Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help removing Windows Antivirus Pro on Vista [Solved]

Started by hellod00d , Aug 27 2009 08:32 PM

  • This topic is locked This topic is locked

#1
hellod00d
Posted 27 August 2009 - 08:32 PM

hellod00d

    New Member

  • Member
  • Pip
  • 6 posts
Hello!

I'm typing this from a friends computer as mine is currently in safe mode running a full system scan with "windows defender". Here's the issue:

I recently got infected with Windows Antivirus Pro and went to google and followed the directions there to remove the program. Basically, I went through my entire system manually and deleted all known associated files and registry keys of the malware. At that point I had started using Ad-Aware, Spybot S&D and Windows Defender to get rid of the program. After running all three programs and locating any leftover suspicious/problem files, I again went directly into my system and deleted them. To my dismay, my system went haywire afterward - I would constantly get a "Host Process for Windows Services has stopped working and has closed" notification and neither of my browsers (firefox, ie) would allow me to search up anything that was relatively related to fixing the issue. I guess that meant I didn't get rid of the problem and now it was pissed off that I tampered with the bugger, haha.

At that point, after realizing I probably did more damage than good by thrashing my registry and system files so I system restored to the earliest restore point I had (8/24/09). Problem is, the program was already in my computer at this point and so now I am back at square one; I'm not too sure if the host process problem still happens cause I went straight to safe mode after uninstalling all my anti-spyware programs, except for windows defender, just in case. I did a preliminary system review and found that the files (dddesot.dll, desot, bennuar.old, sysnet.dat, and all them other files associated with the problem) are back in my system and registry. However, they aren't causing any problems cause I'm in safe mode. I was reading through a couple of other threads related to this issue but it seems everyone has a problem specifically tailored to their system so I'm starting a new thread regarding the issue.

Please let me know if you can help me out, I'll be on almost everyday in safe mode with networking to respond to any requests you may have. For now though, this is getting to be a big hassle cause I work from home, and with a screwy comp it isn't too fun.

Thanks!
-Josh
  • 0

Advertisements

#2
hellod00d
Posted 28 August 2009 - 07:40 PM

hellod00d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Update: I've downloaded all the programs listed on the other threads (mbam, win32kdiag, otl, otm, tfc, etc.). New problem, however, is that I cannot run these programs at all. When I try to open from my desktop, it opens an "Open with..." request window - which makes absolutely no sense. When I try to open it from my start menu run bar (entry: "%userprofile%\desktop\win32kdiag.exe" -f -r). It says the application is not found when it is clearly on my desktop. I know this forum is pretty busy but please help me out if you can - I don't want to have to reformat if I don't have to.

Thanks!

Edit 8/28 - was able to run Kaspersky scan cause it isn't an executable file from my comp.
Here's the log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 28, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 29, 2009 03:39:43
Records in database: 2700254
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 171727
Threats found: 5
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 03:09:28


File name / Threat / Threats count
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\683EADJH\w[1].bin Infected: Trojan-Downloader.Win32.DlfBfkg.abe 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3M22P10\adobe57[1].pdf Infected: Exploit.Win32.Pidief.bjx 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3M22P10\w[1].bin Infected: Trojan-Downloader.Win32.DlfBfkg.aaw 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3M22P10\w[2].bin Infected: Trojan-Downloader.Win32.DlfBfkg.aaw 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPJKNWV1\w[1].bin Infected: Trojan-Downloader.Win32.DlfBfkg.abe 1
C:\Windows\Temp\IXP000.TMP\2s.exe Infected: Trojan-GameThief.Win32.WOW.ski 1
C:\Windows\Temp\IXP000.TMP\ea0821.exe Infected: Trojan-Downloader.Win32.DlfBfkg.aaz 1
C:\Windows\Temp\kntspouifo.exe Infected: Trojan-GameThief.Win32.WOW.ski 1
C:\Windows\Temp\kntspouifo.exe Infected: Trojan-Downloader.Win32.DlfBfkg.aaz 1
Selected area has been scanned.


Edit 8/29 - after looking at the kaspersky log, I went in to my comp and manually deleted all the infected files. I can now open some programs - it still goes to the "open with" screen but its allowing me to actually browse for the file. However, I am still getting a few problems. I ran MBAM and Win32kdiag and was able to clear more files - here are the logs:

Log file is located at: C:\Users\test\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\bthservsdp.dat

[1] 2009-08-29 03:14:06 12 C:\Windows\bthservsdp.dat ()



Found mount point : C:\Windows\Debug\UserMode\UserMode

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\LiveKernelReports\WATCHDOG\WATCHDOG

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16866_none_7fe0c12063c7ff25\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.16866_none_7fe0c12063c7ff25: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21062_none_806634e57ce96cd5\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6000.21062_none_806634e57ce96cd5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18267_none_81c8001060eda96d\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.18267_none_81c8001060eda96d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22444_none_82643dbb79fdc277\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6001.22444_none_82643dbb79fdc277: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18046_none_83c3136c5e04aa7f\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.18046_none_83c3136c5e04aa7f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22147_none_844db081772163a0\x86_microsoft-windows-a..-experience-apphelp_31bf3856ad364e35_6.0.6002.22147_none_844db081772163a0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16866_none_4755e279c14fc1a0\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.16866_none_4755e279c14fc1a0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21062_none_47db563eda712f50\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6000.21062_none_47db563eda712f50: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18267_none_493d2169be756be8\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.18267_none_493d2169be756be8: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22444_none_49d95f14d78584f2\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6001.22444_none_49d95f14d78584f2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18046_none_4b3834c5bb8c6cfa\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.18046_none_4b3834c5bb8c6cfa: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22147_none_4bc2d1dad4a9261b\x86_microsoft-windows-a..bility-assistant-db_31bf3856ad364e35_6.0.6002.22147_none_4bc2d1dad4a9261b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16866_none_0a011f83f55114da\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.16866_none_0a011f83f55114da: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21062_none_0a8693490e72828a\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6000.21062_none_0a8693490e72828a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18267_none_0be85e73f276bf22\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18267_none_0be85e73f276bf22: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22444_none_0c849c1f0b86d82c\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.22444_none_0c849c1f0b86d82c: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18046_none_0de371cfef8dc034\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18046_none_0de371cfef8dc034: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22147_none_0e6e0ee508aa7955\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.22147_none_0e6e0ee508aa7955: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16866_none_0a021fcdf5502e31\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.16866_none_0a021fcdf5502e31: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21062_none_0a8793930e719be1\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6000.21062_none_0a8793930e719be1: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18267_none_0be95ebdf275d879\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.18267_none_0be95ebdf275d879: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22444_none_0c859c690b85f183\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6001.22444_none_0c859c690b85f183: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18046_none_0de47219ef8cd98b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.18046_none_0de47219ef8cd98b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22147_none_0e6f0f2f08a992ac\x86_microsoft-windows-a..ence-mitigations-c2_31bf3856ad364e35_6.0.6002.22147_none_0e6f0f2f08a992ac: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16866_none_0a032017f54f4788\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.16866_none_0a032017f54f4788: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21062_none_0a8893dd0e70b538\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6000.21062_none_0a8893dd0e70b538: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18267_none_0bea5f07f274f1d0\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.18267_none_0bea5f07f274f1d0: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22444_none_0c869cb30b850ada\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6001.22444_none_0c869cb30b850ada: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18046_none_0de57263ef8bf2e2\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.18046_none_0de57263ef8bf2e2: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22147_none_0e700f7908a8ac03\x86_microsoft-windows-a..ence-mitigations-c3_31bf3856ad364e35_6.0.6002.22147_none_0e700f7908a8ac03: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16866_none_0a042061f54e60df\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.16866_none_0a042061f54e60df: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21062_none_0a8994270e6fce8f\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6000.21062_none_0a8994270e6fce8f: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18267_none_0beb5f51f2740b27\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.18267_none_0beb5f51f2740b27: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22444_none_0c879cfd0b842431\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6001.22444_none_0c879cfd0b842431: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18046_none_0de672adef8b0c39\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.18046_none_0de672adef8b0c39: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22147_none_0e710fc308a7c55a\x86_microsoft-windows-a..ence-mitigations-c4_31bf3856ad364e35_6.0.6002.22147_none_0e710fc308a7c55a: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16866_none_0a0520abf54d7a36\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.16866_none_0a0520abf54d7a36: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21062_none_0a8a94710e6ee7e6\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6000.21062_none_0a8a94710e6ee7e6: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18267_none_0bec5f9bf273247e\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.18267_none_0bec5f9bf273247e: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22444_none_0c889d470b833d88\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6001.22444_none_0c889d470b833d88: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18046_none_0de772f7ef8a2590\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.18046_none_0de772f7ef8a2590: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22147_none_0e72100d08a6deb1\x86_microsoft-windows-a..ence-mitigations-c5_31bf3856ad364e35_6.0.6002.22147_none_0e72100d08a6deb1: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16866_none_3fdf3668c441aa88\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16866_none_3fdf3668c441aa88

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21062_none_4064aa2ddd631838\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21062_none_4064aa2ddd631838

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18267_none_41c67558c16754d0\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18267_none_41c67558c16754d0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22444_none_4262b303da776dda\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.22444_none_4262b303da776dda

