f0902

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_9e0bf58c35ba287c\msil_presentationbuildtasks_31bf3856ad364e35_6.0.6002.18005_none_9e0bf58c35ba287c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationcffrasterizer_31bf3856ad364e35_6.0.6002.18005_none_43070e2e1454a6a0\msil_presentationcffrasterizer_31bf3856ad364e35_6.0.6002.18005_none_43070e2e1454a6a0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationfontcache_31bf3856ad364e35_6.0.6002.18005_none_0fb649d9ad5630d5\msil_presentationfontcache_31bf3856ad364e35_6.0.6002.18005_none_0fb649d9ad5630d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationframework.aero_31bf3856ad364e35_6.0.6002.18005_none_1b338c0e6cbb7a8b\msil_presentationframework.aero_31bf3856ad364e35_6.0.6002.18005_none_1b338c0e6cbb7a8b

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationframework.classic_31bf3856ad364e35_6.0.6002.18005_none_b244cef4e1b377d4\msil_presentationframework.classic_31bf3856ad364e35_6.0.6002.18005_none_b244cef4e1b377d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationframework.luna_31bf3856ad364e35_6.0.6002.18005_none_1a0e64ec6d65920e\msil_presentationframework.luna_31bf3856ad364e35_6.0.6002.18005_none_1a0e64ec6d65920e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationframework.royale_31bf3856ad364e35_6.0.6002.18005_none_9c96b85b8e663ccc\msil_presentationframework.royale_31bf3856ad364e35_6.0.6002.18005_none_9c96b85b8e663ccc

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationframework_31bf3856ad364e35_6.0.6002.18005_none_78a30f10f11e86c4\msil_presentationframework_31bf3856ad364e35_6.0.6002.18005_none_78a30f10f11e86c4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_presentationui_31bf3856ad364e35_6.0.6002.18005_none_ad960e0439a9be86\msil_presentationui_31bf3856ad364e35_6.0.6002.18005_none_ad960e0439a9be86

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_reachframework_31bf3856ad364e35_6.0.6002.18005_none_439ad0affea2839f\msil_reachframework_31bf3856ad364e35_6.0.6002.18005_none_439ad0affea2839f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6002.18005_none_4aa84200fc580287\msil_servicemodelreg_b03f5f7f11d50a3a_6.0.6002.18005_none_4aa84200fc580287

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_smdiagnostics_b77a5c561934e089_6.0.6002.18005_none_9e6dd954b053cc6d\msil_smdiagnostics_b77a5c561934e089_6.0.6002.18005_none_9e6dd954b053cc6d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_smsvchost_b03f5f7f11d50a3a_6.0.6002.18005_none_12354c1054c35525\msil_smsvchost_b03f5f7f11d50a3a_6.0.6002.18005_none_12354c1054c35525

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_sysglobl_b03f5f7f11d50a3a_6.0.6002.18005_none_d4bb69db8a792ee2\msil_sysglobl_b03f5f7f11d50a3a_6.0.6002.18005_none_d4bb69db8a792ee2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.configuration.install_b03f5f7f11d50a3a_6.0.6002.18005_none_8b9cdc5b78f8032d\msil_system.configuration.install_b03f5f7f11d50a3a_6.0.6002.18005_none_8b9cdc5b78f8032d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.configuration_b03f5f7f11d50a3a_6.0.6002.18005_none_2afff036370d4fd2\msil_system.configuration_b03f5f7f11d50a3a_6.0.6002.18005_none_2afff036370d4fd2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.data.sqlxml_b77a5c561934e089_6.0.6002.18005_none_3153bfada5516881\msil_system.data.sqlxml_b77a5c561934e089_6.0.6002.18005_none_3153bfada5516881

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.deployment_b03f5f7f11d50a3a_6.0.6002.18005_none_5fd691f73142d41f\msil_system.deployment_b03f5f7f11d50a3a_6.0.6002.18005_none_5fd691f73142d41f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.design_b03f5f7f11d50a3a_6.0.6002.18005_none_b525864303710290\msil_system.design_b03f5f7f11d50a3a_6.0.6002.18005_none_b525864303710290

