Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/Virus preventing from scanning.


  • This topic is locked This topic is locked
15 replies to this topic

#1 krnbboyj

krnbboyj

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 31 October 2009 - 12:26 AM

My laptop is infected with virus... it won't even let me download stuff from any site. and whenever I try to scan it with malware and combofix, it scans for few sec and disappears.. When I click it again I get a message saying "Windows cannot access the specific device, path, or file. You may not have the appropriate permission to access the item." What to do. please help...?
also whenever I vist the site this warning site comes up saying
"Warning! Visiting this site may harm your computer!
This web site probably contains malicious software program, which can cause damage to your computer or perform actions without your permission. Your computer may be infected after visiting such web site.

We recommend you to install (or activate) antivirus security software.

I do realize that visiting this site can cause harm to my computer."

its really annoying...How can I remove this?

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:38 AM

Posted 31 October 2009 - 10:49 AM

Hello my name is Sempai and welcome to Bleeping Computer.

*We apologize for the delay. Forum have been busy.

*I want you to understand that I'm still a trainee here. I will be working with my Coach who will approve all my instructions before posting them to you, so there's a possibility to have some delays in my responses. But the good part is, there are two people reviewing your problem instead of one.

*It is important not to make any further changes or run any other tools unless instructed to. This may hinder the cleaning process of your machine.

*You must reply within 5 days otherwise this topic will be closed.




1. We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE




2. Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.



3. We Need to check for Rootkits with RootRepeal[*]Open Posted Image on your desktop.
[*]Click the Posted Image tab.
[*]Click the Posted Image button.
[*]Check all seven boxes: Posted Image
[*]Push Ok
[*]Check the box for your main system drive (Usually C:), and press Ok.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply.
[/list]

~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 krnbboyj

krnbboyj
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 02 November 2009 - 09:04 AM

DDS (Ver_09-10-26.01) - NTFSx86
Run by Josh at 5:55:56.59 on Mon 11/02/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1624 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Josh\Downloads\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SPEEDBIT1 Class: {425e30f0-ccc6-4e24-bbeb-bcbd31720b37} - c:\program files\speedbit toolbar\toolbar\SpeedBit.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: SpeedBit: {ebfcd017-bcad-42c3-9ed5-89dbdfc59171} - c:\program files\speedbit toolbar\toolbar\SpeedBit.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HPADVISOR] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" autoRun
uRun: [iKu] "c:\users\josh\downloads\iku\iKu.exe"
uRun: [Verizon_Installer.Activation] "c:\users\josh\appdata\local\temp\verizon_installer\McciInitializer.exe"
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [AdobeBridge]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [OnScreenDisplay] "c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\is-io8eq.lnk - c:\users\josh\downloads\anti-virus\virus removal tool\is-io8eq\startup.exe
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: dinofile.co.kr
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2A93BD7A-7E47-4857-8DC3-5B38495ECF28} - hxxp://update.dinofile.co.kr/ActiveX/DinoFile.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-31 114768]
R1 is-IO8EQdrv;is-IO8EQdrv;c:\windows\system32\drivers\57666812.sys [2009-10-29 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-31 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-31 53328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-26 24652]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-10-23 39048]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-12-22 05:08:27 10227 ----a-w- c:\windows\system32\4e5ebackz9o51396.cpl
2009-12-18 06:28:24 18291 ----a-w- c:\windows\system32\125989roj26cz.dll
2009-12-17 21:04:07 2978 ----a-w- c:\windows\system32\242z5w9rm5f5.dll
2009-12-14 19:19:24 16952 ----a-w- c:\windows\system32\5031threzt24399.dll
2009-12-14 07:48:08 9188 ----a-w- c:\windows\system32\15998spy55z5.cpl
2009-12-13 09:54:10 12990 ----a-w- c:\windows\system32\12z45w5rm999.bin
2009-12-11 04:06:21 7063 ----a-w- c:\windows\system32\450aa5d9are8z6.cpl
2009-12-10 04:16:56 14873 ----a-w- c:\windows\system32\485zthre9t31890.ocx
2009-12-09 16:52:49 4853 ----a-w- c:\windows\system32\1388t5zef953.bin
2009-12-06 20:19:25 4623 ----a-w- c:\windows\system32\1d70stea9z453.exe
2009-12-05 07:48:38 4331 ----a-w- c:\windows\system32\9772notza-viru55dc.exe
2009-12-04 17:33:31 6623 ----a-w- c:\windows\system32\19z42hackt5ol7c1.exe
2009-12-04 17:04:51 17913 ----a-w- c:\windows\system32\205319pambot6z0.exe
2009-12-03 06:38:42 15199 ----a-w- c:\windows\system32\9dz8spa5se591.cpl
2009-12-01 23:00:09 12272 ----a-w- c:\windows\system32\1801downlo9der1528z.bin
2009-11-27 04:03:17 9547 ----a-w- c:\windows\system32\2047ba5k9zor2546.cpl
2009-11-26 08:02:58 2552 ----a-w- c:\windows\system32\2z42spam5ot41e9.exe
2009-11-20 01:19:54 4455 ----a-w- c:\windows\system32\7zf5thief2956.bin
2009-11-19 17:59:38 18022 ----a-w- c:\windows\system32\129cvi975z.ocx
2009-11-14 08:45:02 17806 ----a-w- c:\windows\system32\7czct9re5t4699.exe
2009-11-11 06:11:38 3273 ----a-w- c:\windows\system32\7259steal2z23.bin
2009-11-08 05:10:07 13043 ----a-w- c:\windows\system32\28754sp96dz.ocx
2009-11-03 07:44:21 17743 ----a-w- c:\windows\system32\4z23backdoo93551.dll
2009-11-03 02:36:50 16044 ----a-w- c:\windows\system32\6592downl9adez1045.cpl
2009-11-02 00:10:04 2989 ----a-w- c:\windows\system32\3709ownloadzr8265.dll
2009-10-31 13:45:47 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-31 13:25:41 0 d-----w- C:\AVGTemp
2009-10-30 01:57:48 0 d-----w- c:\programdata\is-IO8EQ
2009-10-30 01:57:33 1653812 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-30 01:57:33 143124512 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 01:57:26 148496 ----a-w- c:\windows\system32\drivers\57666812.sys
2009-10-29 05:28:35 0 d-----w- c:\programdata\Lavasoft
2009-10-28 23:41:55 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-28 23:40:54 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-28 23:40:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 23:40:38 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-28 20:22:22 0 ----a-r- c:\windows\win32k.sys
2009-10-28 15:36:20 0 d-sh--w- c:\users\josh\appdata\roaming\Windows System Defender
2009-10-28 15:36:01 0 d-sh--w- c:\programdata\31e109c
2009-10-28 03:29:03 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:28:55 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 20:42:40 0 d-----w- c:\program files\common files\Windows Live
2009-10-27 02:32:53 2875 ----a-w- c:\windows\system32\z015vi5u920f.dll
2009-10-26 09:44:17 6347 ----a-w- c:\windows\system32\5591wzrm497.ocx
2009-10-20 22:55:38 3929 ----a-w- c:\windows\system32\42fbz5eal9794.cpl
2009-10-20 22:36:56 10114 ----a-w- c:\windows\system32\736d9tz5l2855.cpl
2009-10-20 12:09:42 7427 ----a-w- c:\windows\system32\3351z5i9f2727.cpl
2009-10-15 14:37:16 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 14:34:51 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 14:34:50 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 14:31:53 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 14:31:52 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-15 14:31:42 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 14:31:42 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 14:31:42 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 14:29:06 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 14:28:34 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 14:27:59 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-11 16:08:41 15528 ----a-w- c:\windows\system32\39zd5hreat20415.cpl
2009-10-11 01:22:30 3241 ----a-w- c:\windows\system32\775edownloaz95291.cpl
2009-10-08 03:55:49 4086 ----a-w- c:\windows\system32\528ddownlza9er8275.cpl
2009-10-08 03:01:47 0 d-----w- c:\programdata\FLEXnet
2009-10-08 02:19:20 0 d-----w- c:\program files\common files\Macrovision Shared

==================== Find3M ====================

2009-11-02 03:24:24 27744 ----a-w- c:\programdata\nvModes.dat
2009-10-31 12:56:23 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-31 12:56:23 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-31 12:56:22 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-01 17:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-24 07:26:50 10954 ----a-w- c:\windows\system32\2697sparsez315.exe
2009-09-20 21:12:30 10610 ----a-w- c:\windows\system32\308549acztool162.exe
2009-09-12 23:49:10 3587 ----a-w- c:\windows\system32\4697spambo57b6z.bin
2009-09-10 05:35:30 5087 ----a-w- c:\windows\system32\7d47b9ckd5zr1227.dll
2009-09-09 01:22:32 10254 ----a-w- c:\windows\system32\9709spzmbo5215.exe
2009-09-03 09:47:33 5454 ----a-w- c:\windows\system32\6b469own5ozder3267.exe
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-25 08:08:50 9163 ----a-w- c:\windows\system32\6cfcthre5z60639.exe
2009-08-22 05:57:03 10314 ----a-w- c:\windows\system32\1d9f5hief1953z.bin
2009-08-18 06:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-13 23:03:09 9047 ----a-w- c:\windows\system32\2645szy90f.dll
2009-08-13 03:27:36 10324 ----a-w- c:\windows\system32\21260vzru94f25.bin
2008-10-22 14:31:07 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 5:57:02.75 ===============

Volume in drive C has no label.
Volume Serial Number is 7A12-85FD

Directory of C:\WINDOWS\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e

04/10/2009 10:28 PM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3

04/10/2009 10:28 PM 592,896 netlogon.dll
1 File(s) 592,896 bytes

Directory of C:\WINDOWS\System32

01/20/2008 06:24 PM 177,152 scecli.dll

Directory of C:\WINDOWS\System32

01/20/2008 06:24 PM 592,384 netlogon.dll

Directory of C:\WINDOWS\System32

11/02/2006 01:46 AM 61,952 cngaudit.dll
3 File(s) 831,488 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6