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18046_none_43c188b4be7e55e2\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.18046_none_43c188b4be7e55e2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\d2d2847d8d293b748203da2d4ed8109b\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22147_none_444c25c9d79b0f03\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6002.22147_none_444c25c9d79b0f03

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.16870_none_389b60c97fc740bd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21067_none_3936a7a898d6a939

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18272_none_3a83a0037cec045c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22450_none_3b20ddf895fb36bd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.18051_none_3c7eb35f7a03056e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22152_none_3d095074931fbe8f

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4f2ddb3dfbcec\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.16870_none_e4a4f2ddb3dfbcec: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e54039bcccef2568\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6000.21067_none_e54039bcccef2568: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a700cca13b2ec\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.22450_none_e72a700cca13b2ec: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e8884573ae1b819d\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.18051_none_e8884573ae1b819d: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912e288c7383abe\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6002.22152_none_e912e288c7383abe: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16870_none_7a810285659cf00c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21067_none_7b1c49647eac5888

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18272_none_7c6941bf62c1b3ab

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22450_none_7d067fb47bd0e60c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18051_none_7e64551b5fd8b4bd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22152_none_7eeef23078f56dde

Mount point destination : \Device\__max++>\^

Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.16870_none_1fe460c0585503b5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207fa79f71646c31\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6000.21067_none_207fa79f71646c31: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc9ffa5579c754\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18272_none_21cc9ffa5579c754: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269ddef6e88f9b5\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.22450_none_2269ddef6e88f9b5: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.18051_none_23c7b3565290c866: 3
Could not open reparse point C:\Windows\SoftwareDistribution\Download\f0e7510dbdd98e00504ebcf9a6bc42ad\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452506b6bad8187\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6002.22152_none_2452506b6bad8187: 3
Found mount point : C:\Windows\SoftwareDistribution\Download\f9870fa09c866a37752cd50336c30a22\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18819_none_83d6ded046b75eaf\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18819_none_83d6ded046b75eaf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\f9870fa09c866a37752cd50336c30a22\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22909_none_846b4b875fcce288\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22909_none_846b4b875fcce288

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\Journal\Journal

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Adobe\ESD\ESD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\DNUPBP0P\DNUPBP0P

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZC1WCORO\ZC1WCORO

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Messenger\Messenger

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\Low

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Low

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\Virtualized

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Silverlight\Silverlight

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\10

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\12

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\13

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\17

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\18

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\19

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\2

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\21

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\22

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\23

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\25

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\27

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\29

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\30

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\34

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\35

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\36

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\40

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\41

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\43

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\46

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\47

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\49

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\51

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\52

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\53

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\55

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\56

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\57

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\58

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\60

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\63

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\8

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\9

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host\host

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin\muffin

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\Collab\Collab

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\Acrobat\9.0\Forms\Forms

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\67.15.218.106\syndicate\beyondthedow\beyondthedow.swf\beyondthedow.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\67.15.218.106\syndicate\bighealthtree\bighealthtree.swf\bighealthtree.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\a248.e.akamai.net\a248.e.akamai.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\ak.c.ooyala.com\ak.c.ooyala.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\as1.suitesmart.com\_f5e.swf\_f5e.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\bin.clearspring.com\bin.clearspring.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\cdn1.telemetryverification.net\cdn1.telemetryverification.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\cdn4.specificclick.net\img\img

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\ec.atdmt.com\ds\HHHBOCHILCHL\2_for_20_Q1FY10\2For_300x250_ID757.swf\2For_300x250_ID757.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\ec.atdmt.com\ds\HHHBOCHILCHL\2_for_20_Q1FY10\2For_728x90_ID759.swf\2For_728x90_ID759.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\g-ecx.images-amazon.com\images\G\16\00\00\04\69\69\20\469692090.swf\469692090.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\grindtv.com\grindtv.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\images-na.ssl-images-amazon.com\images\G\16\00\00\05\07\50\11\507501190.swf\507501190.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\images.blastro.com\images\flashplayer\flvPlayer.swf\flvPlayer.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\images.roxwel.com\images\flashplayer\flvPlayer.swf\flvPlayer.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\is1.j.tv2n.net\is1.j.tv2n.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\media.mtvnservices.com\player\loader\loader

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\media.scanscout.com\media.scanscout.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\mpsnare.iesnare.com\mpsnare.iesnare.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\s.ytimg.com\s.ytimg.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\static.grindtv.com\1.2.1311\swf\video.swf\video.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\udn.specificclick.net\udn.specificclick.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\video.flashtalking.com\video.flashtalking.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\video.nbcuni.com\video.nbcuni.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\widgets.clearspring.com\widgets.clearspring.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\www.battlefield1943.com\www.battlefield1943.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\www.comedyfetish.com\_swf\videoplayer.swf\videoplayer.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\www.metroid.com\www.metroid.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MGPYG2HC\www.smarter.com\jscript\flowplayer\flowplayer.commercial-3.0.3.swf\flowplayer.commercial-3.0.3.swf

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#67.15.218.106\#67.15.218.106

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#a248.e.akamai.net\#a248.e.akamai.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ak.c.ooyala.com\#ak.c.ooyala.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#as1.suitesmart.com\#as1.suitesmart.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\#bin.clearspring.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn1.telemetryverification.net\#cdn1.telemetryverification.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn4.specificclick.net\#cdn4.specificclick.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ec.atdmt.com\#ec.atdmt.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#g-ecx.images-amazon.com\#g-ecx.images-amazon.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#grindtv.com\#grindtv.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images-na.ssl-images-amazon.com\#images-na.ssl-images-amazon.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.blastro.com\#images.blastro.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.roxwel.com\#images.roxwel.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#is1.j.tv2n.net\#is1.j.tv2n.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com\#media.mtvnservices.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media.scanscout.com\#media.scanscout.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com\#mpsnare.iesnare.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\#s.ytimg.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.grindtv.com\#static.grindtv.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#udn.specificclick.net\#udn.specificclick.net

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.flashtalking.com\#video.flashtalking.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.nbcuni.com\#video.nbcuni.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#widgets.clearspring.com\#widgets.clearspring.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.battlefield1943.com\#www.battlefield1943.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.comedyfetish.com\#www.comedyfetish.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.metroid.com\#www.metroid.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mydamnchannel.com\#www.mydamnchannel.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.smarter.com\#www.smarter.com

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\0W2E1IIV\0W2E1IIV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\29GB11IF\29GB11IF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\EMBVW76R\EMBVW76R

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Y2NBPX1C\Y2NBPX1C

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\Low

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\Low

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\Low\Low

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\Low

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Real\RealMediaSDK\RealMediaSDK

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Roxio\MediaManager9\MediaManager9

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\config\systemprofile\AppData\Roaming\Softland\novaPDF\novaPDF

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-08-29 12:15:45 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-08-29 12:13:48 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-08-29 12:13:58 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-08-29 12:13:58 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

[1] 2009-08-29 12:15:00 0 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl ()



Found mount point : C:\Windows\System32\WDI\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}\{533a67eb-9fb5-473d-b884-958cf4b9c4a3}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WDI\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}\{ecfb03d1-58ee-4cc7-a1b5-9bc6febcb915}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\System32\WDI\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}\{ffc42108-4920-4acf-a4fc-8abdcc68ada4}

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Temp\Low\Low

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\Temp\~DF35A.tmp

[1] 2009-08-27 07:57:08 16384 C:\Windows\Temp\~DF35A.tmp ()



Cannot access: C:\Windows\Temp\~DF987C.tmp

[1] 2009-08-27 07:57:05 16384 C:\Windows\Temp\~DF987C.tmp ()



Cannot access: C:\Windows\Temp\~DFB9A2.tmp

[1] 2009-08-27 07:57:21 16384 C:\Windows\Temp\~DFB9A2.tmp ()



Found mount point : C:\Windows\tracing\tracing

Mount point destination : \Device\__max++>\^



Finished!



MBAM LOG

Malwarebytes' Anti-Malware 1.40
Database version: 2713
Windows 6.0.6002 Service Pack 2

8/29/2009 6:53:21 PM
mbam-log-2009-08-29 (18-53-00).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 283271
Time elapsed: 1 hour(s), 41 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (C:\Windows\system32\desot.exe "%1" %*) Good: ("%1" %*) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\kbiwkmqfdnmpeg.dll (Trojan.TDSS) -> No action taken.
C:\Windows\System32\kbiwkmbptxrmbt.dll (Trojan.TDSS) -> No action taken.
C:\Windows\System32\kbiwkmoslixkff.dll (Trojan.TDSS) -> No action taken.
C:\Windows\System32\minix32.exe (Rogue.WinAntivirusPro) -> No action taken.
C:\Windows\System32\drivers\kbiwkmrmxqaccp.sys (Trojan.TDSS) -> No action taken.
C:\Windows\System32\drivers\kbiwkmwecypdpc.sys (Trojan.TDSS) -> No action taken.
C:\Windows\System32\bennuar.old (Malware.Trace) -> No action taken.
C:\Windows\System32\onhelp.htm (Rogue.Trace) -> No action taken.


All the error files found in MBAM were removed upon restart, however I want to make sure this virus is completely gone. Programs are working okay for right now and the "Open with" window isn't coming up anymore but there might still be something left. Let me know if you need any other logs or what I need to do to get rid of any files still lurking in my system.
Thanks!

Edited by hellod00d, 29 August 2009 - 09:28 PM.

