8 replies to this topic

[Zarniwoop]

Hello. Earlier today I had trouble starting Windows. When I logged on it would tell me it had encountered a critical error and then gave me 1 minute before it would restart (although it would run in safe mode). After some time I managed to start it in normal mode, and noticed I was getting pop-ups in IE advertising certain websites and services. I ran a scan with McAfee and Avira but both found nothing.

I downloaded MBAM and Hijackthis, among other anti-virus/malware programs, but none of them work.

I can install all of them fine, but they close within seconds of my first opening them, then fail to open again, instead giving me "Windows could not access the specified device path or file. You may not have the appropriate permissions to access the item."

I haven't taken any other action for fear of possibly making the problem worse.

Thanks for any help you might be able to give.

[LDTate]

Hello and Welcome to the forum.

Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Link 1
Link 2


Double click on the ABCD.exe ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

[Zarniwoop]

ComboFix 09-11-07.02 - Deep Thought 07/11/2009 19:14.2.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1013.305 [GMT 0:00]
Running from: c:\users\Deep Thought\Desktop\ABCD.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Deep Thought\AppData\Local\Temp\ppcrlui_716_2
c:\users\DEEPTH~1\AppData\Local\Temp\ppcrlui_716_2
c:\windows\msa.exe
D:\Autorun.inf

Infected copy of c:\windows\system32\cngaudit.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 )))))))))))))))))))))))))))))))
.