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18005_none_aef5d5a354b01224\msil_system.directoryservices.protocols_b03f5f7f11d50a3a_6.0.6002.18005_none_aef5d5a354b01224: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6002.18005_none_5679ca4731c43ad9\msil_system.directoryservices_b03f5f7f11d50a3a_6.0.6002.18005_none_5679ca4731c43ad9

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.drawing.design_b03f5f7f11d50a3a_6.0.6002.18005_none_1be3a910b0bb38ae\msil_system.drawing.design_b03f5f7f11d50a3a_6.0.6002.18005_none_1be3a910b0bb38ae

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.drawing_b03f5f7f11d50a3a_6.0.6002.18005_none_8f6eb5fdf12629bc\msil_system.drawing_b03f5f7f11d50a3a_6.0.6002.18005_none_8f6eb5fdf12629bc

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6002.18005_none_abcac43873eedab5\msil_system.identitymodel.selectors_b77a5c561934e089_6.0.6002.18005_none_abcac43873eedab5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.identitymodel_b77a5c561934e089_6.0.6002.18005_none_1d35f4104460221f\msil_system.identitymodel_b77a5c561934e089_6.0.6002.18005_none_1d35f4104460221f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.io.log_b03f5f7f11d50a3a_6.0.6002.18005_none_84d894282094e2b4\msil_system.io.log_b03f5f7f11d50a3a_6.0.6002.18005_none_84d894282094e2b4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.management_b03f5f7f11d50a3a_6.0.6002.18005_none_1f10f6d20cbde89f\msil_system.management_b03f5f7f11d50a3a_6.0.6002.18005_none_1f10f6d20cbde89f

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.messaging_b03f5f7f11d50a3a_6.0.6002.18005_none_2d8dcc7323f39b16\msil_system.messaging_b03f5f7f11d50a3a_6.0.6002.18005_none_2d8dcc7323f39b16

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.runtime.remoting_b77a5c561934e089_6.0.6002.18005_none_c56ff2c845843ca9\msil_system.runtime.remoting_b77a5c561934e089_6.0.6002.18005_none_c56ff2c845843ca9

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6002.18005_none_47ee75992421f088\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.0.6002.18005_none_47ee75992421f088: 3

 

[IndiGenus]

Was that the end of the report?

 

[northernunicorn]

posting of log from Win32Diag tool

Hi IndiGenus:

I just noticed your reply re: attachment.
That's what I'll do since I goofed up and lost my place doing copy/paste in sections.

Here's goes with the attachment...hopefully:red:

Thanks for your patience & ignore the reams of partial posting of the log...
from Dorothy

 

[IndiGenus]

Okay no problem, got it. I'll take a look and post back soon.

 

[northernunicorn]

re: Win32Diag log

Hi IndiGenus:

Thanks very much. Will await your reply.
from Dorothy

 

[IndiGenus]

* IMPORTANT !!! Copy ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Please also post an updated HijackThis log and let me know how it's running.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[northernunicorn]

re: Copy ComboFix.exe to desktop

Hi IndiGenus:
Got your reply & will do the "ComboFix.exe" instructions/scan.
and post a log.

As for "HijackThis" log, I'll give that a try after the above. I wasn't able to do that when I first asked for help (see my request for help page).

Talk with you soon. Thanks for your speedy reply.
from Dorothy

 

[northernunicorn]

ComboFix log included

Hi IndiGenus:

Below the info notes is the ComboFix log you requested.

I didnt notice any prompts to allow install of "Micrsoft Windows Recovery Console", so I'm thinking it's already on my computer.


I reactivated Antivirus & Antispyware applications before going onto the Internet to post here. Hope I was supposed to do that.

***Note***:
1. I still can't access Spybot-Search & Destroy...same message as before comes up saying I may not have the appropriate permissions to access item, even though I click "run as administrator". I have never had the Tea Timer running because I found all the prompts to confusing and was concerned about a conflict between Spybot Teatimer and AVG8 Resident Shield so I just used the AVG8 Resident Shield.

2. AVG8 Resident Shield will still not reactivate even after clicking the appropriate boxes.

3. Windows Defender re-enabled no problem.



Hope that's the info you were requesting.