  • 0

#3
Transience
Posted 30 August 2009 - 12:10 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Hello and welcome to Geeks to Go! I'm Dave and I'll be helping you out. Let's get started:

Please go to the GMER Rootkit Scanner Download Site.
  • Click on the Download EXE button.
  • The file you are downloading will have a random name in order to circumvent the attempts of malware to block it from running.
  • Take note of the name of the file (please don't change it), and then save it directly to your desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click on the file you downloaded (Vista users please right-click it and select Run as Administrator). The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure that the "Show all" box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity, don't worry.
  • Click Ok.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it to a location where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

Then:

Please visit this webpage for download links and instructions for running ComboFix:

http://www.bleepingc...to-use-combofix

Download and save ComboFix.exe to your desktop from any of the download links provided in the above guide.

Once you have downloaded the file, return to the above link and continue with the instructions provided there for running ComboFix. Be sure that you read ALL of the instructions on that page very carefully and follow them exactly. It is particularly important to disable all your protection programs before running ComboFix. If you need further help figuring out how to disable a specific program look here. Installing the recovery console if you're running an XP machine is another critical step. By following the directions in that guide closely, you give ComboFix the best chance at a successful run and minimize the likelihood of having potentially serious problems occur after an attempted removal of malware.

Once the program has finished running its log should pop up automatically, or if for some reason you lose it it can found at C:\ComboFix.txt. Please post the log's contents in your next reply.

Cheers,
Dave
  • 0

#4
hellod00d
Posted 30 August 2009 - 05:30 PM

hellod00d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks a bunch for the help Dave, here's my logs:

COMBOFIX
ComboFix 09-08-30.01 - test 08/30/2009 16:01.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1012 [GMT -7:00]
Running from: c:\users\test\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-467562527-1896384194-1313823302-500
c:\windows\Installer\3296c.msi
c:\windows\Installer\8199434.msi
c:\windows\system32\BReWErS.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmpppxqkex
-------\Legacy_kbiwkmxtisnbvw
-------\Service_kbiwkmpppxqkex
-------\Service_kbiwkmxtisnbvw