11/02/2006 01:46 AM 11,776 cngaudit.dll
1 File(s) 11,776 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12

01/20/2008 06:24 PM 177,152 scecli.dll
1 File(s) 177,152 bytes

Directory of C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857

01/20/2008 06:24 PM 592,384 netlogon.dll
1 File(s) 592,384 bytes

Total Files Listed:
8 File(s) 2,382,848 bytes
0 Dir(s) 77,231,534,080 bytes free

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/02 06:04
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8F122000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8F117000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9CBB2000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{78eec9e0-c423-11de-bdd7-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{78eec9e8-c423-11de-bdd7-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{78eecafb-c423-11de-bdd7-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{78eecb17-c423-11de-bdd7-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{81cda6c6-c3ff-11de-a5e1-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{98245d78-c5c3-11de-a4b1-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a691db69-c43c-11de-aa20-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ac8c1cac-c440-11de-9d72-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ac8c1cc2-c440-11de-9d72-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ac8c1ccd-c440-11de-9d72-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c5025fc0-c617-11de-9f3b-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c5025fc6-c617-11de-9f3b-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c5025fd4-c617-11de-9f3b-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c5025fda-c617-11de-9f3b-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ee5ca7bb-c4c0-11de-a607-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f35b5bcc-c666-11de-b197-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{32f030d2-c438-11de-b25e-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{32f030db-c438-11de-b25e-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{32f030e3-c438-11de-b25e-001e688708f3}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\ModemLogs\ModemLogs
Status: Locked to the Windows API!

Path: C:\Windows\SchCache\SchCache
Status: Locked to the Windows API!

Path: C:\Windows\tracing\tracing
Status: Locked to the Windows API!

Path: C:\Windows\Globalization\Globalization
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\authman\authman
Status: Locked to the Windows API!

Path: C:\Windows\nap\configuration\configuration
Status: Locked to the Windows API!

Path: C:\Windows\Options\Cabs\Cabs
Status: Locked to the Windows API!

Path: C:\Windows\panther\setup.exe\setup.exe
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Templates\Templates
Status: Locked to the Windows API!

Path: C:\Windows\registration\CRMLog\CRMLog
Status: Locked to the Windows API!

Path: C:\Windows\security\templates\templates
Status: Locked to the Windows API!

Path: C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache
Status: Locked to the Windows API!

Path: c:\windows\system32\drivers\fidbox.dat
Status: Allocation size mismatch (API: 144048128, Raw: 143785984)

Path: C:\Windows\System32\migration\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\Temp\SETUP48FEF886FA\SETUP48FEF886FA
Status: Locked to the Windows API!

Path: C:\Windows\Temp\SETUP48FEF8E51F3\SETUP48FEF8E51F3
Status: Locked to the Windows API!

Path: C:\Windows\Help\Corporate\Corporate
Status: Locked to the Windows API!

Path: C:\Windows\AppPatch\Custom\Custom
Status: Locked to the Windows API!

Path: C:\Windows\assembly\temp\temp
Status: Locked to the Windows API!

Path: C:\Windows\assembly\tmp\tmp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_db5f5c9d98cb161f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_dc9917e997f80c63.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.91_none_5c400d5e63e93b68.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.91_none_58b1a5ca663317c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\InstallTemp\InstallTemp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\logevent.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\$$DeleteMe.wmp.dll.01ca57b87b821092.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18289_none_0b1c4a254f52777a\$$DeleteMe.wmploc.DLL.01ca57b87e9cbe12.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE427A~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SECURI~4.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.16720_none_04c87b54ba4ac535\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6000.20883_none_ee0091f8d3ed0a28\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.18111_none_04a3600aba9cd1d6\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_uninstallsqlstatetem_b03f5f7f11d50a3a_6.0.6001.22230_none_edd7d0a6d4424ae9\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18203_none_01ebf827a1d05839\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18226_none_01d9592da1dddc20\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18294_none_018ba925a2186d09\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18319_none_01e72bdda1d3095b\WININE~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.22230_none_659fa2cdd3687d81\WEBADM~2.ASP
Status: Locked to the Windows AProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1180 Status: Locked to the Windows API!

==EOF==

Attached Files


Edited by krnbboyj, 02 November 2009 - 09:26 AM.


#4 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:38 AM

Posted 02 November 2009 - 05:16 PM

Hi,

1. Please do the following:

1. Click on the Start button, then click on Run...
2. In the empty "Open:" box provided, type cmd and press Enter

This will launch a Command Prompt window (looks like DOS).

3. Copy the entire Bold text below to the clipboard by highlighting all of it and pressing Ctrl+C (or after highlighting, right-click and select Copy).

copy C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll C:\ /y


4. In the Command Prompt window, paste the copied text by right-clicking and selecting Paste.
5. Press Enter.

When successfully, you should get this message within the Command Prompt: "1 file(s) copied"
NOTE: If you didn't get this message, stop and tell me first. Executing The Avenger script (step #2) won't work if the file copy was not successful.

6. Exit the Command Prompt window.




2. Download The Avenger2 by SwanDog46.
  • Unzip avenger.exe to your desktop.
  • Copy the text in the following codebox by selecting all of it, and pressing ( + C) or by right clicking and selecting "Copy"

    Files to move:
    C:\cngaudit.dll | C:\WINDOWS\system32\cngaudit.dll
  • Now start The Avenger2 by double clicking avenger.exe on your desktop.
  • Read the prompt that appears, and press OK.
  • Paste the script into the textbox that appears, using ( + V) or by right clicking and choosing "Paste".
  • Press the "Execute" button.
  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.



3. Please save this FILE to your desktop. Click on Start > Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r





4. Please download Combofix from any of the links below but rename it to CFscan before saving it to your desktop. (make sure to disable your anti virus/anti malware programs) - See HERE


Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.







Please post the following when you reply:

1. Avenger.txt
2. ComboFix.txt
3. Win32kDiag.txt




~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#5 krnbboyj

krnbboyj
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 November 2009 - 12:57 AM

It says I have 0 file copied

#6 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:38 AM

Posted 03 November 2009 - 10:49 AM

Hi,

Please do the following instructions in order I have posted them.


1. Download The Avenger2 by SwanDog46.
  • Unzip avenger.exe to your desktop.
  • Copy the text in the following codebox by selecting all of it, and pressing ( + C) or by right clicking and selecting "Copy"

    Files to move:
    C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6 | C:\WINDOWS\system32\cngaudit.dll
  • Now start The Avenger2 by double clicking avenger.exe on your desktop.
  • Read the prompt that appears, and press OK.
  • Paste the script into the textbox that appears, using ( + V) or by right clicking and choosing "Paste".
  • Press the "Execute" button.
  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.


2. Please save this FILE to your desktop. Click on Start > Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r





3. Please download Combofix from any of the links below but rename it to CFscan before saving it to your desktop. (make sure to disable your anti virus/anti malware programs) - See HERE


Link 1
Link 2


==================================


Double click on the renamed ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.





Please post the following when you reply:

1. Avenger.txt
2. ComboFix.txt
3. Win32kDiag.txt




~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#7 krnbboyj

krnbboyj
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 03 November 2009 - 12:02 PM

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: "C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6" is a folder, not a file!
File move operation "C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6|C:\WINDOWS\system32\cngaudit.dll" failed!
Status: 0xc00000ba (STATUS_FILE_IS_A_DIRECTORY)
--> use "Folders to delete:" instead of "Files to delete:" to delete a directory


Completed script processing.

*******************

Finished! Terminate.