Thanks from Dorothy
Here is the ComboFix log:

ComboFix 09-10-17.01 - JeffandMom 19/10/2009 13:16.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.446.119 [GMT -4:00]
Running from: c:\users\JeffandMom\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1243676550-844158297-4097513924-1001
c:\$recycle.bin\S-1-5-21-1243676550-844158297-4097513924-1002
c:\$recycle.bin\S-1-5-21-1243676550-844158297-4097513924-1003
c:\$recycle.bin\S-1-5-21-1243676550-844158297-4097513924-500
c:\$recycle.bin\S-1-5-21-1738422755-998661840-641317060-500
c:\$recycle.bin\S-1-5-21-2365545147-1999384947-2466353664-500
c:\users\JeffandMom\AppData\Roaming\.#
c:\windows\win32k.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.

2009-10-19 17:29 . 2009-10-19 17:33 -------- d-----w- c:\users\JeffandMom\AppData\Local\temp
2009-10-19 17:29 . 2009-10-19 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-15 03:59 . 2009-10-15 03:59 -------- d-----w- c:\program files\ESET
2009-10-14 22:58 . 2009-10-14 23:00 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-14 03:33 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 03:33 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 03:33 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 03:30 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-13 18:35 . 2009-10-13 18:35 -------- d-----w- c:\users\JeffandMom\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-13 18:15 . 2009-10-13 18:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-03 05:51 . 2009-10-01 14:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-23 17:12 . 2009-09-24 00:31 -------- d-----w- c:\users\JeffandMom\.housecall6.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-14 04:45 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-13 18:23 . 2009-07-14 03:00 -------- d-----w- c:\programdata\NOS
2009-09-30 22:16 . 2008-11-03 18:46 -------- d-----w- c:\program files\DNA
2009-09-30 04:03 . 2008-01-11 02:28 680 ----a-w- c:\users\JeffandMom\AppData\Local\d3d9caps.dat
2009-09-27 17:21 . 2009-02-13 05:06 -------- d-----w- c:\program files\Spybot - Search & Destroy162
2009-09-23 15:22 . 2007-06-21 09:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-21 05:01 . 2008-05-25 16:40 -------- d-----w- c:\programdata\Avg8
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-09-12 05:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-12 05:10 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-09-02 06:40 . 2009-02-13 09:37 -------- d-----w- c:\program files\Java
2009-08-29 00:27 . 2009-09-03 13:57 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 13:57 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 13:51 . 2009-02-03 20:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 13:51 . 2009-02-03 20:53 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-28 13:51 . 2009-02-03 20:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-27 05:22 . 2009-10-14 03:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 03:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-14 03:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-14 03:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-23 04:32 . 2007-06-12 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 16:27 . 2009-09-10 00:49 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-10 00:49 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-10 00:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-10 00:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-10 00:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-10 00:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-10 00:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-10 00:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-10 00:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-10 00:49 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-10 00:49 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 23:52 . 2009-08-04 23:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 12:34 . 2009-10-14 03:32 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:34 . 2009-10-14 03:32 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-25 09:23 . 2009-01-24 07:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2007-09-25 01:32 . 2007-09-25 01:32 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-06-13 03:56 . 2007-06-13 03:55 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-19 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BitTorrent DNA"="c:\users\JeffandMom\Program Files\DNA\btdna.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Corel Photo Downloader"=c:\program files\Corel\Corel Snapfire Plus\PhotoDownloader.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Sys7CC0.exe"=c:\windows\Sys7CC0.exe