2009-11-07 19:32 . 2009-11-07 19:46 4096 d-----w- c:\users\Deep Thought\AppData\Local\temp
2009-11-07 19:32 . 2009-11-07 19:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-07 19:32 . 2009-11-07 19:32 -------- d-----w- c:\users\deepthought\AppData\Local\temp
2009-11-05 00:28 . 2009-11-05 00:29 -------- d-----w- c:\users\Deep Thought\AppData\Local\Adobe
2009-11-04 17:18 . 2009-11-07 15:19 -------- d-----w- c:\users\Deep Thought\AppData\Local\Apple Computer
2009-11-03 21:21 . 2009-11-03 21:21 -------- d-----w- c:\users\Deep Thought\AppData\Local\Apple
2009-11-01 22:51 . 2009-11-01 22:51 -------- d-----w- c:\windows\Sun
2009-10-31 04:25 . 2009-11-03 22:29 4096 d-----w- C:\ZillaTube
2009-10-30 20:47 . 2009-10-30 20:47 -------- d-----w- c:\program files\iPod
2009-10-30 20:46 . 2009-10-30 20:49 4096 d-----w- c:\program files\iTunes
2009-10-30 20:17 . 2009-10-30 20:17 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-10-30 20:07 . 2009-10-30 20:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-28 01:36 . 2009-07-28 16:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-28 01:36 . 2009-03-30 10:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-10-28 01:36 . 2009-10-28 01:36 -------- d-----w- c:\programdata\Avira
2009-10-28 01:36 . 2009-10-28 01:36 -------- d-----w- c:\program files\Avira
2009-10-28 00:07 . 2009-10-28 00:07 4096 d-----w- c:\program files\ERUNT
2009-10-27 23:31 . 2009-10-27 23:31 -------- d-----w- C:\VundoFix Backups
2009-10-27 23:09 . 2009-10-27 23:15 -------- d-----w- c:\temp\ListDLLs
2009-10-27 23:09 . 2009-10-27 23:09 -------- d-----w- C:\Temp
2009-10-27 22:19 . 2009-10-27 22:45 8192 d-----w- c:\windows\BDOSCAN8
2009-10-27 21:51 . 2009-10-27 21:51 -------- d-----w- c:\program files\VS Revo Group
2009-10-27 19:59 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-27 19:59 . 2009-10-27 19:59 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 19:59 . 2009-10-27 19:59 93360 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2009-10-27 19:59 . 2009-10-30 20:18 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-10-27 19:59 . 2009-10-27 19:59 554280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2009-10-27 19:59 . 2009-10-27 19:59 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-10-27 19:59 . 2009-10-30 20:18 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-10-27 19:59 . 2009-10-30 20:17 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-10-27 19:59 . 2009-10-27 19:59 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-10-27 19:59 . 2009-10-30 20:17 212480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2009-10-27 19:59 . 2009-10-27 19:59 283944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Vipre.dll
2009-10-27 19:58 . 2009-10-27 19:59 370744 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-10-27 19:58 . 2009-10-30 20:17 163728 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-10-27 19:58 . 2009-10-27 19:58 1223976 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2009-10-27 19:58 . 2009-10-27 19:58 242984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2009-10-27 19:57 . 2009-10-27 19:57 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-10-27 19:57 . 2009-10-27 19:57 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-10-27 19:57 . 2009-10-27 19:57 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-10-27 19:56 . 2009-10-27 19:57 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-10-27 19:56 . 2009-10-27 19:56 640608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-10-27 19:56 . 2009-10-27 19:56 815760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-10-27 19:56 . 2009-10-27 19:56 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-10-27 19:55 . 2009-10-30 20:17 1638104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-10-27 19:55 . 2009-10-30 20:16 788368 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-10-27 19:55 . 2009-10-30 20:15 1179232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-10-27 19:52 . 2009-10-27 19:52 4096 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-27 19:52 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-10-27 19:50 . 2009-10-27 19:59 -------- d-----w- c:\programdata\Lavasoft
2009-10-27 19:50 . 2009-10-27 19:50 -------- d-----w- c:\program files\Lavasoft
2009-10-27 18:40 . 2009-10-27 18:49 -------- d-----w- c:\program files\Trend Micro
2009-10-27 17:47 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 17:47 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-27 17:26 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-27 17:26 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-27 17:25 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-27 17:25 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-27 17:23 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-27 17:23 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-27 17:23 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-27 17:21 . 2009-08-06 19:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-27 17:21 . 2009-08-06 18:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-26 01:15 . 2009-11-07 15:01 0 ----a-r- c:\windows\win32k.sys
2009-10-18 01:00 . 2009-10-18 01:00 -------- d-----w- c:\users\Deep Thought\AppData\Local\Blizzard Entertainment
2009-10-16 20:38 . 2009-10-16 20:42 4096 d-----w- c:\program files\Project64 1.6
2009-10-15 16:36 . 2009-10-15 16:36 -------- d-----w- C:\bd415aaa04cd8019ea2a11094e5f
2009-10-14 23:58 . 2009-10-14 23:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-10-14 17:34 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-14 17:33 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-14 17:33 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-14 17:31 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-14 17:31 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-14 17:31 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 22:17 . 2009-10-10 22:17 -------- d-----w- c:\users\Deep Thought\AppData\Roaming\MMOUI
2009-10-10 22:17 . 2009-10-10 22:17 -------- d-----w- c:\program files\MMOUI Minion
2009-10-09 19:44 . 2009-10-09 19:44 -------- d-----w- c:\program files\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-07 19:46 . 2009-05-19 16:22 -------- d-----w- c:\users\Deep Thought\AppData\Roaming\tor
2009-11-07 19:37 . 2009-06-10 14:53 1441 --sha-w- c:\windows\system32\mmf.sys
2009-11-07 15:11 . 2009-05-19 16:22 -------- d-----w- c:\users\Deep Thought\AppData\Roaming\Vidalia
2009-11-05 23:58 . 2009-03-15 13:13 1 ----a-w- c:\users\Deep Thought\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-11-03 21:11 . 2007-05-07 08:18 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 00:47 . 2009-08-21 21:55 4096 d-----w- c:\users\Deep Thought\AppData\Roaming\Xfire
2009-10-30 20:47 . 2009-02-18 17:50 -------- d-----w- c:\program files\Common Files\Apple
2009-10-28 04:33 . 2009-03-13 16:59 680 ----a-w- c:\users\Deep Thought\AppData\Local\d3d9caps.dat
2009-10-28 01:22 . 2008-09-13 11:38 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 17:01 . 2009-08-21 21:55 4096 d-----w- c:\programdata\Xfire
2009-10-20 16:16 . 2009-08-21 21:55 8192 d-----w- c:\program files\Xfire
2009-10-16 20:38 . 2008-05-29 16:42 8854 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-10-16 20:38 . 2008-05-29 16:42 40960 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-10-16 20:38 . 2008-05-29 16:42 40960 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-10-15 16:40 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-09-30 21:09 . 2008-06-17 19:52 -------- d-----w- c:\program files\Curse
2009-09-30 15:05 . 2009-08-21 18:56 4096 d-----w- c:\users\Deep Thought\AppData\Roaming\RayV
2009-09-27 19:26 . 2009-09-27 19:26 6144 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{F219460F-F384-4B03-91A6-F3CFCA5C5A9E}\Icon78631862.exe
2009-09-27 19:26 . 2009-09-27 19:26 5632 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{F219460F-F384-4B03-91A6-F3CFCA5C5A9E}\Icon786318622.exe
2009-09-27 19:26 . 2009-09-27 19:26 5120 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{F219460F-F384-4B03-91A6-F3CFCA5C5A9E}\Icon786318621.exe
2009-09-27 19:26 . 2009-09-27 19:26 72192 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{F219460F-F384-4B03-91A6-F3CFCA5C5A9E}\Icon786318624.exe
2009-09-27 19:26 . 2009-09-27 19:26 29184 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{F219460F-F384-4B03-91A6-F3CFCA5C5A9E}\IconF219460F2.exe
2009-09-27 19:26 . 2009-09-27 19:22 4096 d-----w- c:\program files\Advancing Physics
2009-09-12 16:58 . 2009-02-18 18:04 -------- d-----w- c:\users\Deep Thought\AppData\Roaming\Apple Computer
2009-09-11 15:57 . 2009-09-11 15:54 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-11 15:50 . 2009-09-11 15:48 4096 d-----w- c:\program files\QuickTime
2009-09-10 14:54 . 2008-09-13 11:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2008-09-13 11:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-02 16:39 . 2009-09-02 16:39 766 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{7DCFE14B-8F0E-47BF-863A-84757F038D7C}\_6FEFF9B68218417F98F549.exe
2009-09-02 16:39 . 2009-09-02 16:39 766 ----a-r- c:\users\Deep Thought\AppData\Roaming\Microsoft\Installer\{7DCFE14B-8F0E-47BF-863A-84757F038D7C}\_68BDB502A8E93F12968299.exe
2009-08-29 00:27 . 2009-09-03 11:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-03 11:25 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 18:42 . 2009-08-28 18:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 18:42 . 2009-08-28 18:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-27 05:22 . 2009-10-14 17:32 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-14 17:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 05:17 . 2009-10-14 17:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 03:42 . 2009-10-14 17:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-18 15:43 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-14 16:27 . 2009-09-24 22:12 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-24 22:12 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-24 22:12 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-24 22:12 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-24 22:12 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-24 22:12 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-24 22:12 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-24 22:12 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-24 22:12 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-24 22:12 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-24 22:12 105984 ----a-w- c:\windows\system32\netiohlp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2009-01-21 4033618]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-18 152144]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-17 40072]