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 23:07 . 2009-08-30 23:07 -------- d-----w- c:\users\phonesystem__3cx__\AppData\Local\temp
2009-08-30 23:07 . 2009-08-30 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-29 19:22 . 2009-08-29 19:22 -------- d-----w- c:\users\test\AppData\Roaming\Malwarebytes
2009-08-29 19:21 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-29 19:21 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-29 19:21 . 2009-08-29 19:21 -------- d-----w- c:\programdata\Malwarebytes
2009-08-29 19:21 . 2009-08-29 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-29 19:21 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-28 18:42 . 2009-08-28 18:42 -------- d-----w- c:\program files\3CXPhone
2009-08-28 18:38 . 2009-08-28 18:38 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-08-28 18:38 . 2009-08-28 18:38 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-08-27 06:10 . 2009-08-27 21:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-08-27 05:48 . 2009-08-27 05:48 -------- d-----w- c:\users\test\EurekaLog
2009-08-27 01:50 . 2009-08-27 01:50 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-25 15:30 . 2009-08-25 15:30 -------- d-----w- c:\program files\Microsoft ATS
2009-08-25 15:23 . 2009-08-25 15:25 -------- d-----w- c:\users\test\AppData\Local\3CX VoIP Phone
2009-08-25 15:19 . 2009-08-25 15:19 -------- d-----w- c:\users\test\AppData\Roaming\UltiDev
2009-08-25 15:19 . 2009-08-25 15:19 -------- d-----w- c:\users\test\AppData\Local\UltiDev
2009-08-25 15:19 . 2009-08-25 15:19 -------- d-----w- c:\programdata\UltiDev
2009-08-25 15:19 . 2009-08-25 15:19 -------- d-----w- c:\programdata\3CX
2009-08-25 15:19 . 2009-08-25 15:19 -------- d-----w- c:\program files\3CX PhoneSystem
2009-08-25 06:41 . 2009-08-25 06:41 -------- d-----w- c:\users\test\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
2009-08-25 06:10 . 2009-08-25 06:10 -------- dc----w- C:\Riot Games
2009-08-25 05:38 . 2009-08-25 05:37 38208 ----a-w- c:\users\test\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-25 05:38 . 2009-08-25 05:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-25 05:33 . 2009-05-29 05:41 4233728 ----a-w- c:\windows\system32\drivers\NETw5v32.sys
2009-08-25 05:28 . 2009-08-25 05:28 255488 ----a-w- c:\users\test\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_0_4_d.dll
2009-08-25 05:28 . 2009-08-25 05:28 255488 ----a-w- c:\users\test\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_0_4_c.dll
2009-08-25 05:28 . 2009-08-25 05:28 255488 ----a-w- c:\users\test\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_0_4_b.dll
2009-08-25 05:28 . 2009-08-25 05:28 255488 ----a-w- c:\users\test\AppData\Roaming\SystemRequirementsLab\SRLProxy_srl_4_0_0_4_a.dll
2009-08-25 02:21 . 2009-08-25 02:21 -------- d-----w- c:\users\test\AppData\Local\id Software
2009-08-20 15:50 . 2009-08-01 16:16 6256600 ---ha-w- c:\users\test\AppData\Roaming\mjusbsp\in00000\setup.exe
2009-08-20 15:50 . 2009-08-01 16:12 728600 ---ha-w- c:\users\test\AppData\Roaming\mjusbsp\ar00000\install.exe
2009-08-19 05:38 . 2009-08-19 05:38 -------- d-----w- c:\program files\Common Files\Business Objects
2009-08-19 05:38 . 2009-08-19 05:38 -------- d-----w- c:\program files\Common Files\Crystal Decisions
2009-08-19 05:30 . 2009-08-01 16:16 6256600 ---ha-w- c:\users\test\AppData\Roaming\mjusbsp\Upgrade\setup2.exe
2009-08-19 05:30 . 2009-08-01 16:12 728600 ---ha-w- c:\users\test\AppData\Roaming\mjusbsp\Upgrade\install2.exe
2009-08-19 05:27 . 2009-08-28 19:34 -------- d-----w- c:\users\test\AppData\Roaming\Install
2009-08-19 05:26 . 2009-08-28 19:32 -------- d-----w- c:\users\test\AppData\Local\magicJack
2009-08-14 15:10 . 2009-06-23 18:06 245408 ----a-w- c:\users\test\AppData\Roaming\Mozilla\Firefox\Profiles\5nn2l4a8.default\extensions\[email protected]\plugins\unicows.dll
2009-08-14 15:10 . 2009-04-05 21:26 8784 ----a-w- c:\users\test\AppData\Roaming\Mozilla\Firefox\Profiles\5nn2l4a8.default\extensions\[email protected]\plugins\ractrlkeyhook.dll
2009-08-14 15:10 . 2009-04-05 21:26 71248 ----a-w- c:\users\test\AppData\Roaming\Mozilla\Firefox\Profiles\5nn2l4a8.default\extensions\[email protected]\plugins\LMIProxyHelper.exe
2009-08-14 15:10 . 2009-02-19 18:38 2633728 ----a-w- c:\users\test\AppData\Roaming\Mozilla\Firefox\Profiles\5nn2l4a8.default\extensions\[email protected]\plugins\npRACtrl.dll
2009-08-11 22:47 . 2009-07-17 13:54 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-11 22:47 . 2009-06-10 11:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-11 22:47 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-11 22:47 . 2009-06-10 11:38 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-11 22:47 . 2009-07-15 12:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-11 22:47 . 2009-07-15 12:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-11 22:47 . 2009-07-15 12:39 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-11 22:47 . 2009-07-15 12:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-10 01:33 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-04 02:47 . 2009-08-04 02:47 -------- d-----w- c:\windows\system32\ca-ES
2009-08-04 02:47 . 2009-08-04 02:47 -------- d-----w- c:\windows\system32\eu-ES
2009-08-04 02:47 . 2009-08-04 02:47 -------- d-----w- c:\windows\system32\vi-VN
2009-08-04 02:03 . 2009-08-04 02:03 -------- d-----w- c:\windows\system32\EventProviders
2009-08-04 02:01 . 2009-04-11 06:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2009-08-04 02:00 . 2009-04-11 06:32 223208 ----a-w- c:\windows\system32\drivers\netio.sys
2009-08-04 01:59 . 2009-04-11 06:28 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\ug00000\magicJack.dll
2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\ug00000\setup.exe
2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\magicJackLoader.exe
2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\octvqe1_apiw.dll
2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\TjVista.dll
2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\TjIpSys.dll
2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\SJHandsetMagicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\st00000\mjsetup.exe
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\st00000\magicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\magicJack.dll
2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\magicJack.exe
2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\ug00000\install.exe
2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\in00000\mjsetup.exe
2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\in00000\magicJack.dll
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\ug00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\st00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\in00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\users\test\AppData\Roaming\mjusbsp\cdloader2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-30 23:11 . 2009-01-15 21:33 72576 ----a-w- c:\programdata\nvModes.dat
2009-08-30 23:08 . 2006-12-29 12:18 12 ----a-w- c:\windows\bthservsdp.dat
2009-08-30 04:59 . 2008-03-22 00:18 1356 ----a-w- c:\users\test\AppData\Local\d3d9caps.dat
2009-08-30 03:12 . 2009-02-06 18:42 -------- d-----w- c:\program files\Lavasoft
2009-08-28 19:34 . 2009-03-22 01:35 -------- d-----w- c:\users\test\AppData\Roaming\GetRightToGo
2009-08-28 19:34 . 2009-02-06 18:42 -------- d--h--w- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-08-28 19:34 . 2008-03-22 05:41 -------- d-----w- c:\programdata\Lavasoft
2009-08-28 19:31 . 2009-06-15 16:45 -------- d-----w- c:\programdata\Medisoft
2009-08-25 06:10 . 2006-12-29 12:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 05:28 . 2008-07-30 17:25 -------- d-----w- c:\users\test\AppData\Roaming\SystemRequirementsLab
2009-08-25 00:15 . 2009-06-11 03:20 -------- d-----w- c:\program files\Activision
2009-08-23 16:46 . 2008-10-07 22:05 -------- d-----w- c:\users\test\AppData\Roaming\Free Download Manager
2009-08-20 15:50 . 2009-06-25 16:23 -------- d-----w- c:\users\test\AppData\Roaming\mjusbsp
2009-08-19 20:07 . 2008-10-24 08:21 -------- d-----w- c:\program files\Steam
2009-08-19 20:05 . 2008-07-17 09:39 -------- d-----w- c:\program files\Common Files\Steam
2009-08-18 23:57 . 2006-12-29 13:34 -------- d-----w- c:\program files\Java
2009-08-12 00:44 . 2006-12-29 13:02 -------- d-----w- c:\programdata\Microsoft Help
2009-08-12 00:43 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-04 22:33 . 2008-03-22 21:52 -------- d-----w- c:\programdata\RapidSolution
2009-08-04 03:01 . 2008-10-09 03:46 -------- d-----w- c:\programdata\NVIDIA
2009-08-04 02:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-04 02:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-04 02:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-04 02:48 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-04 02:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-04 02:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-04 02:47 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-01 20:05 . 2009-07-31 00:34 -------- d-----w- c:\users\test\AppData\Roaming\Unity
2009-07-30 22:25 . 2008-09-26 07:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-25 12:23 . 2008-11-22 19:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-08-10 01:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-10 01:35 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-10 01:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-10 01:35 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-20 23:52 . 2009-07-20 23:52 -------- d-----w- c:\program files\iTunes
2009-07-20 23:52 . 2009-07-20 23:52 -------- d-----w- c:\program files\iPod
2009-07-20 23:52 . 2008-03-22 01:46 -------- d-----w- c:\program files\Common Files\Apple
2009-07-20 23:48 . 2009-07-20 23:48 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-18 11:40 . 2009-07-18 10:12 -------- d-----w- c:\users\test\AppData\Roaming\Download Manager
2009-07-17 23:26 . 2009-07-17 23:24 -------- d-----w- c:\program files\Realplayer
2009-07-17 23:26 . 2009-07-17 23:26 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-17 23:26 . 2009-07-09 02:38 -------- d-----w- c:\program files\Common Files\Real
2009-07-10 23:28 . 2009-06-22 23:30 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-10 23:28 . 2009-06-22 23:29 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-10 23:27 . 2009-06-22 23:28 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-30 22:36 . 2009-07-11 03:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe
2009-06-30 22:10 . 2009-07-11 03:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe
2009-06-30 22:03 . 2009-07-11 03:50 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-06-30 19:44 . 2009-07-11 03:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe
2009-06-27 01:36 . 2009-07-11 03:50 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe
2009-06-18 02:07 . 2008-03-22 21:33 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-15 14:53 . 2009-07-15 00:21 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 14:52 . 2009-07-15 00:21 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 14:52 . 2009-07-15 00:21 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 14:51 . 2009-07-15 00:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:42 . 2009-07-15 00:21 289792 ----a-w- c:\windows\system32\atmfd.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"cdloader"="c:\users\test\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-29 34520]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):e5,d4,a8,a3,af,14,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F7D2D91B-2F93-4D98-89DA-EAA8221D97E4}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8553FFE4-2978-492C-B2EF-BDFD62B4FAEF}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8487480D-1C86-41BC-88D2-2F94CEFB5506}"= UDP:c:\program files\HP\QuickPlay\QP.exe:_this_program_will_be_deleted
"{BA87D380-4483-441F-8DE3-F17AFA5472AB}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{85087D8B-AF97-4EB9-A26E-D8B9AB8F767F}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{935C2EF6-A603-4F13-8463-5A832EC27F6B}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{D75EE1D6-182D-42A7-BE19-058BA7449A8C}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{E274B2FC-F54F-4631-BB1B-F63DD15BA9A2}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{694F75FE-AD5C-4AB0-BB36-7C2CAA098EAF}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6014D925-779E-4517-9853-F48EE1F54858}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0158754C-0CAA-4651-A1BC-C0CA90A95F43}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{44A7F39C-5F3C-4878-86B5-5C42F49CA0E1}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C2105CA8-6F50-4906-9F35-ADCC317BB1B5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0AE3926-EEC5-4F02-A564-C24AE84F922B}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9403EDE5-FA94-449F-A7F9-2006D330B0EF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A97056DB-C432-471C-B117-0BA66513B67D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E39EE23F-8398-4232-95F0-5811E022F2A6}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{AEC553CF-84BE-44E0-9E21-2442EC117F76}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{E4AF4253-D496-40DF-8B79-73BF8A090620}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{154A6A84-8AB1-4E5A-93A2-0025DDEEF48D}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{8A7A56F2-AA82-4558-8112-4B6DD1952BE1}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1037D904-0D63-49C5-9E80-DC75AC6681E6}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{F7088222-CA38-4ED6-8C9B-1377429D03A6}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{CBBFA64B-61A5-48E2-9FD0-3EF6FDBBA419}"= UDP:19715:BitComet 19715 TCP
"{3F8CAD80-12E4-408C-97ED-20C690C05A0B}"= TCP:19715:BitComet 19715 UDP
"TCP Query User{AB39FDEE-342E-41A5-AF81-A49476D0110E}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{BFA84A53-B402-41CA-9729-53D91179F89A}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"TCP Query User{FB053E62-B670-4A86-91FC-4AB389C20C99}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{52A03A27-B652-4D42-8C17-11B0766B7CE2}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{F5E32E35-C305-4CFB-B935-4C94DE00A728}"= UDP:c:\program files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:Sins of a Solar Empire Demo
"{FAC57EFF-23BC-40B8-9A48-75BD6C30D728}"= TCP:c:\program files\Stardock Games\Sins of a Solar Empire Demo\Sins of a Solar Empire.exe:Sins of a Solar Empire Demo
"{937E3C4D-6E16-4F4C-A9A1-1E235F8A7A7E}"= UDP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{EB11D068-62F9-4428-BDDB-53CDD7AB8B89}"= TCP:c:\program files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{0AA56D29-E768-4714-A816-988E6CF07829}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{D9A5C1E4-E093-4074-89E0-ED905F749621}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7BAE9F45-4D45-42C8-8DAE-AB7F1963E7DE}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{F7FFA196-F969-4AEE-93EE-D77EAAE7976D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{86953D9C-483D-4456-82FD-B441124AF58A}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= UDP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"UDP Query User{8A22B048-A6AA-45D9-899C-E1A3DC37FD9E}c:\\program files\\touchstone\\turok\\binaries\\turokgame.exe"= TCP:c:\program files\touchstone\turok\binaries\turokgame.exe:Turok
"{77F1879C-B2A4-404D-B7AE-CD91E5EB0A66}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{5CB7056A-4A85-4521-B8E5-153515879600}c:\\program files\\steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\[email protected]\source sdk base\hl2.exe:hl2