"WPCUMI"=c:\windows\system32\WpcUmi.exe
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"SigmatelSysTrayApp"=sttray.exe
"AVG8_TRAY"=c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):40,68,88,54,68,33,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1243676550-844158297-4097513924-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B3575F37-250E-44F1-955F-9DBA8D31014F}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{33B940DD-6CDC-41AD-B5C0-94FFFE30F099}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{675E4329-BDAD-425B-8F52-E59340D79AE2}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"TCP Query User{1C073947-2788-4DB5-8357-98E3E3FCDA24}c:\\program files\\maxis\\simcity 3000 unlimited\\apps\\updater\\updater.exe"= UDP:c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe:SC3UpdaterMFC
"UDP Query User{8CB2018A-3E7E-4C02-AF5B-51AF4CF93026}c:\\program files\\maxis\\simcity 3000 unlimited\\apps\\updater\\updater.exe"= TCP:c:\program files\maxis\simcity 3000 unlimited\apps\updater\updater.exe:SC3UpdaterMFC
"TCP Query User{C4FD23D5-2EA3-4158-A34F-46692E6CC4D4}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{40927A40-DE20-49B6-A2E7-F52B8395AA5D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{714594F5-54E7-4B6C-986C-A77C6490D6DC}"= UDP:c:\program files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{45CDFF7D-D7E9-433E-9584-73C0A7ECF93F}"= TCP:c:\program files\SpywareBlaster\spywareblaster.exe:SpywareBlaster
"{16DCBD6D-6EA6-4CE0-A7D8-36E9E51C0130}"= UDP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"{0B8085F5-69B5-4EFB-A42F-6B5FEC037EA8}"= TCP:c:\program files\Spybot - Search & Destroy\SpybotSD.exe:Spybot - Search & Destroy
"TCP Query User{78733992-4ABA-4095-9BF7-64F6EB0EBD63}c:\\users\\jeffandmom\\appdata\\local\\temp\\cryf095.tmp\\install.exe"= Disabled:UDP:c:\users\jeffandmom\appdata\local\temp\cryf095.tmp\install.exe:install.exe
"UDP Query User{5100B386-8977-488E-87A5-FD6EE52C9204}c:\\users\\jeffandmom\\appdata\\local\\temp\\cryf095.tmp\\install.exe"= Disabled:TCP:c:\users\jeffandmom\appdata\local\temp\cryf095.tmp\install.exe:install.exe
"TCP Query User{A68E209B-8B93-4E8F-AD3B-7CAF8423BEF2}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"UDP Query User{14456106-FC4A-499C-B233-9DA902D77F8C}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:MSN Messenger
"TCP Query User{DA2C9F94-6C3A-46C3-9312-8BE90D992031}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{CAA44634-39E1-43CB-8892-D368F1834357}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{0E289CE5-5339-44C8-83BA-4250041310E6}c:\\program files\\morpheus\\morpheus.exe"= UDP:c:\program files\morpheus\morpheus.exe:Morpheus
"UDP Query User{4D3E9D19-028D-48DC-8DC3-B94B6CE2B61C}c:\\program files\\morpheus\\morpheus.exe"= TCP:c:\program files\morpheus\morpheus.exe:Morpheus
"TCP Query User{2D148C49-136C-4B8D-AFCB-C9CB301F394A}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{419A0031-93D2-4BF9-A854-F6F4F229506D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{5C26B0C7-70E4-4FB7-BA48-D7A46CE57571}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4664334B-7196-45E1-8965-4F14BE3AE307}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{10E65A62-9E1F-4C13-96DC-6EC6E25B51BE}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{AC6B501D-9E15-4FDC-BEED-80EAD63AF5BD}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{342ADA7E-1204-486D-A832-F5C6798570B8}"= UDP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe:SimCity 3000 Unlimited
"{319F2B45-1BE1-4DC6-8C9B-AE7E9F61ABF9}"= TCP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\sc3U.exe:SimCity 3000 Unlimited
"{9AD0B42E-5FC0-406C-8664-6A68A668041D}"= UDP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\BAApp.exe:Building Architect Plus
"{3E1367B2-685D-4894-923E-AFD35913E544}"= TCP:c:\program files\Maxis\SimCity 3000 Unlimited\Apps\BAApp.exe:Building Architect Plus
"{B81B8BDE-CE31-4AE3-AE3E-11822A09AC36}"= Disabled:UDP:c:\program files\Blubster\Blubster.exe:Blubster
"{57B35579-93BD-4E43-A763-C6C5B815D71C}"= Disabled:TCP:c:\program files\Blubster\Blubster.exe:Blubster