ComboFix 09-11-02.05 - Josh 11/03/2009 8:30.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1933 [GMT -8:00]
Running from: c:\users\Josh\Downloads\Desktop\CFscan.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1134125124-984037747-2577708671-500
c:\$recycle.bin\S-1-5-21-18651528-2325049378-917183798-500
c:\program files\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System Defender.lnk
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Windows System Defender.lnk
c:\windows\1049dzwnloa9er502.bin
c:\windows\10899spzmbo935b.dll
c:\windows\10995viruz1b9.bin
c:\windows\11135s9y3zd5.cpl
c:\windows\1150spa9bo5311z.cpl
c:\windows\11877zp5mbot669.exe
c:\windows\11ctzrea955131.bin
c:\windows\11fz5ddw9re349.exe
c:\windows\11z53troj39e5.cpl
c:\windows\1320w5r965z.bin
c:\windows\138135izus19a9.cpl
c:\windows\1382z9o5m120.exe
c:\windows\141th9ef54z.bin
c:\windows\14281not-a-virzs359.dll
c:\windows\14285hac9tool6az.dll
c:\windows\14445not-a-zi59s4aa.ocx
c:\windows\1459ztr5j5b0.dll
c:\windows\145z4hac5tool149.ocx
c:\windows\14737s9538z.exe
c:\windows\148bspar5e24z9.ocx
c:\windows\14cd9tezl5669.bin
c:\windows\15085hzc5to9l50.dll
c:\windows\15113spa9botaz.exe
c:\windows\1513sp9rze1195.exe
c:\windows\15144not-a-vi5zs695.ocx
c:\windows\151595r2198z.bin
c:\windows\15172zorm109.dll
c:\windows\15395spamz9t20e.bin
c:\windows\15406wzrm591.bin
c:\windows\159aviz1706.dll
c:\windows\15z86h5cktool97.exe
c:\windows\1618159ozcc.exe
c:\windows\16553w5z96d0.bin
c:\windows\16z54s9y48c.dll
c:\windows\1741backdoor59z5.ocx
c:\windows\17483zir9s155.exe
c:\windows\1750zs9y5e.ocx
c:\windows\179z3sp5mbot9f9.dll
c:\windows\17b0th59at4z49.exe
c:\windows\17bethz5at288589.cpl
c:\windows\1800t9reatz205.bin
c:\windows\18505wor9cz.bin
c:\windows\1867z59eat3206.exe
c:\windows\18992zorm1c5.cpl
c:\windows\18e4dow5lo9dez847.ocx
c:\windows\19258wormz945.dll
c:\windows\1929vir52z9.ocx
c:\windows\19359vizus113.dll
c:\windows\19525zack9ool6d9.ocx
c:\windows\1970do9nloazer22295.cpl
c:\windows\197z9teal5332.bin
c:\windows\198459acktool2az.dll
c:\windows\19866hac95ooz2ff.cpl
c:\windows\19925n5t-a-vizus7f9.bin
c:\windows\19a2backdoor235z.ocx
c:\windows\19z0backdo5r87.dll
c:\windows\1b059ze5l295.exe
c:\windows\1baz5ddwar92032.bin
c:\windows\1d23b9ckdo5r12z5.dll
c:\windows\1d84spz59e708.cpl
c:\windows\1f16vzr52009.cpl
c:\windows\1fb2z5i9f576.exe
c:\windows\1z9avir550.bin
c:\windows\20336viru56z99.ocx
c:\windows\20924tro5ze6.ocx
c:\windows\20dzv9r425.dll
c:\windows\21113notza-virus1795.ocx
c:\windows\21475szambot4699.dll
c:\windows\2203not9a-vzru5486.dll
c:\windows\22745zot-a-5irus989.cpl
c:\windows\22912spy35z.cpl
c:\windows\22922hacktzol590.ocx
c:\windows\22z9v9r2155.exe
c:\windows\23484zo59558.bin
c:\windows\2350ha5ktz9lde.cpl
c:\windows\23zes95al3265.ocx
c:\windows\24229not-a-z5rus388.ocx
c:\windows\2446ba9kz5or730.exe
c:\windows\24555wo59za1.dll
c:\windows\2475ziru95a2.cpl
c:\windows\253129i5us7zd.ocx
c:\windows\2544addware2409z.bin
c:\windows\255549pz3f7.cpl
c:\windows\25596hacztool435.ocx
c:\windows\25597wzr9556.dll
c:\windows\256485a9ztool794.ocx
c:\windows\2592b5ckdo9r2z67.exe
c:\windows\259z6virus5455.dll
c:\windows\25azsteal1915.dll
c:\windows\25badownlozder869.ocx
c:\windows\25f9stezl4065.bin
c:\windows\25z8v9r3506.cpl
c:\windows\2629spar5e1023z.dll
c:\windows\2629zy245.exe
c:\windows\26551troj7z79.bin
c:\windows\2659v9rz01.cpl
c:\windows\269zvir5066.cpl
c:\windows\26b55za9se1731.dll
c:\windows\27110virz95c7.exe
c:\windows\27437v9rzs559.bin
c:\windows\2867z5pye99.dll
c:\windows\28ect5rz9t23315.exe
c:\windows\29347z9oj785.ocx
c:\windows\29748hz9ktoo55dd.bin
c:\windows\29959zpy352.bin
c:\windows\29f25ddwarz1603.ocx
c:\windows\2a57stza91368.cpl
c:\windows\2a80s9zrse27775.cpl
c:\windows\2d29backd59z1113.ocx
c:\windows\2edspar9z28775.bin
c:\windows\2z37down9oader55.ocx
c:\windows\2z549hack9ool527.bin
c:\windows\2z5dthr9at24145.dll
c:\windows\2z754not-9-virus187.cpl
c:\windows\2z803hack9ool4965.exe
c:\windows\2z834vir5s3d69.cpl
c:\windows\300349roz4a75.bin
c:\windows\30044szambot9c5.dll
c:\windows\3059tzre9t30479.bin
c:\windows\30693worz4a95.cpl
c:\windows\30705wo5m57z9.dll
c:\windows\30797noz-a-virus1e25.bin
c:\windows\309fvzr2596.exe
c:\windows\3123vi95z05.bin
c:\windows\312not-9-virus504z.cpl
c:\windows\31556v5rus9ez.bin
c:\windows\3195zwo5951e.exe
c:\windows\31zfsp5ware9545.dll
c:\windows\3242backz59r493.bin
c:\windows\324z05iru96bc.dll
c:\windows\325409pam5ot51z.dll
c:\windows\32629trz5d9.exe
c:\windows\32695pyware921z.cpl
c:\windows\33b0thrz9t51153.exe
c:\windows\340cad9wz5e1945.ocx
c:\windows\3526spywa9e215z.exe
c:\windows\354c5teal1198z.bin
c:\windows\356fspars91552z.cpl
c:\windows\36zbdownlo5der1479.dll
c:\windows\379cthr5at20855z.bin
c:\windows\380dviz5982.bin
c:\windows\3973backdoor1z5.cpl
c:\windows\398fsp5rse3z72.bin
c:\windows\3cz8ad5ware7549.ocx
c:\windows\3e2db5ck9oorz468.dll
c:\windows\3fz8downlo5der965.cpl
c:\windows\3z512sp9mbot575.cpl
c:\windows\3z5479or53c9.exe
c:\windows\40889hreat258z1.exe
c:\windows\4109vzrus3a5.cpl
c:\windows\42999irus5z9.cpl
c:\windows\4349wo9z6a65.bin
c:\windows\44619tea51145z.dll
c:\windows\45279hief326z.bin
c:\windows\4542virus598z.dll
c:\windows\4548downzoa9e5820.bin
c:\windows\459aaddwa5ez137.bin
c:\windows\45c0ba9kdz5r822.exe
c:\windows\46769ot-5zvirus393.dll
c:\windows\46aaba9kdzor2552.ocx
c:\windows\4856addwar91z47.dll
c:\windows\48z5own9oader2882.cpl
c:\windows\492czi91453.ocx
c:\windows\4933tzreat35290.exe
c:\windows\499bvzr95.bin
c:\windows\49a9pywarez51.bin
c:\windows\49cdvir235z.cpl
c:\windows\4a76z9arse3145.dll
c:\windows\4b39s5arse286z.exe
c:\windows\4dethie559z9.exe
c:\windows\4e52steal1z489.ocx
c:\windows\4z89addwa5e537.exe
c:\windows\503z5spy19f.bin
c:\windows\5054spyware960z.cpl
c:\windows\5129spzm5ot59f.bin
c:\windows\517z2s9ye1.cpl
c:\windows\5198tzoj209.exe
c:\windows\5215zpars92649.bin
c:\windows\525downzo9der1187.exe
c:\windows\5395zparse1051.dll
c:\windows\539spyw5r9105z.ocx
c:\windows\53c5backdoor1z99.ocx
c:\windows\53zworm5a29.ocx
c:\windows\54026wzrm60a9.ocx
c:\windows\5461vi9zs4cd5.cpl
c:\windows\5496spy3z5.cpl
c:\windows\549cad9ware1z395.bin
c:\windows\5508zi9us2c5.dll
c:\windows\557dthreaz93285.cpl
c:\windows\557ethre952z492.dll
c:\windows\559evir2433z.cpl
c:\windows\55bd9zyware27655.bin
c:\windows\5625zpar9e3035.ocx
c:\windows\5628sp95zc.bin
c:\windows\56417zpya9.exe
c:\windows\56f5spy5aze1369.dll
c:\windows\57102virzs199.bin
c:\windows\578spzmbo9342.bin
c:\windows\57d7spy9are10z75.cpl
c:\windows\5811szars53909.dll
c:\windows\5849s5arse62z.ocx
c:\windows\589z9t9oj2ee.ocx
c:\windows\58bthz9at14477.bin
c:\windows\590czi5738.exe
c:\windows\591495ywaze2792.dll
c:\windows\5951sza9se1354.dll
c:\windows\5974dow5zoade9956.dll
c:\windows\5975thzef1519.cpl
c:\windows\597fz5wnloader2827.dll
c:\windows\5994sz9694.dll
c:\windows\599919py65z.exe
c:\windows\5adespyware19z59.cpl
c:\windows\5az1spar9e913.dll
c:\windows\5b59zir888.exe
c:\windows\5b71t5iefz093.dll
c:\windows\5c05t9ief1z82.exe
c:\windows\5cf4s9y5are29z9.bin
c:\windows\5dz3t9ief2921.bin
c:\windows\5e9c5ir1z90.dll
c:\windows\5f97addwzre529.exe
c:\windows\5fbbsteal799z.exe
c:\windows\5ff05iz9212.exe
c:\windows\5z394h9cktool14e.cpl
c:\windows\5z54spars51879.exe
c:\windows\5z85v9r3154.exe
c:\windows\5z8aspar9e1726.dll
c:\windows\5zf9steal3153.bin
c:\windows\6294vir9z95.dll
c:\windows\645c5hreaz90067.dll
c:\windows\64dzspyware29025.exe
c:\windows\64zathief5197.ocx
c:\windows\655bspzw9re581.bin
c:\windows\6564w9rm59z.bin
c:\windows\6790not-a-virzs151.ocx
c:\windows\67995pa9se238z.cpl
c:\windows\6843ste9lz578.bin
c:\windows\6951thi9f27z4.exe
c:\windows\6955spywar51296z.exe
c:\windows\6a49ba5zdoor355.exe
c:\windows\6a5eza9kdoor282.dll
c:\windows\6acf95wnloazer126.dll
c:\windows\6d98backdoor5z45.cpl
c:\windows\6dd95ddwaze892.bin
c:\windows\6ebdspy9a5e15z.bin
c:\windows\6zd5ba9kdoor1429.cpl
c:\windows\7074b5ckdoor9690z.cpl
c:\windows\7084spz95.cpl
c:\windows\71585pzm9ot5d0.cpl
c:\windows\7279h5cktool7z9.dll
c:\windows\7325h9cktozl635.cpl
c:\windows\736z5ddwa9e161.ocx
c:\windows\73fcste9z5442.cpl
c:\windows\73z5hackt9ol3cc.ocx
c:\windows\747azhre9t15514.exe
c:\windows\74925ddware1597z.cpl
c:\windows\74ebspar9e14z5.exe
c:\windows\757edown9ozder686.bin
c:\windows\7595vir166z.cpl
c:\windows\75backdoorz928.dll
c:\windows\7691t5ief9z65.cpl
c:\windows\77a3zteal5239.ocx