"UDP Query User{01FFA88B-4AB9-4524-8E67-93D5A98CB527}c:\\program files\\steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\[email protected]\source sdk base\hl2.exe:hl2
"TCP Query User{4CF94195-2F5C-4181-B85B-F300C0A81799}c:\\program files\\steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\[email protected]\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{EDFFAD56-38EE-4821-A47D-D957A445F49F}c:\\program files\\steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\[email protected]\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{6853D516-8526-407C-9A22-0DBFBCE1C707}c:\\program files\\steam\\steamapps\\[email protected]\\half-life\\hl.exe"= UDP:c:\program files\steam\steamapps\[email protected]\half-life\hl.exe:Half-Life Launcher
"UDP Query User{11D43937-EC13-4B47-9EF6-8E7B67765657}c:\\program files\\steam\\steamapps\\[email protected]\\half-life\\hl.exe"= TCP:c:\program files\steam\steamapps\[email protected]\half-life\hl.exe:Half-Life Launcher
"TCP Query User{1D1B7C84-EBC1-4CFF-B699-4BF06B686495}c:\\program files\\steam\\steamapps\\[email protected]\\team fortress classic\\hl.exe"= UDP:c:\program files\steam\steamapps\[email protected]\team fortress classic\hl.exe:Half-Life Launcher
"UDP Query User{79843FC1-5C9C-4C55-A792-ECCB2307E2C6}c:\\program files\\steam\\steamapps\\[email protected]\\team fortress classic\\hl.exe"= TCP:c:\program files\steam\steamapps\[email protected]\team fortress classic\hl.exe:Half-Life Launcher
"TCP Query User{8D947AB5-C6D9-4657-B0D4-E1F5E39968B3}c:\\program files\\steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\[email protected]\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{9E3DBC43-C1E8-4D42-B6EB-E99B7B55698F}c:\\program files\\steam\\steamapps\\[email protected]\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\[email protected]\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{0F2069C6-BEF3-4686-A293-C9185182FCC2}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{4EDB9588-CE0D-404B-86E7-28FE13E1B8E1}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{12793C74-019D-40C2-9356-A14AEC28FA3C}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= UDP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"UDP Query User{C4A000C4-7CF2-4416-8521-EE2FBFAE191A}c:\\program files\\ccp\\eve\\bin\\exefile.exe"= TCP:c:\program files\ccp\eve\bin\exefile.exe:CCP ExeFile
"{ED1FC5B3-BB28-412D-B577-42CDE94443D6}"= UDP:c:\program files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet
"{373F9BF1-075C-4520-9583-0E7B75E59602}"= TCP:c:\program files\Sega\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet
"TCP Query User{4238ADAE-764E-42DA-AFAC-10C125A734EA}c:\\program files\\steam\\steamapps\\[email protected]\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\[email protected]\team fortress 2\hl2.exe:hl2
"UDP Query User{ED0860CA-39F6-412C-8C39-A04071D48FD7}c:\\program files\\steam\\steamapps\\[email protected]\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\[email protected]\team fortress 2\hl2.exe:hl2
"{924608FE-F02B-4E29-8E01-D7A2F4ABB934}"= UDP:19715:BitComet 19715 TCP
"{00591EC3-15D7-48A2-A46B-533D2B355557}"= TCP:19715:BitComet 19715 UDP
"TCP Query User{04490DBF-01FA-455F-A84D-E4748ED1F472}c:\\program files\\bitcomet\\bitcomet.exe"= UDP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"UDP Query User{5AD21916-566E-43FE-8B41-CB9135352C23}c:\\program files\\bitcomet\\bitcomet.exe"= TCP:c:\program files\bitcomet\bitcomet.exe:BitComet - a BitTorrent Client
"{2FC54CBF-6D17-4132-8C94-88688D5D4165}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{ABE381B2-048C-4C91-9A0C-C3E1B3FDCAAC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{BC2D4B94-9247-49BE-B036-812BCA49EBEF}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{DB761CCE-8A30-4C9D-AE6D-751E8A030AD4}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{F6472144-88A5-4A75-99A9-079A8A874C07}c:\\program files\\steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"= UDP:c:\program files\steam\steamapps\[email protected]\source sdk base\hl2.exe:hl2
"UDP Query User{CB387603-0826-4D6F-AC62-69F56358BF2D}c:\\program files\\steam\\steamapps\\[email protected]\\source sdk base\\hl2.exe"= TCP:c:\program files\steam\steamapps\[email protected]\source sdk base\hl2.exe:hl2
"TCP Query User{FB3FBFDA-1203-4393-8547-65095E34B45D}c:\\program files\\steam\\steamapps\\[email protected]\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\[email protected]\insurgency\hl2.exe:hl2
"UDP Query User{1B6CF1EC-9FD5-4722-8FF0-86E80DDDC623}c:\\program files\\steam\\steamapps\\[email protected]\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\[email protected]\insurgency\hl2.exe:hl2
"TCP Query User{C9E3A73C-BE69-4C56-A170-D6726E0F1E05}c:\\program files\\steam\\steamapps\\[email protected]\\age of chivalry\\hl2.exe"= UDP:c:\program files\steam\steamapps\[email protected]\age of chivalry\hl2.exe:hl2
"UDP Query User{4EBFA81F-D323-42F7-85C7-6D296DE35CB3}c:\\program files\\steam\\steamapps\\[email protected]\\age of chivalry\\hl2.exe"= TCP:c:\program files\steam\steamapps\[email protected]\age of chivalry\hl2.exe:hl2
"TCP Query User{975447E6-999F-4CC9-9436-CFA7F09672BA}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{EDBDCA77-8999-4E7F-B49A-11DEDE8BC707}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"TCP Query User{9472DF07-5EFE-4F12-8891-BF2C99F01718}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{2B4F1A2B-09C0-41FA-B676-4750EE42D03E}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{6CE75E4F-E561-41AE-8EA4-E3CCE813CF41}c:\\program files\\gamespy\\comrade\\comrade.exe"= UDP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"UDP Query User{41AB5E13-EE1A-496B-BC51-6AB64E2F35B1}c:\\program files\\gamespy\\comrade\\comrade.exe"= TCP:c:\program files\gamespy\comrade\comrade.exe:Comrade
"TCP Query User{C2F9D986-A62D-405A-AD50-49429A8FE5B4}c:\\programdata\\firesky\\stargate worlds\\working\\binaries\\sgw.exe"= UDP:c:\programdata\firesky\stargate worlds\working\binaries\sgw.exe:Stargate Worlds Client
"UDP Query User{B1F4FB97-3875-4E78-B92F-FC40F6A4711C}c:\\programdata\\firesky\\stargate worlds\\working\\binaries\\sgw.exe"= TCP:c:\programdata\firesky\stargate worlds\working\binaries\sgw.exe:Stargate Worlds Client
"TCP Query User{CAD4CC7B-19BD-4C7D-ADC2-C2B4BAB26FA8}c:\\users\\test\\appdata\\locallow\\garagegames\\iaplayer\\products\\www_instantaction_com\\7000\\install\\zap.exe"= UDP:c:\users\test\appdata\locallow\garagegames\iaplayer\products\www_instantaction_com\7000\install\zap.exe:zap.exe
"UDP Query User{BFD9DBE5-B0FD-4901-9A85-569771727D73}c:\\users\\test\\appdata\\locallow\\garagegames\\iaplayer\\products\\www_instantaction_com\\7000\\install\\zap.exe"= TCP:c:\users\test\appdata\locallow\garagegames\iaplayer\products\www_instantaction_com\7000\install\zap.exe:zap.exe
"TCP Query User{F8058986-2F5F-4FE1-B222-5159FFFE467F}c:\\program files\\left4dead\\hl2.exe"= UDP:c:\program files\left4dead\hl2.exe:hl2
"UDP Query User{6DD8574E-7370-463B-9D98-FC46096C95F2}c:\\program files\\left4dead\\hl2.exe"= TCP:c:\program files\left4dead\hl2.exe:hl2
"TCP Query User{926A8A17-81FB-4EF6-BBDC-A45F02BF295A}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{58B71E53-93D1-460A-8364-22DD1BDF9056}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"TCP Query User{693198EB-C4D1-48A8-9D6D-DF6A35618D2A}c:\\program files\\free download manager\\fdmwi.exe"= UDP:c:\program files\free download manager\fdmwi.exe:fdmwi
"UDP Query User{45B5A687-90F9-4241-AFB4-2F01E905910C}c:\\program files\\free download manager\\fdmwi.exe"= TCP:c:\program files\free download manager\fdmwi.exe:fdmwi
"{9AC1B9E7-20EE-4A86-A5B7-5E56676E7D55}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{45050640-ECDF-4506-95C0-ED03CA3C3A6C}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{EA349875-4FA4-4E08-8871-70A8D9F40F9C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E5663D92-4D66-45C0-8140-AF6E76A71F85}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{283A3E9E-D562-4B20-85D8-4AB12EEF6379}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D9C59882-7766-4885-86F6-1D700281D3AB}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{6951B2A5-46C5-4DC1-A75C-81745C417FD7}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{FD34BB4D-DE8B-49D3-9A84-2F12B0425A8F}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{EEB5B920-4253-43CB-9CA6-90B6A4C4BC61}c:\\program files\\steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\[email protected]\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{977894B6-5E35-4F22-858D-AC277A482815}c:\\program files\\steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\[email protected]\day of defeat\hl.exe:Half-Life Launcher
"{8309D922-6655-45B1-AEBA-CACDBCE9D691}"= UDP:c:\program files\Ubisoft Entertainment\Wheelman\Binaries\WheelmanGame-Final.exe:Wheelman
"{8AE504B2-464D-4453-B25F-7752B5641838}"= TCP:c:\program files\Ubisoft Entertainment\Wheelman\Binaries\WheelmanGame-Final.exe:Wheelman
"{1BF71693-ACE3-455D-92F6-04497985A629}"= UDP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"{63D17CF1-9BF9-4BE5-871B-81E439F95098}"= TCP:c:\program files\Stardock Games\Demigod\bin\Demigod.exe:Demigod
"TCP Query User{EB796235-F07C-42DC-A8F7-B83C9F72FDB4}c:\\program files\\java\\jre1.6.0\\bin\\java.exe"= UDP:c:\program files\java\jre1.6.0\bin\java.exe:Java™ Platform SE binary
"UDP Query User{2E9AB202-A7A4-4700-AE4E-36C882CA05C5}c:\\program files\\java\\jre1.6.0\\bin\\java.exe"= TCP:c:\program files\java\jre1.6.0\bin\java.exe:Java™ Platform SE binary
"TCP Query User{E8DD6A33-0910-422F-B123-94FF52BE7F39}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= UDP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"UDP Query User{DE8AA00F-B625-4B48-9E9A-C90430BFA882}c:\\program files\\ubisoft\\far cry 2\\bin\\farcry2.exe"= TCP:c:\program files\ubisoft\far cry 2\bin\farcry2.exe:Far Cry® 2
"{73D0C28C-EF0C-4B6A-8249-932FB2C499E2}"= UDP:c:\program files\Activision\Prototype\prototypef.exe:Prototype™
"{7D00149B-827C-4DD3-823D-5FEDAB59689B}"= TCP:c:\program files\Activision\Prototype\prototypef.exe:Prototype™
"TCP Query User{E5A9528E-876F-43EE-9ACC-64A5B2D5ACDE}c:\\medisoft\\bin\\mapa.exe"= UDP:c:\medisoft\bin\mapa.exe:MAPA
"UDP Query User{EFB8AE32-B21D-4E6A-B8A8-D8538ACF722F}c:\\medisoft\\bin\\mapa.exe"= TCP:c:\medisoft\bin\mapa.exe:MAPA
"TCP Query User{355563A4-94FA-4D21-AD24-E822710D32E3}c:\\medisoft\\bin\\mapa.exe"= UDP:c:\medisoft\bin\mapa.exe:MAPA
"UDP Query User{E3C2B043-43E4-40B1-BC8D-98C142C44A1E}c:\\medisoft\\bin\\mapa.exe"= TCP:c:\medisoft\bin\mapa.exe:MAPA
"{A1EDFD85-448B-4F80-A381-1A8776B7AB57}"= UDP:c:\users\test\AppData\Roaming\mjusbsp\magicJack.exe:magicJack
"{F564B64B-0516-4BCF-A5EC-12376D90EC5F}"= TCP:c:\users\test\AppData\Roaming\mjusbsp\magicJack.exe:magicJack
"{6406026F-8020-4A8B-9B35-78A5105BBE71}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{6EDF0C25-14D0-4DA0-93C4-B85CA92453C6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{92F902A4-D070-4DC1-85FE-05C639EE9CBC}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{912FD9BF-FD7C-45DB-84FC-D5146AFA8675}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{B9F0B719-55A4-4D9A-B3A3-E46E76D3A0B6}c:\\program files\\realplay.exe"= UDP:c:\program files\realplay.exe:RealPlayer
"UDP Query User{02599482-5409-4339-81FF-051C1B8035C8}c:\\program files\\realplay.exe"= TCP:c:\program files\realplay.exe:RealPlayer
"{E31B6EC1-6F7E-4BBE-B487-F07C1852D9D1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{26ACCF76-7C23-4E87-949A-1CA7866D06C0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{224FBAEE-5D48-442D-B6EE-B5CCDB89F2AA}c:\\program files\\realplayer\\realplay.exe"= UDP:c:\program files\realplayer\realplay.exe:RealPlayer
"UDP Query User{7D9A231E-6635-409C-A9A0-7B338B463EB5}c:\\program files\\realplayer\\realplay.exe"= TCP:c:\program files\realplayer\realplay.exe:RealPlayer
"TCP Query User{8E57240F-23B4-44E5-88CD-45BE6FFB3D28}c:\\windows\\system32\\msiexec.exe"= UDP:c:\windows\system32\msiexec.exe:Windows® installer
"UDP Query User{D9EDDF3B-0FE2-4B5C-839C-4F53665840DA}c:\\windows\\system32\\msiexec.exe"= TCP:c:\windows\system32\msiexec.exe:Windows® installer
"{E8F965EF-7FC4-4D26-8BA2-1B3E4BD98EC3}"= UDP:c:\users\test\AppData\Roaming\mjusbsp\magicJack.exe:magicJack
"{77A5D77B-E4E9-41ED-8AA2-5BC72BC30759}"= TCP:c:\users\test\AppData\Roaming\mjusbsp\magicJack.exe:magicJack
"{64968269-790C-4E2F-84A9-F03A91EBD153}"= UDP:c:\program files\Activision\Wolfenstein\MP\Wolf2MP.exe:Wolfenstein™
"{142E8A6C-D50A-4FB1-9F5D-7B21ECC7D896}"= TCP:c:\program files\Activision\Wolfenstein\MP\Wolf2MP.exe:Wolfenstein™
"{665893ED-2053-4599-82D1-BB23BD0A0734}"= UDP:c:\program files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:Wolfenstein™
"{67FE6A5C-BE52-41B2-94F3-C833C0215848}"= TCP:c:\program files\Activision\Wolfenstein\MP\Wolf2MPLite.exe:Wolfenstein™
"{194E7A84-1390-4BEE-B374-425E1E3B39C9}"= UDP:8395:League of Legends Launcher
"{130FF73D-2E40-4FEB-AFDB-95F68532984C}"= TCP:8395:League of Legends Launcher
"{7AE03E78-0DF3-4DF2-A00E-AB925BF02DAD}"= UDP:c:\riot games\Air\LolClient.exe:League of Legends Lobby
"{0155D5E3-1024-4330-93E0-E94155CA86CE}"= TCP:c:\riot games\Air\LolClient.exe:League of Legends Lobby
"{DFE0D364-DF01-4BD5-BBC9-F20A7DBBC290}"= UDP:c:\riot games\Game\League of Legends.exe:League of Legends Game Client
"{C8124CDB-DBA2-49F1-AAE3-6BBA0E03D0AA}"= TCP:c:\riot games\Game\League of Legends.exe:League of Legends Game Client
"{2D31C9F7-F622-4B72-A2B1-058690DF306F}"= UDP:8396:League of Legends Launcher
"{17F73665-8273-4F54-A2DC-24F871AB77B7}"= TCP:8396:League of Legends Launcher
"{72BAF444-5A58-4752-9B16-B4843E92B7BE}"= UDP:c:\riot games\League of Legends\Air\LolClient.exe:League of Legends Lobby
"{003BFFF1-A93A-4391-8016-FEFF2C0FF120}"= TCP:c:\riot games\League of Legends\Air\LolClient.exe:League of Legends Lobby
"{5BC10E42-83FA-4288-B577-1CAD168F990E}"= UDP:c:\riot games\League of Legends\Game\League of Legends.exe:League of Legends Game Client
"{77A7A029-4B5E-4186-A064-E607EDB97786}"= TCP:c:\riot games\League of Legends\Game\League of Legends.exe:League of Legends Game Client
"{5C0CA67B-BB42-4D70-B98C-F1137D44019F}"= UDP:8397:League of Legends Launcher
"{9B097FA5-7AD8-4024-A1D9-C5181E280164}"= TCP:8397:League of Legends Launcher
"{9CD5B018-0E81-4F5D-9478-DE01A27D1000}"= UDP:8398:League of Legends Launcher
"{47B447BA-CA38-4F75-B77F-4BBF428F1450}"= TCP:8398:League of Legends Launcher
"{A2171657-5BC7-4E12-ACFD-575B831EB50D}"= UDP:8399:League of Legends Launcher
"{2B0B14D3-3668-4193-81A8-DEF45A5C7AEB}"= TCP:8399:League of Legends Launcher
"{CEBC8B2B-EDA1-45DB-A226-F3DB056FD5EA}"= UDP:5481:3CX PhoneSystem Web Server
"{8E176BD8-3B97-4557-A210-1ED86A0BF355}"= TCP:5486:3CX Operator Panel Service
"{B79F997C-A427-4BA2-A5A4-D229004EC1A4}"= UDP:c:\program files\3CX PhoneSystem\Bin\3CXMediaServer.exe:3CX PhoneSystem Media Server
"{66F218D2-E3FD-4FC2-84A0-E0B345380FA8}"= TCP:c:\program files\3CX PhoneSystem\Bin\3CXMediaServer.exe:3CX PhoneSystem Media Server
"{60E479F3-1606-425C-B622-705ECC9AA3D5}"= UDP:c:\program files\3CX PhoneSystem\Bin\3CXTunnel.exe:3CX SIP/RTP Tunneling Proxy
"{81651691-B77B-46E4-ADE2-620F30EC2F67}"= TCP:c:\program files\3CX PhoneSystem\Bin\3CXTunnel.exe:3CX SIP/RTP Tunneling Proxy
"{D153985C-5E0C-4080-A1E9-1A6077A30EF6}"= UDP:c:\program files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe:3CX PhoneSystem
"{CC2F9AFE-43AD-4424-9F38-4CF95D80E49B}"= TCP:c:\program files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe:3CX PhoneSystem