"TCP Query User{EEA02241-6F2D-4A58-A957-BED349F9BD7F}c:\\program files\\yahoo! games\\jeopardy!\\jeopardy!.exe"= Disabled:UDP:c:\program files\yahoo! games\jeopardy!\jeopardy!.exe:JEOPARDY!
"UDP Query User{98A85509-9C5B-4A6F-A64B-A2CAF6A08A7B}c:\\program files\\yahoo! games\\jeopardy!\\jeopardy!.exe"= Disabled:TCP:c:\program files\yahoo! games\jeopardy!\jeopardy!.exe:JEOPARDY!
"{AF793AE3-9195-45C6-B589-B85B8CE1AACB}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{857C846E-0368-42AC-86E3-2284F4A9426E}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{DEE67F76-564B-4964-A1D2-19945441D98D}"= UDP:c:\program files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{4914565E-0F00-4948-985F-4B448B560D0D}"= TCP:c:\program files\Grisoft\AVG7\avgcc.exe:AVG Control Center
"{F9971E49-5AA4-477D-80D6-E12FD76C7CE0}"= UDP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"{FF0F290B-0A63-4B58-9DA9-F4A0DBA266DF}"= TCP:c:\program files\Grisoft\AVG7\avginet.exe:avginet.exe
"TCP Query User{E8772C2A-B0D4-460C-8DF3-35E02E89AE12}c:\\users\\jeffandmom\\program files\\dna\\btdna.exe"= UDP:c:\users\jeffandmom\program files\dna\btdna.exe:btdna.exe
"UDP Query User{B052B293-75C7-453A-8372-2C4B7F475EE4}c:\\users\\jeffandmom\\program files\\dna\\btdna.exe"= TCP:c:\users\jeffandmom\program files\dna\btdna.exe:btdna.exe
"{E9047EDA-B009-4D37-B5D0-223878263010}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{8EAC47DC-0B2D-4B94-A9BC-378DAC1FD3CB}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{6C1C211A-8DA3-4CA0-AE22-1788A73C9E1C}"= UDP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"{311AF4CA-6404-47DC-AA44-CA46CFE86C6F}"= TCP:c:\program files\BitTorrent_DNA\dna.exe:BitTorrent DNA
"TCP Query User{EC185DCC-5F9D-4A17-AC8F-C22058AFB2C6}c:\\users\\jeffandmom\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\users\jeffandmom\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{EF017CC1-AA8C-470E-818B-B94E53DDF341}c:\\users\\jeffandmom\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\users\jeffandmom\program files\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{2C30FE43-5885-4432-9C6A-5C1304483211}c:\\users\\jeffandmom\\program files\\bittorrent_dna\\dna.exe"= UDP:c:\users\jeffandmom\program files\bittorrent_dna\dna.exe:dna.exe
"UDP Query User{87858FAD-BB85-4647-8BAB-19A30257510B}c:\\users\\jeffandmom\\program files\\bittorrent_dna\\dna.exe"= TCP:c:\users\jeffandmom\program files\bittorrent_dna\dna.exe:dna.exe
"{B766EDBB-17DC-45F4-B0B6-2675A6AEE9AA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{096035EE-C61B-4CA5-8159-D47F80B13720}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{524E00AF-11ED-4B19-9D99-111C2B612F6F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{BDC5A94C-D7AA-4B8C-92C4-249EA6779E6D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4A3A4C3F-639B-4A1B-8B64-D45A9F0F8CCC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{0AA9915C-6298-4CF6-A6AA-35F53C27D723}"= UDP:c:\program files\DNA\btdna.exeNA (TCP-In)
"{1BBD6D94-7589-47E1-A491-C8FAFF73A663}"= TCP:c:\program files\DNA\btdna.exeNA (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [03/02/2009 4:53 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [03/02/2009 4:53 PM 108552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://en.wikipedia.org/wiki/Main_Page
LSP: c:\windows\system32\wpclsp.dll
Trusted Zone: avon.ca\avon
Trusted Zone: avon.com\ca2
Trusted Zone: avon.com\www.ca
Trusted Zone: care2.com
Trusted Zone: care2.com\mail
Trusted Zone: care2.com\stopglobalwarming
Trusted Zone: care2.com\www
Trusted Zone: care2.net\passport
Trusted Zone: ebay.com\signin
Trusted Zone: microsoft.com\update
Trusted Zone: pogo.com
Trusted Zone: terrapass.com\www
Trusted Zone: thepetitionsite.com
Trusted Zone: wikipedia.org\en
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-19 13:33
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\drivers\XAudio.exe
c:\program files\Spybot - Search & Destroy162\SDWinSec.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\combofix\CF28740.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\sdclt.exe
.
**************************************************************************
.
Completion time: 2009-10-19 13:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-19 17:42

Pre-Run: 45,895,049,216 bytes free
Post-Run: 45,633,609,728 bytes free

309 --- E O F --- 2009-10-14 03:43