c:\windows\7959not-a5vzrus239.ocx
c:\windows\79d5s9arse55z.cpl
c:\windows\7dste5z1269.cpl
c:\windows\7dz9backd9o51144.ocx
c:\windows\7e33t5rez930205.dll
c:\windows\7ea0spazs52971.dll
c:\windows\7f70tz5ef2989.cpl
c:\windows\7z629py215.ocx
c:\windows\7z92vir1156.ocx
c:\windows\90035hacktool485z.exe
c:\windows\9006zp94e5.cpl
c:\windows\9072not-a-vzrus15b.exe
c:\windows\9091zpar5e3214.cpl
c:\windows\9179sp5mboz304.cpl
c:\windows\91f5sparze473.dll
c:\windows\921zwo5m135.dll
c:\windows\924z2worm5d8.cpl
c:\windows\9275d5wnloazer2617.dll
c:\windows\92b5ir2z76.cpl
c:\windows\9453spamzot535.cpl
c:\windows\948vir5s4c9z.exe
c:\windows\954355pambzt498.bin
c:\windows\9557vir461z.bin
c:\windows\957645zy617.bin
c:\windows\95c1zir2317.bin
c:\windows\95thiez298.dll
c:\windows\9602zd5ware1524.exe
c:\windows\9795zddware2831.exe
c:\windows\97c7spy5arz2091.bin
c:\windows\9803no5-a-viruz2d1.cpl
c:\windows\98256worm1zc.bin
c:\windows\985spy59re2266z.exe
c:\windows\9929spzmbo5504.exe
c:\windows\9999szambot545.exe
c:\windows\99fzaddwa5e2657.cpl
c:\windows\9a3abackdoor8z55.exe
c:\windows\9bz2threat17035.bin
c:\windows\9ccz5hief1709.dll
c:\windows\9d18zhreat7245.ocx
c:\windows\9f1zdownl5ader861.exe
c:\windows\9f80sparse81z5.bin
c:\windows\9z0down5oad9r2991.cpl
c:\windows\9z5hac5tool9f1.exe
c:\windows\9zaad5ware1955.dll
c:\windows\b1cdoz5lo9der1301.ocx
c:\windows\d1azddwar53189.cpl
c:\windows\dd9downloader1z52.exe
c:\windows\e57spzwar92953.cpl
c:\windows\e91s5ywarz1137.cpl
c:\windows\e99thief1z95.cpl
c:\windows\ee9threat274z95.cpl
c:\windows\ez5downloader259.bin
c:\windows\f45downloa9erz565.bin
c:\windows\f64t9ie5z253.dll
c:\windows\system32\1035sp5rse17z19.ocx
c:\windows\system32\113599z5600.dll
c:\windows\system32\115c9oznloader250.dll
c:\windows\system32\123daddware253z9.ocx
c:\windows\system32\125989roj26cz.dll
c:\windows\system32\12618w95z6a2.exe
c:\windows\system32\12818spamzot695.cpl
c:\windows\system32\129cvi975z.ocx
c:\windows\system32\12z45w5rm999.bin
c:\windows\system32\13103z5am9ot728.ocx
c:\windows\system32\13239szamb953ef.exe
c:\windows\system32\13291not-az59rus7e7.bin
c:\windows\system32\13297v5zus519.exe
c:\windows\system32\13486not-a9vzrus675.dll
c:\windows\system32\13587vir9z20c.dll
c:\windows\system32\13877hzc59ool6e5.dll
c:\windows\system32\1388t5zef953.bin
c:\windows\system32\13z4vi5us539.exe
c:\windows\system32\14087z5o9385.cpl
c:\windows\system32\14590spam9ot5z95.cpl
c:\windows\system32\14918spz3aa5.cpl
c:\windows\system32\150ddown9zader26.exe
c:\windows\system32\1523t9ief5z2.dll
c:\windows\system32\1531sp9ware1z39.cpl
c:\windows\system32\15553zi9us710.cpl
c:\windows\system32\15998spy55z5.cpl
c:\windows\system32\15d9downzoader2994.cpl
c:\windows\system32\15e2st9zl469.cpl
c:\windows\system32\15z13vi9us106.cpl
c:\windows\system32\16021zpam9ot54.bin
c:\windows\system32\16599spazbot654.exe
c:\windows\system32\16835hz9ktoolac.ocx
c:\windows\system32\1688z9orm35b.ocx
c:\windows\system32\169z79py550.exe
c:\windows\system32\16a5thzef9710.ocx
c:\windows\system32\16z13s9y256.exe
c:\windows\system32\1743spamz9t5f.cpl
c:\windows\system32\1801downlo9der1528z.bin
c:\windows\system32\182z9spamb5t5949.ocx
c:\windows\system32\18314t5oz98b.exe
c:\windows\system32\183545a9ktool31z.bin
c:\windows\system32\18725not-a-vzrus3149.cpl
c:\windows\system32\19375zpambot5e55.ocx
c:\windows\system32\193779ir5s79z.exe
c:\windows\system32\195665orm352z.ocx
c:\windows\system32\19567sp9mb5tacz.dll
c:\windows\system32\196fazdware31035.dll
c:\windows\system32\19970h9cktozl63c5.cpl
c:\windows\system32\199975zy1f2.bin
c:\windows\system32\19z12t9oj5ac5.dll
c:\windows\system32\19z42hackt5ol7c1.exe
c:\windows\system32\1acdvz52954.cpl
c:\windows\system32\1b66spazse9955.exe
c:\windows\system32\1bzst95l1907.cpl
c:\windows\system32\1c02steal159z.ocx
c:\windows\system32\1c5ddowzloader2597.cpl
c:\windows\system32\1d70stea9z453.exe
c:\windows\system32\1d9f5hief1953z.bin
c:\windows\system32\1ez5s59rse273.dll
c:\windows\system32\1z079no5-a-vi9us5d1.dll
c:\windows\system32\1z2th59f702.ocx
c:\windows\system32\1z55te9l2389.bin
c:\windows\system32\1z75thr9at29881.cpl
c:\windows\system32\1z899sp5594.bin
c:\windows\system32\1z89v5r27779.bin
c:\windows\system32\1z955h5cktool38b.cpl
c:\windows\system32\200e9p5rsz2009.dll
c:\windows\system32\2029worm455z.bin
c:\windows\system32\2047ba5k9zor2546.cpl
c:\windows\system32\205319pambot6z0.exe
c:\windows\system32\20895trz97fe.dll
c:\windows\system32\21260vzru94f25.bin
c:\windows\system32\216spar9e25z4.dll
c:\windows\system32\21977haczt5ol57a.exe
c:\windows\system32\219aaddwar91455z.bin
c:\windows\system32\222315pa9botzb7.bin
c:\windows\system32\22255h5zkt9ol288.ocx
c:\windows\system32\22495hacktozl68b.ocx
c:\windows\system32\228095izus58.ocx
c:\windows\system32\22991noz-a5virus561.ocx
c:\windows\system32\22bes5ea9212z.bin
c:\windows\system32\22z6down9o5der73.dll
c:\windows\system32\23359z9rus519.cpl
c:\windows\system32\23572hacztool952.bin
c:\windows\system32\23849not-a-vir9s4zf5.bin
c:\windows\system32\23961szamb5t69e.ocx
c:\windows\system32\23z78w9rm753.ocx
c:\windows\system32\242z5w9rm5f5.dll
c:\windows\system32\24592s9y4z8.dll
c:\windows\system32\245c5parse3219z.ocx
c:\windows\system32\247z85roj994.cpl
c:\windows\system32\2495zspa95ot35e.exe
c:\windows\system32\24z595rojf1.dll
c:\windows\system32\25184spz9bo568.bin
c:\windows\system32\2522addwa9ez17.ocx
c:\windows\system32\25232zot-a-9irus1255.cpl
c:\windows\system32\2529zddware3521.dll
c:\windows\system32\254z29roj681.dll
c:\windows\system32\25555vi9us6ze.bin
c:\windows\system32\25795vzrus6be5.dll
c:\windows\system32\25944haczto9l74d.dll
c:\windows\system32\2598addwar51z24.cpl
c:\windows\system32\2611zviru955f.bin
c:\windows\system32\26215t9oj3z6.ocx
c:\windows\system32\2626zn9t5a-virus7bb.exe
c:\windows\system32\2645szy90f.dll
c:\windows\system32\268z1wo5m23b9.bin
c:\windows\system32\26950vzrus4d1.dll
c:\windows\system32\2697sparsez315.exe
c:\windows\system32\2741zpa9b5t3cc.bin
c:\windows\system32\27445pzmbot529.cpl
c:\windows\system32\27z0downloader29515.bin
c:\windows\system32\28754sp96dz.ocx
c:\windows\system32\28859h5czt9ol76.cpl
c:\windows\system32\289z3troj508.dll
c:\windows\system32\28z65i93049.bin
c:\windows\system32\28z7thief259.exe
c:\windows\system32\29045troj2z5.cpl
c:\windows\system32\2924zackd5or715.bin
c:\windows\system32\29389vizu5485.cpl
c:\windows\system32\2946backdoo51813z.ocx
c:\windows\system32\29575worz554.dll
c:\windows\system32\29ecaddwa5e76z.ocx
c:\windows\system32\2a3cbac9d5oz655.exe
c:\windows\system32\2ba6b95kdoor1z75.dll
c:\windows\system32\2e59a9dware4z0.dll
c:\windows\system32\2z293wo9m25b.cpl
c:\windows\system32\2z398worm7c5.bin
c:\windows\system32\2z42spam5ot41e9.exe
c:\windows\system32\2z505not9a-virus37b.ocx
c:\windows\system32\2z57threat9059.cpl
c:\windows\system32\30296zpambot33d5.cpl
c:\windows\system32\30325hzck95ol5ab.dll
c:\windows\system32\304525ot-a-vir9szda.cpl
c:\windows\system32\30457s9amzot585.cpl
c:\windows\system32\308549acztool162.exe
c:\windows\system32\31549ziru9787.bin
c:\windows\system32\31dcthi5f927z.exe
c:\windows\system32\3207zspy2539.bin
c:\windows\system32\324z29ot5a-virus29e.dll
c:\windows\system32\32549not-a-vz9u5530.bin
c:\windows\system32\32559worm29z.bin
c:\windows\system32\3351z5i9f2727.cpl
c:\windows\system32\3455backzoo919845.dll
c:\windows\system32\3488zownloader955.exe
c:\windows\system32\3519wzr55f9.ocx
c:\windows\system32\3564not9a-virus25z.dll
c:\windows\system32\359fthreaz12014.dll
c:\windows\system32\3698sparz5764.cpl
c:\windows\system32\3709ownloadzr8265.dll
c:\windows\system32\3789not-a-9iru5zb7.exe
c:\windows\system32\3849tzief1095.cpl
c:\windows\system32\38b4adz9are590.bin
c:\windows\system32\3909backdoor53z7.dll
c:\windows\system32\3980sz5al2151.dll
c:\windows\system32\3990tzief405.exe
c:\windows\system32\39d15ownloadez1315.ocx
c:\windows\system32\39zd5hreat20415.cpl
c:\windows\system32\3ac3szars93549.ocx
c:\windows\system32\3c75thzeat389.ocx
c:\windows\system32\3c8dt9ief175z.exe
c:\windows\system32\3f5d9ddwzre2957.ocx
c:\windows\system32\3z0asp95se1324.ocx
c:\windows\system32\3z66spyware5195.exe
c:\windows\system32\404e59eal2z84.ocx
c:\windows\system32\4141not-a-59rzs6ad.cpl
c:\windows\system32\4272tz9e51447.cpl
c:\windows\system32\42fbz5eal9794.cpl
c:\windows\system32\43dczteal2594.exe
c:\windows\system32\4419t9ie510z7.dll