c:\users\Deep Thought\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-10-14 3141008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a0,16,e2,80,1c,20,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [27/10/2009 19:59 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/10/2009 01:36 108289]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [05/07/2009 03:25 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [05/07/2009 03:26 234888]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187.sys [07/05/2007 08:23 205312]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [02/11/2006 10:25 2589184]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-06-02 12:32]

2009-11-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-06-02 12:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=ML6227B
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_GB&Sys=PTB&M=ML6227B
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Deep Thought\AppData\Roaming\Mozilla\Firefox\Profiles\2vvyokyx.DeepThought\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-RayV - c:\program files\RayV\RayV\uninstall.exe
AddRemove-Steam App 300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 302 - c:\program files\Steam\steam.exe
AddRemove-Steam App 320 - c:\program files\Steam\steam.exe
AddRemove-Steam App 340 - c:\program files\Steam\steam.exe
AddRemove-ZDaemon - c:\program files\ZDaemon\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-07 19:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5144)
c:\program files\McAfee\MSK\mskoeplg.dll
c:\program files\Xfire\xfire_toucan_39729.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\progra~1\McAfee\VIRUSS~1\mcods.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\McAfee\MPS\mps.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\McAfee\MPS\mpsevh.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee\msc\mcuimgr.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Mail\WinMail.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\iTunes\iTunes.exe
.
**************************************************************************
.
Completion time: 2009-11-07 20:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-07 20:01

Pre-Run: 8,163,065,856 bytes free
Post-Run: 8,033,013,760 bytes free

- - End Of File - - 00F271D2AE8A7996EDB16514548C4391

[LDTate]

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
AskBarDis

please describe how your computer behaves at the moment.

[Zarniwoop]

I'm afraid there was no "AskBarDis" in Add/Remove programs.

However, I attempted to run MBAM again, (with succsess this time) and it found "Trojan.Dropper". I haven't taken action to delete it yet however, because under Items it reads "C:\Windows\win32k.sys".

Should I choose to delete it?

[LDTate]

In the CF scan it shows 0 bytes.
2009-10-26 01:15 . 2009-11-07 15:01 0 ----a-r- c:\windows\win32k.sys

Please download ad13's win32ksys to your desktop

• Double click to run it
  
• A black window will appear, let this run
  
• On completion a log will appear on your desktop called Win32kDiag.txt please post this in your next reply.

[Zarniwoop]

Running from: C:\Users\Deep Thought\Desktop\Win32kDiag.exe

Log file at : C:\Users\Deep Thought\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Found mount point : C:\Windows\AppPatch\Custom\Custom

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1363.tmp\ZAP1363.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2DF2.tmp\ZAP2DF2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP478B.tmp\ZAP478B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5986.tmp\ZAP5986.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP81A.tmp\ZAP81A.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA1EB.tmp\ZAPA1EB.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDEC2.tmp\ZAPDEC2.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE752.tmp\ZAPE752.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEEF0.tmp\ZAPEEF0.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Driver Cache\AMD64\AMD64

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ehome\CreateDisc\style\style

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Globalization\Globalization

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\Corporate\Corporate

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Help\OEM\OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\i386\i386

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\000021091A0090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109810090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109E60090400000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6425\12.0.6425