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Nexon\\Combat Arms\\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Nexon\\Combat Arms\\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/24/2009 5:05 PM 64160]
R2 3CXTunnel;3CX PhoneSystem SIP/RTP Tunneling Proxy;c:\program files\3CX PhoneSystem\Bin\3CXTunnel.exe [5/21/2009 2:29 PM 1104984]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [8/24/2009 10:33 PM 4233728]
S2 3CX PhoneSystem Media Server;3CX PhoneSystem Media Server;c:\program files\3CX PhoneSystem\Bin\3CXMediaServer.exe [5/21/2009 2:29 PM 883800]
S2 3CX PhoneSystem;3CX PhoneSystem;c:\program files\3CX PhoneSystem\Bin\3CXPhoneSystem.exe [5/21/2009 2:29 PM 3083352]
S2 3CXAssistantServer;3CX Assistant Server;c:\program files\3CX PhoneSystem\Bin\Assistant\3CXAssistantServer.exe [5/12/2009 5:02 PM 524320]
S2 3CXCallHistoryService;3CX PhoneSystem Call History;c:\program files\3CX PhoneSystem\Bin\3CXCallHistoryService.exe [5/21/2009 2:28 PM 32768]
S2 3CXCfgServ;3CX Configuration Service;c:\program files\3CX PhoneSystem\Bin\3CXSLDBServ.exe [5/21/2009 2:29 PM 466008]
S2 3CXConferenceRoom;3CX PhoneSystem Conference Room;c:\program files\3CX PhoneSystem\Bin\3CXCP.exe [5/21/2009 2:29 PM 1649752]
S2 3CXFAXSrv;3CX PhoneSystem FAX Server;c:\program files\3CX PhoneSystem\Bin\3CXFaxServer.exe [5/21/2009 2:29 PM 2210904]
S2 3CXIvr;3CX PhoneSystem Digital Receptionist;c:\program files\3CX PhoneSystem\Bin\3CXIvrServer.exe [5/21/2009 2:29 PM 1780824]
S2 3CXParkOrbit;3CX PhoneSystem Parking Orbit;c:\program files\3CX PhoneSystem\Bin\3CXPO.exe [5/21/2009 2:29 PM 1612888]
S2 3CXVBoxMgr;3CX PhoneSystem Voicemail Manager;c:\program files\3CX PhoneSystem\Bin\3CXVoiceMailScanner.exe [5/21/2009 2:29 PM 35928]
S2 3CXWebServer;3CX Webserver;c:\program files\3CX PhoneSystem\Bin\Cassini\UltiDevCassinWebServer2a.exe [1/14/2009 4:06 PM 49152]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{582610B8-E496-4813-993C-4B027173FE38}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-08-22 c:\windows\Tasks\HPCeeScheduleFortest.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-29 00:08]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fsm - (no file)
HKLM-Run-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\test\AppData\Roaming\Mozilla\Firefox\Profiles\5nn2l4a8.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - plugin: c:\program files\Millisecond Software\Inquisit 2.0 Mozilla Plugin\npInquisit_20610046.dll
FF - plugin: c:\program files\Realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Realplayer\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 16:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-290943581-3780795689-1993479131-1000\Software\SecuROM\License information*]
"datasecu"=hex:c7,3d,83,2e,25,c9,14,04,c8,97,ed,4c,6c,1b,d2,b2,8a,e1,45,c6,62,
87,46,79,19,19,f5,f9,fc,bb,b7,15,5e,f3,f1,f6,c1,a1,d1,96,bf,43,27,57,36,01,\
"rkeysecu"=hex:3b,c0,c1,02,a1,0f,9a,69,da,5b,0e,3d,0a,0c,7c,b6