c:\windows\system32\4470not9a-vzrus5fd5.bin
c:\windows\system32\450aa5d9are8z6.cpl
c:\windows\system32\45689pz2bc5.bin
c:\windows\system32\45c9b9ckzoor605.ocx
c:\windows\system32\4624thizf15239.cpl
c:\windows\system32\4683downloa5zr30369.bin
c:\windows\system32\4697spambo57b6z.bin
c:\windows\system32\47d495eaz2733.bin
c:\windows\system32\485zthre9t31890.ocx
c:\windows\system32\48z459r3243.ocx
c:\windows\system32\4919z59ktool4a9.bin
c:\windows\system32\4922s5arsez599.dll
c:\windows\system32\49e5spars5z035.cpl
c:\windows\system32\4b42s5zal1559.cpl
c:\windows\system32\4b6sz5rse940.cpl
c:\windows\system32\4ce9s9ar5ez306.cpl
c:\windows\system32\4d04d9wnzoad5r656.dll
c:\windows\system32\4e5ebackz9o51396.cpl
c:\windows\system32\4ef79pyza5e709.ocx
c:\windows\system32\4f469ir35z6.ocx
c:\windows\system32\4fa9dwz5e789.cpl
c:\windows\system32\4z23backdoo93551.dll
c:\windows\system32\5031threzt24399.dll
c:\windows\system32\5049wzrm7f.exe
c:\windows\system32\5049z9roj6b8.ocx
c:\windows\system32\50559noz-a-virus58b.cpl
c:\windows\system32\50zcsteal5957.bin
c:\windows\system32\514vizu9455.ocx
c:\windows\system32\5175spywaze8859.ocx
c:\windows\system32\51z1vir9005.ocx
c:\windows\system32\520589acktoolz64.bin
c:\windows\system32\5250spy159z.bin
c:\windows\system32\528759amboz91.exe
c:\windows\system32\528ddownlza9er8275.cpl
c:\windows\system32\5297s5arze522.exe
c:\windows\system32\52e59teaz3213.exe
c:\windows\system32\52eaaddwarz3951.dll
c:\windows\system32\52z69ha9ktool199.ocx
c:\windows\system32\53371noz-a-vir9sb3.dll
c:\windows\system32\53678tzoj13d9.dll
c:\windows\system32\539799pambzt48f.cpl
c:\windows\system32\53bzs9eal2603.bin
c:\windows\system32\53z3ba5kd9or969.exe
c:\windows\system32\54009w9rmz35.bin
c:\windows\system32\5439zteal45.exe
c:\windows\system32\55327not-a-vizus5b49.ocx
c:\windows\system32\553evir19z.exe
c:\windows\system32\5553thr9zt17151.dll
c:\windows\system32\557esp9zse966.dll
c:\windows\system32\5591wzrm497.ocx
c:\windows\system32\5592spyz5e9.dll
c:\windows\system32\5593vir2879z.exe
c:\windows\system32\5594viz129.cpl
c:\windows\system32\562209py65z.bin
c:\windows\system32\5630threz5120559.exe
c:\windows\system32\56zcsteal9135.ocx
c:\windows\system32\580d5hizf1979.cpl
c:\windows\system32\58899spy6z7.bin
c:\windows\system32\58abbackdo9z25495.cpl
c:\windows\system32\58acthiefz995.bin
c:\windows\system32\59127zot-a-vi9usc5.ocx
c:\windows\system32\5926vzr9s219.bin
c:\windows\system32\5995iruz3089.cpl
c:\windows\system32\599zt5oj54a.exe
c:\windows\system32\59ad5i9z916.exe
c:\windows\system32\59faspzrs5942.exe
c:\windows\system32\5a9backzoor950.cpl
c:\windows\system32\5c89viz579.ocx
c:\windows\system32\5ce6spywar59z0.exe
c:\windows\system32\5cf5thzeat5898.cpl
c:\windows\system32\5d93thief185z.bin
c:\windows\system32\5dfzpars91624.cpl
c:\windows\system32\5ef7addwa5e2398z.dll
c:\windows\system32\5esparze9139.cpl
c:\windows\system32\5f1abackd5orz976.dll
c:\windows\system32\5f49zackd9or19785.cpl
c:\windows\system32\5z8c9pyware679.cpl
c:\windows\system32\5zc5spywa9e3565.dll
c:\windows\system32\60599ddware5z3.bin
c:\windows\system32\61bf59eal1z99.exe
c:\windows\system32\638e5a9kdoor1598z.bin
c:\windows\system32\649daddz9re3534.exe
c:\windows\system32\64zdthi59752.bin
c:\windows\system32\654b9hief1125z.exe
c:\windows\system32\6591downl5ader588z.ocx
c:\windows\system32\6592downl9adez1045.cpl
c:\windows\system32\65bet9ief506z.ocx
c:\windows\system32\65cbspyw9rez285.dll
c:\windows\system32\6613t9iefz59.ocx
c:\windows\system32\6798bazkd5or9109.exe
c:\windows\system32\6856zpy795.dll
c:\windows\system32\686zpyware9451.dll
c:\windows\system32\6922threzt5585.exe
c:\windows\system32\6955stezl97.bin
c:\windows\system32\6965not-z-virus4759.exe
c:\windows\system32\69a2dowz5oader2020.dll
c:\windows\system32\6b469own5ozder3267.exe
c:\windows\system32\6b52vir19z7.dll
c:\windows\system32\6cbvi52909z.ocx
c:\windows\system32\6cfcthre5z60639.exe
c:\windows\system32\6d865ow9loader7z7.cpl
c:\windows\system32\6f7fthr5at15911z.ocx
c:\windows\system32\6fa995yzare2603.exe
c:\windows\system32\6z5s9ambot595.bin
c:\windows\system32\6zc2downlo5d9r2350.cpl
c:\windows\system32\6zc5backdoor29939.ocx
c:\windows\system32\6zf6downloader1559.ocx
c:\windows\system32\70a2thizf20599.ocx
c:\windows\system32\71529pambotz89.dll
c:\windows\system32\7199v591z5.cpl
c:\windows\system32\7259steal2z23.bin
c:\windows\system32\72z9hac5tool4c6.exe
c:\windows\system32\731fdoznl9ader5922.exe
c:\windows\system32\736d9tz5l2855.cpl
c:\windows\system32\7529zpy654.exe
c:\windows\system32\7599threzt22604.bin
c:\windows\system32\75d5h9ez3058.ocx
c:\windows\system32\7669zownloader9285.exe
c:\windows\system32\76f0zh59f3217.dll
c:\windows\system32\775edownloaz95291.cpl
c:\windows\system32\77885pyw9rez979.bin
c:\windows\system32\7993add5are28z9.bin
c:\windows\system32\7az9t5i9f1988.ocx
c:\windows\system32\7c905h9ef1z93.cpl
c:\windows\system32\7czct9re5t4699.exe
c:\windows\system32\7d47b9ckd5zr1227.dll
c:\windows\system32\7z65ha9ktool58e.bin
c:\windows\system32\7zf5thief2956.bin
c:\windows\system32\82339zrm5215.exe
c:\windows\system32\84435roz139.cpl
c:\windows\system32\891spywarz19445.dll
c:\windows\system32\8c45hiz93100.cpl
c:\windows\system32\8z74wor92b15.cpl
c:\windows\system32\9045hreaz1383.bin
c:\windows\system32\909zownloader563.dll
c:\windows\system32\90z32troj504.ocx
c:\windows\system32\913z4w5rm103.bin
c:\windows\system32\914espar5ez840.dll
c:\windows\system32\9157ha9ktool5f2z.bin
c:\windows\system32\918evir51z5.cpl
c:\windows\system32\91e6downlozder9255.exe
c:\windows\system32\91z5virus951.cpl
c:\windows\system32\922z5spy2bd5.dll
c:\windows\system32\92a0baczd5or538.bin
c:\windows\system32\935dzwn9oader681.ocx
c:\windows\system32\93b8spar5e2249z.dll
c:\windows\system32\93c5sparse957z.ocx
c:\windows\system32\93zasparse2855.cpl
c:\windows\system32\944zst5al803.dll
c:\windows\system32\9492spywar5227z.exe
c:\windows\system32\9496ha5kt9ol5c6z.cpl
c:\windows\system32\951z5ot-a-virus60d9.cpl
c:\windows\system32\9558zo9m7f0.cpl
c:\windows\system32\95990spzm5ot7c9.cpl
c:\windows\system32\9615spyz52.ocx
c:\windows\system32\9709spzmbo5215.exe
c:\windows\system32\97719zpambot45c.cpl
c:\windows\system32\9772notza-viru55dc.exe
c:\windows\system32\97d1b5zkdoor2134.bin
c:\windows\system32\97fasparse2591z.cpl
c:\windows\system32\9984spa59zt3c6.cpl
c:\windows\system32\999z9worm559.dll
c:\windows\system32\99zthreat197205.cpl
c:\windows\system32\9czcbac5door133.dll
c:\windows\system32\9dz8spa5se591.cpl
c:\windows\system32\b3adownl9a5er2309z.dll
c:\windows\system32\cdz5ir979.dll
c:\windows\system32\Drivers\oizqk.sys
c:\windows\system32\e25spywar59368z.cpl
c:\windows\system32\KBL.LOG
c:\windows\system32\z015vi5u920f.dll
c:\windows\system32\z0685tr9j16a.ocx
c:\windows\system32\z0697t5o9f4.bin
c:\windows\system32\z0952virus23f9.dll
c:\windows\system32\z1309hack5oolef.cpl
c:\windows\system32\z20989ack5ool2aa.exe
c:\windows\system32\z35thief955.exe
c:\windows\system32\z39bthr5at13661.exe
c:\windows\system32\z3ads9y5are318.exe
c:\windows\system32\z4f65ackd9or3182.dll
c:\windows\system32\z4fb5ackdoo9615.bin
c:\windows\system32\z55s5ars9717.dll
c:\windows\system32\z5729hack9ool5.bin
c:\windows\system32\z5822virus9405.cpl
c:\windows\system32\z6b5v9r782.ocx
c:\windows\system32\z6e295yware3213.dll
c:\windows\system32\z8343tro590c.cpl
c:\windows\system32\z8595troj996.cpl
c:\windows\system32\z911steal539.ocx
c:\windows\system32\z952troj457.bin
c:\windows\system32\z9665ownlo9der827.exe
c:\windows\system32\z9cfst5a9850.ocx
c:\windows\system32\zb0backdoor955.ocx
c:\windows\system32\zc5athre9t59635.cpl
c:\windows\system32\ze8thie51948.cpl
c:\windows\system32\zf49steal2598.bin
c:\windows\z019stea51063.exe
c:\windows\z0ddsparse3593.dll
c:\windows\z2bbste591678.exe
c:\windows\z36495acktool13e.exe
c:\windows\z3985hacktoo5746.exe
c:\windows\z42asp5ware197.bin
c:\windows\z45fsparse1907.cpl
c:\windows\z5519sp924e.dll
c:\windows\z5592sp94b5.exe
c:\windows\z6829py515.dll
c:\windows\z79815ot-a9virus26f.ocx
c:\windows\z7absp5ware938.bin
c:\windows\z87worm951.ocx
c:\windows\z904thi5f1957.cpl
c:\windows\z9341not5a-v9rus25a.ocx
c:\windows\z992vir755.ocx
c:\windows\z9f5v9r3139.ocx
c:\windows\za9bst5al833.bin
c:\windows\zc16spa95e1807.bin
c:\windows\zd57ad5wa9e3059.exe
c:\windows\zde5stea977.exe
c:\windows\ze37spars53199.cpl