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\3.5.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Installer\$PatchCache$\Managed\4301AEBD288588A40833184CFEC0AF92\4.0.0\4.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Microsoft.NET\authman\authman

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ModemLogs\ModemLogs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\nap\configuration\configuration

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Panther\setup.exe\setup.exe

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\PLA\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\registration\CRMLog\CRMLog

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SchCache\SchCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\security\templates\templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV\Tfs_DAV

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\Description Documents\Description Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\LocalService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\GameExplorer\GameExplorer

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Temporary Internet Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows Media Player NSS\3.0\SCPD\SCPD

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Media Center Programs\Media Center Programs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\v2.0.50727.312

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Quick Launch

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\Certificates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\CRLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\CTLs

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\Cookies

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Network Shortcuts\Network Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Printer Shortcuts

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Recent\Recent

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\Templates

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Desktop\Desktop

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Documents\Documents

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Downloads\Downloads

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Favorites\Favorites

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Links\Links

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Music\Music

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Pictures\Pictures

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Saved Games\Saved Games

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\ServiceProfiles\NetworkService\Videos\Videos

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\057d458a5288ce359a4a46636ed70a4e\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18842_none_83af6d0646d60121\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18842_none_83af6d0646d60121

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\057d458a5288ce359a4a46636ed70a4e\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22933_none_8444da075fea9e51\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22933_none_8444da075fea9e51

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.16926_en-us_2185ec15e486221c\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.16926_en-us_2185ec15e486221c

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.21125_en-us_220e60b8fda4dbd1\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.21125_en-us_220e60b8fda4dbd1

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.18330_en-us_235b5913e1ba36f4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.18330_en-us_235b5913e1ba36f4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.22520_en-us_23efc7b0facfb7f4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6001.22520_en-us_23efc7b0facfb7f4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.18111_en-us_25586d03decf6ab4\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.18111_en-us_25586d03decf6ab4

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.22223_en-us_25d93a76f7f3591d\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6002.22223_en-us_25d93a76f7f3591d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.16926_en-us_dd0695ced5a51138\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.16926_en-us_dd0695ced5a51138

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.21125_en-us_dd8f0a71eec3caed\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6000.21125_en-us_dd8f0a71eec3caed

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.18330_en-us_dedc02ccd2d92610\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.18330_en-us_dedc02ccd2d92610

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.22520_en-us_df707169ebeea710\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6001.22520_en-us_df707169ebeea710

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.18111_en-us_e0d916bccfee59d0\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.18111_en-us_e0d916bccfee59d0

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.22223_en-us_e159e42fe9124839\x86_microsoft-windows-m..yer-setup.resources_31bf3856ad364e35_6.0.6002.22223_en-us_e159e42fe9124839

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.16926_none_0973ec0f51fdf005

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6000.21125_none_09fc60b26b1ca9ba

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.18330_none_0b49590d4f3204dd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6001.22520_none_0bddc7aa684785dd

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.18111_none_0d466cfd4c47389d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.0.6002.22223_none_0dc73a70656b2706

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.16926_none_abfdf271d96f105d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6000.21125_none_ac866714f28dca12

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.18330_none_add35f6fd6a32535

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6001.22520_none_ae67ce0cefb8a635

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.18111_none_afd0735fd3b858f5

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\1abf59ad881ccbd69aeb722934f822df\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.0.6002.22223_none_b05140d2ecdc475e

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21125_none_395fe8aa98b803ee\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6000.21125_none_395fe8aa98b803ee

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22518_none_3b5421de95d38ed8\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.22518_none_3b5421de95d38ed8

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22223_none_3d2ac2689306813a\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6002.22223_none_3d2ac2689306813a

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16926_none_7abd15c3656ef988\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.16926_none_7abd15c3656ef988

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21125_none_7b458a667e8db33d\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6000.21125_none_7b458a667e8db33d

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18330_none_7c9282c162a30e60\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18330_none_7c9282c162a30e60

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22518_none_7d39c39a7ba93e27\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.22518_none_7d39c39a7ba93e27

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18111_none_7e8f96b15fb84220\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.18111_none_7e8f96b15fb84220

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\b3da37d1490a6f1e10a887a163a78ba5\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22223_none_7f10642478dc3089\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6002.22223_none_7f10642478dc3089

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\cde11068f5b77b180111333ef9781925

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\PostRebootEventCache\PostRebootEventCache

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\SoftwareDistribution\ScanFile\ScanFile

Mount point destination : \Device\__max++>\^

Found mount point : C:\Windows\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-08 10:26:17 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()

[LDTate]

We need to run the following command to fix some malware related changes.

• Click on Start -> Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK:
  [indent]"%userprofile%\desktop\win32kdiag.exe" -f -r[/indent]
  
• When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

[AdvancedSetup]

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.