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\LogonUI.exe
.
**************************************************************************
.
Completion time: 2009-08-30 16:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 23:21

Pre-Run: 18,852,274,176 bytes free
Post-Run: 18,509,115,392 bytes free

522 --- E O F --- 2009-08-29 19:25


GMER:
GMER 1.0.15.15077 [2h7x33qs.exe] - http://www.gmer.net
Rootkit scan 2009-08-30 15:53:56
Windows 6.0.6002 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x82204FCE]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FCE] ZwCreateKey [0x82204FCE]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteKey [0x82204FD8]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FD8] ZwDeleteKey [0x82204FD8]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwDeleteValueKey [0x82204FC9]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FC9] ZwDeleteValueKey [0x82204FC9]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateKey [0x82204FDD]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FDD] ZwEnumerateKey [0x82204FDD]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwEnumerateValueKey [0x82204FE2]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FE2] ZwEnumerateValueKey [0x82204FE2]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x82204FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FF1] ZwOpenKey [0x82204FF1]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryKey [0x82204FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FEC] ZwQueryKey [0x82204FEC]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwQueryValueKey [0x82204FE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FE7] ZwQueryValueKey [0x82204FE7]
SSDT \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwSetValueKey [0x82204FD3]
SSDT \SystemRoot\system32\ntkrnlpa.exe[unknown section] [82204FD3] ZwSetValueKey [0x82204FD3]

INT 0x03 \SystemRoot\system32\ntkrnlpa.exe[unknown section] 82204FF6
INT 0x51 ? 84FDBF00
INT 0x51 ? 84FDBF00
INT 0x72 ? 84FDBF00
INT 0x82 ? 8448CBF8
INT 0x82 ? 8448CBF8
INT 0x82 ? 84FDBF00
INT 0x82 ? 8448CBF8
INT 0x92 ? 8448CBF8
INT 0xA2 ? 84FDBF00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1E9 822B092C 3 Bytes [CE, 4F, 20]
.text ntkrnlpa.exe!KeSetEvent + 2D5 822B0A18 3 Bytes [D8, 4F, 20] {FMUL DWORD [EDI+0x20]}
.text ntkrnlpa.exe!KeSetEvent + 2E1 822B0A24 3 Bytes [C9, 4F, 20]
.text ntkrnlpa.exe!KeSetEvent + 2FD 822B0A40 3 Bytes [DD, 4F, 20] {FISTTP QWORD [EDI+0x20]}
.text ntkrnlpa.exe!KeSetEvent + 309 822B0A4C 3 Bytes [E2, 4F, 20]
.text ...
? System32\Drivers\spcv.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8C89541B 5 Bytes JMP 84FDB4E0
.text av95ursy.SYS 883B3000 22 Bytes [82, 43, 5C, 82, 6C, 42, 5C, ...]
.text av95ursy.SYS 883B3017 45 Bytes [00, 32, 87, 79, 80, 3D, 85, ...]
.text av95ursy.SYS 883B3045 135 Bytes [AA, 2A, 82, FD, 29, 24, 82, ...]
.text av95ursy.SYS 883B30CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text av95ursy.SYS 883B30DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D6] \SystemRoot\System32\Drivers\spcv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E042] \SystemRoot\System32\Drivers\spcv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E800] \SystemRoot\System32\Drivers\spcv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0C0] \SystemRoot\System32\Drivers\spcv.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13E] \SystemRoot\System32\Drivers\spcv.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069DE9C] \SystemRoot\System32\Drivers\spcv.sys
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortWritePortUchar] 83883D8F
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F883D60
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\av95ursy.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7499F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7499E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7499FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7499FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7499D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74996853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7499687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3200] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84E201F8
Device \FileSystem\fastfat \FatCdrom 905CA1F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 8448E1F8
Device \Driver\usbuhci \Device\USBPDO-0 85C791F8
Device \Driver\usbuhci \Device\USBPDO-1 85C791F8
Device \Driver\netbt \Device\NetBT_Tcpip_{30478F67-3EBF-4463-A79C-A49C559FA52D} 87947500
Device \Driver\usbuhci \Device\USBPDO-2 85C791F8
Device \Driver\usbuhci \Device\USBPDO-3 85C791F8
Device \Driver\PCI_PNP3297 \Device\00000060 spcv.sys
Device \Driver\usbehci \Device\USBPDO-4 85C781F8

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\volmgr \Device\HarddiskVolume1 8448E1F8
Device \Driver\volmgr \Device\HarddiskVolume2 8448E1F8
Device \Driver\cdrom \Device\CdRom0 85DCB1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{475231BA-6123-47E4-AB15-17DED55F58DF} 87947500
Device \Driver\cdrom \Device\CdRom1 85DCB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E1E1F8
Device \Driver\atapi \Device\Ide\IdePort0 84E1E1F8
Device \Driver\atapi \Device\Ide\IdePort1 84E1E1F8
Device \Driver\atapi \Device\Ide\IdePort2 84E1E1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 84E1F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 84E1E1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 84E1F1F8
Device \Driver\cdrom \Device\CdRom2 85DCB1F8
Device \Driver\cdrom \Device\CdRom3 85DCB1F8
Device \Driver\cdrom \Device\CdRom4 85DCB1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87947500
Device \Driver\Smb \Device\NetbiosSmb 8792C500
Device \Driver\iScsiPrt \Device\RaidPort0 85DCC1F8
Device \Driver\sptd \Device\1035405309 spcv.sys
Device \Driver\disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\usbuhci \Device\USBFDO-0 85C791F8
Device \Driver\usbuhci \Device\USBFDO-1 85C791F8
Device \Driver\usbuhci \Device\USBFDO-2 85C791F8
Device \Driver\usbuhci \Device\USBFDO-3 85C791F8
Device \Driver\usbehci \Device\USBFDO-4 85C781F8
Device \Driver\av95ursy \Device\Scsi\av95ursy1Port4Path0Target2Lun0 85C891F8
Device \Driver\av95ursy \Device\Scsi\av95ursy1Port4Path0Target3Lun0 85C891F8
Device \Driver\av95ursy \Device\Scsi\av95ursy1Port4Path0Target1Lun0 85C891F8
Device \Driver\av95ursy \Device\Scsi\av95ursy1 85C891F8
Device \Driver\av95ursy \Device\Scsi\av95ursy1Port4Path0Target0Lun0 85C891F8
Device \FileSystem\fastfat \Fat 905CA1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 85B401F8