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_nlxyo


((((((((((((((((((((((((( Files Created from 2009-10-03 to 2009-11-03 )))))))))))))))))))))))))))))))
.

2009-11-03 16:44 . 2009-11-03 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-10-31 13:46 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-31 13:46 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-31 13:46 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-31 13:46 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-31 13:46 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-31 13:45 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-31 13:45 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-31 13:45 . 2009-10-31 13:45 -------- d-----w- c:\program files\Alwil Software
2009-10-31 13:25 . 2009-10-31 13:25 -------- d-----w- C:\AVGTemp
2009-10-30 01:57 . 2009-10-30 01:57 -------- d-----w- c:\programdata\is-IO8EQ
2009-10-30 01:57 . 2009-11-03 16:49 222275616 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 01:57 . 2008-07-08 20:54 148496 ----a-w- c:\windows\system32\drivers\57666812.sys
2009-10-29 05:29 . 2009-10-29 05:43 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-29 05:28 . 2009-10-29 05:43 -------- d-----w- c:\programdata\Lavasoft
2009-10-28 23:41 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-28 23:41 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-28 23:41 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-28 23:41 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-28 23:40 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-28 23:40 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-28 23:40 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-28 23:40 . 2009-08-07 02:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-28 23:40 . 2009-08-07 01:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 20:22 . 2009-10-31 02:18 0 ----a-r- c:\windows\win32k.sys
2009-10-28 15:37 . 2009-10-28 15:37 -------- d-----w- c:\windows\Sun
2009-10-28 15:36 . 2009-10-28 15:37 -------- d-sh--w- c:\users\Josh\AppData\Roaming\Windows System Defender
2009-10-28 15:36 . 2009-10-31 03:04 -------- d-sh--w- c:\programdata\31e109c
2009-10-28 03:29 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:28 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 20:42 . 2009-10-27 20:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-15 14:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 14:34 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 14:34 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 14:31 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 14:31 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 14:29 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 14:28 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 14:27 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-08 03:01 . 2009-10-08 16:47 -------- d-----w- c:\programdata\FLEXnet
2009-10-08 02:27 . 2009-10-08 02:27 -------- d-----w- c:\program files\Adobe Media Player
2009-10-08 02:19 . 2009-10-08 02:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-03 16:49 . 2008-10-22 14:17 -------- d-----w- c:\users\Josh\AppData\Roaming\uTorrent
2009-11-03 16:45 . 2009-10-30 01:57 2600948 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-02 03:24 . 2009-02-16 22:59 27744 ----a-w- c:\programdata\nvModes.dat
2009-10-28 13:01 . 2008-10-22 13:36 76568 ----a-w- c:\users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-28 10:13 . 2008-10-22 09:09 -------- d-----w- c:\programdata\Microsoft Help
2009-10-25 12:59 . 2009-07-22 07:54 -------- d-----w- c:\program files\MagicDisc
2009-10-19 03:49 . 2008-12-19 20:11 6944 ----a-w- c:\users\Josh\AppData\Local\d3d9caps.dat
2009-10-15 15:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-10-08 02:48 . 2008-10-22 09:15 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-05 04:31 . 2008-10-22 10:09 -------- d-----w- c:\programdata\WildTangent
2009-10-01 17:29 . 2009-10-02 21:53 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-09 18:46 . 2008-10-23 13:17 -------- d-----w- c:\users\Josh\AppData\Roaming\DivX
2009-09-07 17:36 . 2009-06-23 07:28 -------- d-----w- c:\program files\AIM Toolbar
2009-09-07 17:36 . 2009-09-07 17:36 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-09-07 17:36 . 2009-09-07 17:36 -------- d-----w- c:\programdata\AIM
2009-09-07 17:36 . 2009-09-07 17:36 -------- d-----w- c:\program files\AIM
2009-08-28 12:39 . 2009-09-03 20:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 20:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-15 14:35 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-15 14:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-15 14:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-09 15:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 15:07 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 15:07 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 15:07 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 15:07 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 15:07 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 15:07 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 15:07 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 15:07 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 15:07 10240 ----a-w- c:\windows\system32\finger.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-06 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-09 2598896]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-09 2598896]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"Aim"="c:\program files\AIM\aim.exe" [2009-08-20 3622760]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-05 289072]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-IO8EQ.lnk - c:\users\Josh\Downloads\Anti-Virus\Virus Removal Tool\is-IO8EQ\startup.exe [2009-10-29 65536]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-7-21 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=""
"FirewallOverride"=""

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/31/2009 5:46 AM 114768]
R1 is-IO8EQdrv;is-IO8EQdrv;c:\windows\System32\drivers\57666812.sys [10/29/2009 5:57 PM 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/31/2009 5:46 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/31/2009 5:45 AM 53328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/26/2008 10:15 PM 24652]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\System32\drivers\IcdUsb2.sys [10/23/2008 8:14 PM 39048]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2008-10-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dinofile.co.kr
DPF: {2A93BD7A-7E47-4857-8DC3-5B38495ECF28} - hxxp://update.dinofile.co.kr/ActiveX/DinoFile.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-2f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
URLSearchHooks-BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
URLSearchHooks-AE00-17A6-11D0-99CB-00C04FD64497} - (no file)
HKCU-Run-iKu - c:\users\Josh\Downloads\iKu\iKu.exe
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-03 08:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\system32\NOTEPAD.EXE
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-11-03 8:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-03 16:56

Pre-Run: 75,174,715,392 bytes free
Post-Run: 77,205,069,824 bytes free


Running from: C:\Users\Josh\Downloads\Desktop\Win32kDiag.exe

Log file at : C:\Users\Josh\Downloads\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7F1F.tmp\ZAP7F1F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Options\Cabs\Cabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SMINST\APPS\DTA\DTA

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SMINST\DRV\DTA\DTA

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.16926_en-us_2185ec15e486221c\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.16926_en-us_2185ec15e486221c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.21125_en-us_220e60b8fda4dbd1\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.21125_en-us_220e60b8fda4dbd1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.18330_en-us_235b5913e1ba36f4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.18330_en-us_235b5913e1ba36f4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.22520_en-us_23efc7b0facfb7f4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.22520_en-us_23efc7b0facfb7f4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.18111_en-us_25586d03decf6ab4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.18111_en-us_25586d03decf6ab4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.22223_en-us_25d93a76f7f3591d\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.22223_en-us_25d93a76f7f3591d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.16926_en-us_dd0695ced5a51138\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.16926_en-us_dd0695ced5a51138

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.21125_en-us_dd8f0a71eec3caed\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.21125_en-us_dd8f0a71eec3caed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.18330_en-us_dedc02ccd2d92610\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.18330_en-us_dedc02ccd2d92610

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.22520_en-us_df707169ebeea710\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.22520_en-us_df707169ebeea710

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.18111_en-us_e0d916bccfee59d0\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.18111_en-us_e0d916bccfee59d0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.22223_en-us_e159e42fe9124839\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.22223_en-us_e159e42fe9124839

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e

Mount point destination : \Device\__max++>\^

Attached Files


Edited by krnbboyj, 03 November 2009 - 12:03 PM.


#8 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:38 AM

Posted 04 November 2009 - 11:24 AM

Hi,

Let's try Avenger once more.
  • Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"

    Files to move:
    C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll | C:\WINDOWS\system32\cngaudit.dll
  • Now start The Avenger2 by double clicking avenger.exe on your desktop.
  • Read the prompt that appears, and press OK.
  • Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  • Press the "Execute" button.
  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.

~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#9 krnbboyj

krnbboyj
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 04 November 2009 - 11:56 PM

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll|C:\WINDOWS\system32\cngaudit.dll" completed successfully.

Completed script processing.

*******************

Finished! Terminate.

#10 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:38 AM

Posted 05 November 2009 - 07:06 AM

Hi,

We are making progress. :( Please stay with me until I declare that your computer is clean as most users don't reply anymore once they found that their computer is running smoothly but absence of symptoms does not mean that a computer is free from infection.


dinofile.co.kr

Did you put this in your trusted zone?



Please read the following warnings:

1. Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case uTorrent).

These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."




2. I strongly suggest that you uninstall Ask Toolbar. Some of the bad practices of this toolbar are:

  • Promoting its toolbars on sites targeted to kids. Details.
  • Promoting its toolbars through ads that appear to be part of other companies' sites. Details.
  • Promoting its toolbars through other companies' spyware. Details.
  • Installing without any disclosure whatsoever and without any consent whatsoever. Details.
  • Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Details.
  • Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. Details.
Please read the full details HERE.

If you decided to remove Ask Toolbar. Go to Start > Control Panel > Add Remove programs and remove AskBarDis.

Then go to C: > Program Files and delete AskBarDis folder.




3. I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
If viewpoint is not listed in your program list:
Start firefox > click tools > click add-ons from there look for viewpoint or viewpoint media player then uninstall it.

Then, go to c: > program files and delete viewpoint folder.




*********************

Let's continue cleaning your computer: :(

1. Please save this FILE to your desktop. Click on Start > Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

"%userprofile%\desktop\win32kdiag.exe" -f -r




2. We need to execute a ComboFix script. (Tutorials on how to disable your anti virus and anti malware programs can be found

HERE.)

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the code box below into it:

DirLook::
C:\AVGTemp

DDS:: 
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: 1 (0x1) - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

Folder::
c:\users\Josh\AppData\Roaming\Windows System Defender
c:\programdata\31e109c

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




3. Please create a fresh DDS log. Post the DDS.txt and Attach.txt when you reply.



The logs that I'm requiring you to post are:
  • Win32kDiag.txt
  • CFScript.txt
  • DDS.txt and Attach.txt

~Semp

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#11 krnbboyj

krnbboyj
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 05 November 2009 - 11:22 AM

Running from: C:\Users\Josh\Downloads\Desktop\Win32kDiag.exe

Log file at : C:\Users\Josh\Downloads\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C42.tmp\ZAP5C42.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7F1F.tmp\ZAP7F1F.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Options\Cabs\Cabs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\PnrpSqm\PnrpSqm

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SMINST\APPS\DTA\DTA

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SMINST\DRV\DTA\DTA

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.16926_en-us_2185ec15e486221c\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.16926_en-us_2185ec15e486221c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.21125_en-us_220e60b8fda4dbd1\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.21125_en-us_220e60b8fda4dbd1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.18330_en-us_235b5913e1ba36f4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.18330_en-us_235b5913e1ba36f4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.22520_en-us_23efc7b0facfb7f4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.22520_en-us_23efc7b0facfb7f4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.18111_en-us_25586d03decf6ab4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.18111_en-us_25586d03decf6ab4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.22223_en-us_25d93a76f7f3591d\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.22223_en-us_25d93a76f7f3591d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.16926_en-us_dd0695ced5a51138\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.16926_en-us_dd0695ced5a51138

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.21125_en-us_dd8f0a71eec3caed\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.21125_en-us_dd8f0a71eec3caed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.18330_en-us_dedc02ccd2d92610\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.18330_en-us_dedc02ccd2d92610

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.22520_en-us_df707169ebeea710\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.22520_en-us_df707169ebeea710

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.18111_en-us_e0d916bccfee59d0\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.18111_en-us_e0d916bccfee59d0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.22223_en-us_e159e42fe9124839\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.22223_en-us_e159e42fe9124839

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl



ComboFix 09-11-04.05 - Josh 11/05/2009 8:00.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1745 [GMT -8:00]
Running from: c:\users\Josh\Downloads\Desktop\CFscan.exe
Command switches used :: c:\users\Josh\Downloads\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\31e109c
c:\programdata\31e109c\BackUp\is-IO8EQ.lnk
c:\programdata\31e109c\BackUp\MagicDisc.lnk
c:\programdata\31e109c\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\programdata\31e109c\mozcrt19.dll
c:\programdata\31e109c\sqlite3.dll
c:\programdata\31e109c\WSD.ico
c:\programdata\31e109c\WSDDSys\vd952342.bd
c:\users\Josh\AppData\Roaming\Windows System Defender
c:\users\Josh\AppData\Roaming\Windows System Defender\Instructions.ini

.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 16:11 . 2009-11-05 16:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-11-05 16:11 . 2009-11-05 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-04 13:28 . 2009-11-04 13:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-11-04 13:28 . 2009-11-04 13:28 8192 d-----w- c:\program files\AIM
2009-10-31 13:46 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-31 13:46 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-31 13:46 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-31 13:46 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-31 13:46 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-31 13:45 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-31 13:45 . 2009-09-15 10:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-31 13:45 . 2009-10-31 13:45 -------- d-----w- c:\program files\Alwil Software
2009-10-31 13:25 . 2009-10-31 13:25 -------- d-----w- C:\AVGTemp
2009-10-31 02:58 . 2009-10-31 02:58 11 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
2009-10-31 02:45 . 2009-10-31 02:45 70 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
2009-10-30 01:57 . 2009-10-30 01:57 -------- d-----w- c:\programdata\is-IO8EQ
2009-10-30 01:57 . 2009-11-05 16:12 266891296 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 01:57 . 2008-07-08 20:54 148496 ----a-w- c:\windows\system32\drivers\57666812.sys
2009-10-29 05:29 . 2009-10-29 05:43 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-29 05:28 . 2009-10-29 05:43 -------- d-----w- c:\programdata\Lavasoft
2009-10-29 04:20 . 2009-10-29 04:20 62 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
2009-10-28 23:57 . 2009-10-28 23:57 77 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\hymt.drv
2009-10-28 23:41 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-28 23:41 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-28 23:41 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-28 23:41 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-28 23:40 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-28 23:40 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-28 23:40 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-28 23:40 . 2009-08-07 02:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-28 23:40 . 2009-08-07 01:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 21:57 . 2009-10-31 02:31 10 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\cid.sys
2009-10-28 20:26 . 2009-10-28 20:26 76 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\ppal.dll
2009-10-28 20:22 . 2009-10-31 02:18 0 ----a-r- c:\windows\win32k.sys
2009-10-28 15:57 . 2009-10-29 03:35 67 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
2009-10-28 15:53 . 2009-10-28 15:53 22 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
2009-10-28 15:53 . 2009-10-29 03:52 32 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
2009-10-28 15:53 . 2009-10-28 15:53 76 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
2009-10-28 15:53 . 2009-10-28 15:53 29 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
2009-10-28 15:53 . 2009-10-28 15:53 12 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\FW.dll
2009-10-28 15:53 . 2009-10-28 15:53 1 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
2009-10-28 15:53 . 2009-10-29 03:21 28 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
2009-10-28 15:53 . 2009-10-28 15:53 33 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.exe
2009-10-28 15:53 . 2009-10-28 15:53 10 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
2009-10-28 15:53 . 2009-10-28 15:53 37 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\gid.dll
2009-10-28 15:46 . 2009-10-28 20:36 19 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
2009-10-28 15:37 . 2009-10-28 15:37 -------- d-----w- c:\windows\Sun
2009-10-28 15:36 . 2009-10-28 15:36 71 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\ddv.exe
2009-10-28 15:36 . 2009-10-28 15:36 40 ----a-w- c:\users\Josh\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
2009-10-28 03:29 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:28 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 20:42 . 2009-10-27 20:42 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-15 14:37 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 14:34 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 14:34 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 14:31 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 14:31 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 14:29 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 14:28 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 14:27 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-08 03:01 . 2009-10-08 16:47 -------- d-----w- c:\programdata\FLEXnet
2009-10-08 02:27 . 2009-10-08 02:27 4096 d-----w- c:\program files\Adobe Media Player
2009-10-08 02:19 . 2009-10-08 02:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 15:33 . 2008-10-22 08:36 -------- d-----w- c:\programdata\Viewpoint
2009-11-05 15:32 . 2008-10-27 06:17 8192 d-----w- c:\program files\Windows Live Toolbar
2009-11-05 15:16 . 2008-10-22 14:17 65536 d-----w- c:\users\Josh\AppData\Roaming\uTorrent
2009-11-05 07:01 . 2009-10-30 01:57 3033872 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-04 14:59 . 2009-02-16 22:59 27744 ----a-w- c:\programdata\nvModes.dat
2009-11-04 13:28 . 2008-10-22 08:36 -------- d-----w- c:\program files\Common Files\AOL
2009-11-03 17:10 . 2009-07-22 07:54 4096 d-----w- c:\program files\MagicDisc
2009-10-28 13:01 . 2008-10-22 13:36 76568 ----a-w- c:\users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2009-10-28 10:13 . 2008-10-22 09:09 8192 d-----w- c:\programdata\Microsoft Help
2009-10-19 03:49 . 2008-12-19 20:11 6944 ----a-w- c:\users\Josh\AppData\Local\d3d9caps.dat
2009-10-15 15:40 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-08 02:48 . 2008-10-22 09:15 8192 d-----w- c:\program files\Common Files\Adobe
2009-10-05 04:31 . 2008-10-22 10:09 12288 d-----w- c:\programdata\WildTangent
2009-10-01 17:29 . 2009-10-02 21:53 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-09 18:46 . 2008-10-23 13:17 -------- d-----w- c:\users\Josh\AppData\Roaming\DivX
2009-09-07 17:36 . 2009-09-07 17:36 -------- d-----w- c:\programdata\AIM
2009-08-28 12:39 . 2009-09-03 20:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 20:28 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32 . 2009-10-15 14:35 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29 . 2009-10-15 14:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58 . 2009-10-15 14:35 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 06:33 . 2009-08-18 06:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 17:07 . 2009-09-09 15:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 16:29 . 2009-09-09 15:07 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 16:29 . 2009-09-09 15:07 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 14:16 . 2009-09-09 15:07 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-09 15:07 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16 . 2009-09-09 15:07 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16 . 2009-09-09 15:07 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16 . 2009-09-09 15:07 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16 . 2009-09-09 15:07 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-09 15:07 10240 ----a-w- c:\windows\system32\finger.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\AVGTemp ----

2009-10-31 13:27 . 2009-10-31 13:31 196598 ----a-w- c:\avgtemp\avgremover_en\avgremover.log
2009-10-31 13:25 . 2009-01-26 19:10 477 ----a-w- c:\avgtemp\avgremover_en\readme.txt
2009-10-31 13:25 . 2009-10-05 15:25 46 ----a-w- c:\avgtemp\avgremover_en\info.bat
2009-10-31 13:25 . 2009-10-05 12:20 1316632 ----a-w- c:\avgtemp\avgremover_en\avgremoverx64.exe
2009-10-31 13:25 . 2009-10-05 12:20 718104 ----a-w- c:\avgtemp\avgremover_en\avgremover.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-09 2598896]

[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-07-09 2598896]

[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-24 455968]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-01 1783136]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-10-05 289072]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-04 92704]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
is-IO8EQ.lnk - c:\users\Josh\Downloads\Anti-Virus\Virus Removal Tool\is-IO8EQ\startup.exe [2009-10-29 65536]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [10/31/2009 5:46 AM 114768]
R1 is-IO8EQdrv;is-IO8EQdrv;c:\windows\System32\drivers\57666812.sys [10/29/2009 5:57 PM 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [10/31/2009 5:46 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [10/31/2009 5:45 AM 53328]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\System32\drivers\IcdUsb2.sys [10/23/2008 8:14 PM 39048]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: dinofile.co.kr
DPF: {2A93BD7A-7E47-4857-8DC3-5B38495ECF28} - hxxp://update.dinofile.co.kr/ActiveX/DinoFile.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\ss40iee4.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Josh\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-05 08:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP000000A8809FF55DE21E6055 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-05 8:15
ComboFix-quarantined-files.txt 2009-11-05 16:15
ComboFix2.txt 2009-11-03 16:56

Pre-Run: 78,968,471,552 bytes free
Post-Run: 78,829,469,696 bytes free



DDS (Ver_09-10-26.01) - NTFSx86
Run by Josh at 8:19:57.95 on Thu 11/05/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3006.1621 [GMT -8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Josh\Downloads\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SPEEDBIT1 Class: {425e30f0-ccc6-4e24-bbeb-bcbd31720b37} - c:\program files\speedbit toolbar\toolbar\SpeedBit.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: SpeedBit: {ebfcd017-bcad-42c3-9ed5-89dbdfc59171} - c:\program files\speedbit toolbar\toolbar\SpeedBit.dll
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [LightScribe Control Panel] "c:\program files\common files\lightscribe\LightScribeControlPanel.exe" -hidden
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [HPADVISOR] "c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe" autoRun
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] "c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe" /Start
mRun: [OnScreenDisplay] "c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [hpqSRMon] "c:\program files\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [hpWirelessAssistant] "c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe"
mRun: [NvCplDaemon] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] "c:\windows\system32\rundll32.exe" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\is-io8eq.lnk - c:\users\josh\downloads\anti-virus\virus removal tool\is-io8eq\startup.exe
StartupFolder: c:\users\josh\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: dinofile.co.kr
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2A93BD7A-7E47-4857-8DC3-5B38495ECF28} - hxxp://update.dinofile.co.kr/ActiveX/DinoFile.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} - hxxp://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} - hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_0_4/DaumActiveX.cab?ver=2,0,0,4
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\josh\appdata\roaming\mozilla\firefox\profiles\ss40iee4.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-10-31 114768]
R1 is-IO8EQdrv;is-IO8EQdrv;c:\windows\system32\drivers\57666812.sys [2009-10-29 148496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-31 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-31 53328]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2008-10-23 39048]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-11-05 15:40:17 0 d-----w- C:\CFscan
2009-11-04 13:28:50 0 d-----w- c:\program files\common files\Software Update Utility
2009-11-04 13:28:39 0 d-----w- c:\program files\AIM
2009-11-03 16:24:05 98816 ----a-w- c:\windows\sed.exe
2009-11-03 16:24:05 77312 ----a-w- c:\windows\MBR.exe
2009-11-03 16:24:05 267264 ----a-w- c:\windows\PEV.exe
2009-11-03 16:24:05 161792 ----a-w- c:\windows\SWREG.exe
2009-10-31 13:45:47 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-10-31 13:25:41 0 d-----w- C:\AVGTemp
2009-10-30 01:57:48 0 d-----w- c:\programdata\is-IO8EQ
2009-10-30 01:57:33 3033872 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-10-30 01:57:33 267771936 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 01:57:26 148496 ----a-w- c:\windows\system32\drivers\57666812.sys
2009-10-29 05:28:35 0 d-----w- c:\programdata\Lavasoft
2009-10-28 23:41:55 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-28 23:40:54 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-28 23:40:38 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 23:40:38 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-28 20:22:22 0 ----a-r- c:\windows\win32k.sys
2009-10-28 03:29:03 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 03:28:55 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 20:42:40 0 d-----w- c:\program files\common files\Windows Live
2009-10-15 14:37:16 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-15 14:34:51 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-15 14:34:50 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-15 14:31:53 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2009-10-15 14:31:52 80896 ----a-w- c:\windows\system32\MSNP.ax
2009-10-15 14:31:42 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-15 14:31:42 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-15 14:31:42 217088 ----a-w- c:\windows\system32\psisrndr.ax
2009-10-15 14:29:06 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 14:28:34 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 14:27:59 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-08 03:01:47 0 d-----w- c:\programdata\FLEXnet
2009-10-08 02:19:20 0 d-----w- c:\program files\common files\Macrovision Shared

==================== Find3M ====================

2009-11-04 14:59:01 27744 ----a-w- c:\programdata\nvModes.dat
2009-10-31 12:56:23 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-31 12:56:23 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-31 12:56:22 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-01 17:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 06:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-14 16:29:41 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 16:29:41 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 14:16:55 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 14:16:55 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 14:16:52 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 14:16:51 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 14:16:50 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 14:16:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 14:16:49 10240 ----a-w- c:\windows\system32\finger.exe
2008-10-22 14:31:07 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:20:15.94 ===============

Attached Files



#12 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:38 AM

Posted 06 November 2009 - 01:03 PM

Hi,

I need to clarify some things with you with regard to the last run of Win32diag:

1. When you ran Win32diag, did you use the command in bolded text?

2. Did you encounter any error when running the tool?

3. Is the Win32kDiag.txt in your last post is the latest log of Wn32diag?


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#13 krnbboyj

krnbboyj
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:03:38 PM

Posted 06 November 2009 - 11:21 PM

It automatically scanned when I opened it. and yes it is the lastest one.
I didn't encounter any problem when I opened it.

Attached Files



#14 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:38 AM

Posted 07 November 2009 - 02:45 AM

When you say "When I open it", did you double click Win32diag.exe or did you go to Start > Run and copy/paste the command below:

"%userprofile%\desktop\win32kdiag.exe" -f -r


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#15 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:04:38 AM

Posted 11 November 2009 - 09:45 AM

Hi,

Are you still with us?

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users