---- Services - GMER 1.0.15 ----

Service system32\drivers\kbiwkmwecypdpc.sys (*** hidden *** ) [SYSTEM] kbiwkmpppxqkex <-- ROOTKIT !!!
Service system32\drivers\kbiwkmrmxqaccp.sys (*** hidden *** ) [SYSTEM] kbiwkmxtisnbvw <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641dbb99f
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex@imagepath \systemroot\system32\drivers\kbiwkmwecypdpc.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main@aid 10034
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main\delete@C:\Users\test\AppData\Local\Temp\kbiwkmpwtcibueop.tmp
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\drivers\kbiwkmwecypdpc.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\kbiwkmbptxrmbt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\kbiwkmejnjsqki.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\kbiwkmqfdnmpeg.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\kbiwkmyfmtdcyb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw@imagepath \systemroot\system32\drivers\kbiwkmrmxqaccp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\main@aid 10034
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\drivers\kbiwkmrmxqaccp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\kbiwkmoslixkff.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\kbiwkmwiqpsxpi.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\kbiwkmoeurnvcf.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\kbiwkmhcimwpxi.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x34 0x5E 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0x2B 0x46 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE3 0x18 0xD0 0x0D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x69 0x1E 0x00 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x69 0x1E 0x00 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x69 0x1E 0x00 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0xF9 0x79 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x77 0x2E 0x6D 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0xF2 0xAD 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0x59 0xAD 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC9 0x59 0xAD 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xF8 0xC0 0xF5 0xC9 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001641dbb99f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex@imagepath \systemroot\system32\drivers\kbiwkmwecypdpc.sys
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main@aid 10034
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main@sid 0
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main\delete@C:\Users\test\AppData\Local\Temp\kbiwkmpwtcibueop.tmp
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\drivers\kbiwkmwecypdpc.sys
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\kbiwkmbptxrmbt.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\kbiwkmejnjsqki.dat
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\kbiwkmqfdnmpeg.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmpppxqkex\[email protected] \systemroot\system32\kbiwkmyfmtdcyb.dat
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw@imagepath \systemroot\system32\drivers\kbiwkmrmxqaccp.sys
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\main@aid 10034
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\main@sid 0
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\drivers\kbiwkmrmxqaccp.sys
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\kbiwkmoslixkff.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\kbiwkmwiqpsxpi.dat
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\kbiwkmoeurnvcf.dll
Reg HKLM\SYSTEM\ControlSet004\Services\kbiwkmxtisnbvw\[email protected] \systemroot\system32\kbiwkmhcimwpxi.dat
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0x34 0x5E 0x61 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x9C 0x2B 0x46 0x2B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE3 0x18 0xD0 0x0D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x69 0x1E 0x00 0x76 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x69 0x1E 0x00 0x76 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0x69 0x1E 0x00 0x76 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0xF9 0x79 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x77 0x2E 0x6D 0x21 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBD 0xF2 0xAD 0x8F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC9 0x59 0xAD 0xEC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC9 0x59 0xAD 0xEC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xF8 0xC0 0xF5 0xC9 ...

---- EOF - GMER 1.0.15 ----
  • 0

#5
Transience
Posted 31 August 2009 - 07:28 AM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Hello -

Quick heads up for you before we continue:

I see you're using or have in the past used p2p software such as BitComet. Although p2p programs are not usually malware in their own right, oftentimes malware is installed alongside them. Even if the program is clean, people often upload infected files to be shared using these programs, and it is very easy to end up compromising your PC. It's your decision about whether or not you use p2p programs, you don't have to remove them to be deemed clean and I'll still give you help if you want to keep them. It's just important that you're aware of the risks. If you want to continue using p2p programs that's fine with me, all I ask is that you not download anything from them until you're clean so we aren't taking steps backwards here. To remove p2p programs if you wish to do so, uninstall them from the Add/Remove Programs (it's Programs and Features in Vista) menu of your Control Panel.

Logs look pretty good so let's run some final checks:

First we'll clean out your unnecessary temp files to speed up the scans:

1. TFC
  • Please download TFC to your desktop.
  • Save any work, then close all open windows.
  • Double-click TFC to run it, and allow the process to complete, which should not take more than a couple minutes.
  • You may or may not be prompted to reboot, if you are click "Yes" and allow the computer to reboot.
  • Close TFC when it has completed.
2. Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from here.

Doubleclick (Vista users please right-click Run as Administrator) on mbam-setup.exe to install the program.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware at the end of setup, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Full Scan, then click Scan.
  • The scan is different from the quick scan and will take a fairly long time to finish (you can leave it to run and go do something else), please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab.
  • Copy & Paste the entire report in your next reply.
3. Kaspersky Online Scan

Kaspersky online scanner uses Java technology to perform the scan. Because your Java is out of date, we need to update it first so that the scan will run without issues.

Update Java

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts. A log will appear (JavaRa.log), DO NOT post this log, I have no need for it.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Scan
  • Follow this link to the Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
So post back with the logs from MBAM and Kaspersky when you have them and give me an update on how the PC is running, and we should have you on your way :).

- Dave

Edited by Transience, 31 August 2009 - 07:28 AM.

  • 0

#6
hellod00d
Posted 01 September 2009 - 02:41 PM

hellod00d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Yea, I haven't used p2p in a while so I'm pretty sure it wasn't that. Thanks for the heads up though. Anyway, it seems my comp is running a lot better - feels like the Malware is all gone. Sad to say, I lost a few important things because of the previous rollback but it isn't that big a deal. You've been a great help. Let me know if there are still any steps left to be done.

Anyway, here's my logs:
MBAM
Malwarebytes' Anti-Malware 1.40
Database version: 2713
Windows 6.0.6002 Service Pack 2

8/31/2009 7:37:20 PM
mbam-log-2009-08-31 (19-37-20).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 279887
Time elapsed: 1 hour(s), 38 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And my Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 1, 2009
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 01, 2009 18:34:05
Records in database: 2737256
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 168324
Threats found: 1
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 03:01:16


File name / Threat / Threats count
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3M22P10\rand80M[1].pdf Infected: Exploit.Win32.Pidief.bmw 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J3M22P10\rand97M[1].pdf Infected: Exploit.Win32.Pidief.bmw 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PLC0LCP4\rand62M[1].pdf Infected: Exploit.Win32.Pidief.bmw 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPJKNWV1\rand17M[1].pdf Infected: Exploit.Win32.Pidief.bmw 1
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPJKNWV1\rand81M[1].pdf Infected: Exploit.Win32.Pidief.bmw 1

Selected area has been scanned.
  • 0

#7
Transience
Posted 01 September 2009 - 04:43 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Excellent, those Kaspersky detection are just some temporary internet files, they can be taken care of quite easily by following the instructions at the very top of this guide.

So congratulations! Your logs are clean :)

We have a couple last things to take care of and then you're good to go.

Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image
Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTC to your desktop.
  • Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
  • Click on the CleanUp! button and follow the prompts.
  • You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
  • After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Here are some tips to reduce the potential for malware infection in the future; I strongly that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, and if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're still clean. Once a week works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

If you don't have a firewall, some great free options you can test out are: Online Armor, Outpost, and Sunbelt. I'd highly recommend that you install one of those. If you do decide to use a 3rd party firewall program, please be sure to disable the Windows firewall as per these instructions so they don't conflict:
  • Please click on Start -> Control Panel
  • Double click Windows Firewall
  • Click Change Settings
  • Choose Off to disable Windows Firewall.
Finally, for a great tutorial on how to get the best protection out of your firewall, take a look at this guide.

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives: Firefox, Opera, and Google Chrome. All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones: Green to go, Yellow for caution, and Red to stop. Available for Firefox and Internet Explorer.

NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing. Available for Firefox only.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article.

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Dave
  • 0

#8
Transience
Posted 01 September 2009 - 04:43 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Excellent, those Kaspersky detection are just some temporary internet files, they can be taken care of quite easily by following the instructions at the very top of this guide.

So congratulations! Your logs are clean :)

We have a couple last things to take care of and then you're good to go.

Uninstall ComboFix from your computer:
  • Click on Start > Run
  • Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.
    Posted Image
Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTC to your desktop.
  • Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
  • Click on the CleanUp! button and follow the prompts.
  • You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
  • After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Here are some tips to reduce the potential for malware infection in the future; I strongly that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, and if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're still clean. Once a week works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

If you don't have a firewall, some great free options you can test out are: Online Armor, Outpost, and Sunbelt. I'd highly recommend that you install one of those. If you do decide to use a 3rd party firewall program, please be sure to disable the Windows firewall as per these instructions so they don't conflict:
  • Please click on Start -> Control Panel
  • Double click Windows Firewall
  • Click Change Settings
  • Choose Off to disable Windows Firewall.
Finally, for a great tutorial on how to get the best protection out of your firewall, take a look at this guide.

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives: Firefox, Opera, and Google Chrome. All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here which will help you to make IE much safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones: Green to go, Yellow for caution, and Red to stop. Available for Firefox and Internet Explorer.

NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing. Available for Firefox only.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article.

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Dave
  • 0

#9
hellod00d
Posted 01 September 2009 - 09:42 PM

hellod00d

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Awesome. Thanks a lot, it was a pleasure working with you as well. I'll run a few malwarebyte's scans over the week and let you know if anything comes up. If not, thanks a bunch for the help and I'll be sure to recommend GtG as a service to anyone I know that runs into issues with their computers.
  • 0

#10
Transience
Posted 02 September 2009 - 01:02 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Alright thank you for your kind words it was a pleasure helping out, let me know if you come across anything else :).
  • 0

#11
Transience
Posted 04 September 2009 - 04:59 PM

Transience

    Unofficial Music Guru

  • Retired Staff
  • 2,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP