windows update related virus?

[risingstar64]

Hi. I came on this forum a few weeks ago seeking virus help, and left clean as a whistle. however, A few days ago, I updated something on windows, and ever since I have had a strange problem. Whenever I start my computer, it is perfectly fine, but about 10 minutes in, no matter what I do, the whole computer freezes and I lose all control (or at least nothing responds). Then I have no choice but to force shut down. However, if I start in safe mode (or safe mode with networking) the computer works fine with no problems. I tried about 10 full scans using different programs that helped me with my last virus program, but they all came up clean. I can't figure out if this is because of the update, or if I even have a virus. I am running fujitsu-vista 32-bit business. Also, I haven't really downloaded anything but that update for the past week, and right now I am running in safe mode with networking. Just for the heck of it, here are some of my newest logs (all since this problem started occurring and run in safe mode):




ComboFix 10-06-27.06 - STILLR 07/07/2010  23:50:06.4.2 - x86 NETWORK
Microsoft® Windows Vista™ Business   6.0.6001.1.1252.1.1033.18.2001.1254 [GMT -4:00]
Running from: d:\my files\Virus Protection\ComboFix\Commy.exe
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\autochk.exe . . . is infected!!

.
(((((((((((((((((((((((((   Files Created from 2010-06-08 to 2010-07-08  )))))))))))))))))))))))))))))))
.

2010-07-08 03:53 . 2010-07-08 03:53   --------   d-----w-   c:\users\user\AppData\Local\temp
2010-07-08 03:53 . 2010-07-08 03:53   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-07-08 03:53 . 2010-07-08 03:53   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2010-07-08 03:53 . 2010-07-08 03:53   --------   d-----w-   c:\users\admin2\AppData\Local\temp
2010-07-08 03:53 . 2010-07-08 03:53   --------   d-----w-   c:\users\Admin\AppData\Local\temp
2010-07-08 03:45 . 2010-07-08 03:49   --------   d-----w-   C:\32788R22FWJFW
2010-07-04 21:08 . 2010-07-04 21:08   --------   d-----w-   c:\program files\ESET
2010-07-01 04:47 . 2010-04-09 17:16   535624   ----a-w-   c:\windows\system32\pwNative.exe
2010-07-01 04:47 . 2010-04-09 17:16   16472   ------w-   c:\windows\system32\pwdrvio.sys
2010-07-01 04:47 . 2010-04-09 17:16   11104   ------w-   c:\windows\system32\pwdspio.sys
2010-07-01 00:57 . 2010-07-01 00:57   --------   d-----w-   c:\programdata\XBCDSU
2010-07-01 00:57 . 2010-04-13 19:02   15360   ----a-w-   c:\windows\system32\xbcdr.dll
2010-07-01 00:57 . 2009-11-12 14:17   16384   ----a-w-   c:\windows\system32\drivers\xbcd.sys
2010-07-01 00:57 . 2007-08-30 13:52   230400   ----a-w-   c:\windows\system32\xbcdsu.dll
2010-07-01 00:57 . 2007-08-16 16:37   27136   ----a-w-   c:\windows\system32\xbcdif.dll
2010-06-30 18:59 . 2010-06-30 18:59   --------   d-----w-   c:\program files\Common Files\Java
2010-06-30 18:59 . 2010-04-12 21:29   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-06-30 18:01 . 2009-11-08 14:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
2010-06-30 18:01 . 2009-11-08 14:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
2010-06-30 18:01 . 2009-11-08 14:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
2010-06-30 18:01 . 2009-11-08 14:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
2010-06-30 18:01 . 2009-11-08 14:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
2010-06-28 06:07 . 2010-06-28 06:07   12536   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-06-28 04:58 . 2001-07-13 17:56   14976   ----a-w-   c:\windows\system32\drivers\SBKUPNT.SYS
2010-06-28 04:58 . 1997-02-08 21:11   13312   ----a-w-   c:\windows\system32\DEVLOAD.EXE
2010-06-28 04:44 . 2010-04-27 02:10   1718912   ----a-w-   c:\windows\system32\BootMan.exe
2010-06-28 04:44 . 2010-02-23 15:51   86408   ----a-w-   c:\windows\system32\setupempdrv03.exe
2010-06-28 04:44 . 2010-02-23 15:51   8456   ----a-w-   c:\windows\system32\EuGdiDrv.sys
2010-06-28 04:44 . 2010-02-23 15:51   14216   ----a-w-   c:\windows\system32\epmntdrv.sys
2010-06-28 04:44 . 2010-02-23 15:51   14848   ----a-w-   c:\windows\system32\EuEpmGdi.dll
2010-06-28 01:41 . 2010-06-28 01:41   --------   d-----w-   c:\windows\amlog
2010-06-28 01:14 . 2010-05-25 20:37   12728   ----a-w-   c:\windows\system32\ampa.sys
2010-06-28 01:14 . 2010-05-25 20:37   919480   ----a-w-   c:\windows\ampa.exe
2010-06-27 19:27 . 2010-06-27 19:27   98304   ----a-w-   c:\windows\system32\snapapi.dll
2010-06-27 19:27 . 2010-06-27 19:27   65344   ----a-w-   c:\windows\system32\drivers\snapman.sys
2010-06-27 19:27 . 2010-06-27 19:27   37888   ----a-w-   c:\windows\system32\setupnt.dll
2010-06-27 19:27 . 2010-06-27 19:27   --------   d-----w-   c:\program files\Common Files\Acronis
2010-06-27 04:29 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 04:29 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-06-26 23:52 . 2010-06-26 23:52   63488   ----a-w-   c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-26 23:52 . 2010-06-26 23:52   52224   ----a-w-   c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-26 23:52 . 2010-06-26 23:52   117760   ----a-w-   c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-26 23:51 . 2010-06-26 23:51   --------   d-----w-   c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2010-06-26 23:51 . 2010-06-26 23:51   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-06-25 21:58 . 2010-06-25 21:58   --------   d-----w-   c:\users\Admin\AppData\Roaming\Autodesk
2010-06-25 21:27 . 2010-06-26 01:11   --------   d-----w-   c:\program files\Common Files\Autodesk Shared
2010-06-25 21:24 . 2008-07-12 12:18   467984   ----a-w-   c:\windows\system32\d3dx10_39.dll
2010-06-25 21:24 . 2008-07-12 12:18   1493528   ----a-w-   c:\windows\system32\D3DCompiler_39.dll
2010-06-25 21:24 . 2008-07-12 12:18   3851784   ----a-w-   c:\windows\system32\D3DX9_39.dll
2010-06-23 20:06 . 2010-06-23 20:06   --------   d-----w-   c:\program files\Common Files\EZB Systems
2010-06-23 18:31 . 2010-06-23 18:31   9062   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_6FEFF9B68218417F98F549.exe
2010-06-23 18:31 . 2010-06-23 18:31   124902   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_8FC856A7719DE414ABC55A.exe
2010-06-23 18:31 . 2010-06-23 18:31   124902   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_229008C4DD2B0687C3C9DB.exe
2010-06-23 18:31 . 2010-06-23 18:31   11310   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_FF89B0AADCD51F146762AE.exe
2010-06-23 18:31 . 2010-06-23 18:31   11310   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_EA4EAE0A99F77038DA094E.exe
2010-06-23 18:31 . 2010-06-23 18:31   11310   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{2F083216-8203-4E94-8C7C-EDF1C91D037D}\_7C899EC09EAB28D66E0485.exe
2010-06-23 17:57 . 2010-07-01 06:33   --------   d-----w-   c:\users\user\AppData\Local\ApplicationHistory
2010-06-23 17:47 . 2010-07-02 18:35   --------   d-----w-   c:\users\user\AppData\Local\Paint.NET
2010-06-19 16:57 . 2010-06-19 16:57   --------   d-----w-   c:\windows\USB Vibration
2010-06-19 16:56 . 2010-06-19 16:56   --------   d-----w-   C:\Open File Driver Intall
2010-06-19 01:59 . 2010-06-19 01:59   --------   d-----w-   c:\users\user\AppData\Local\Help
2010-06-19 01:58 . 2007-02-18 21:11   296960   ----a-w-   c:\windows\winhlp32.exe
2010-06-19 01:58 . 2007-02-18 21:11   194560   ----a-w-   c:\windows\system32\ftsrch.dll
2010-06-19 01:58 . 2007-02-18 21:11   9728   ----a-w-   c:\windows\system32\ftlx041e.dll
2010-06-19 01:58 . 2007-02-18 21:11   9216   ----a-w-   c:\windows\system32\ftlx0411.dll
2010-06-19 00:59 . 2010-06-25 00:57   --------   d-sha-w-   c:\users\Public\DRM
2010-06-09 18:56 . 2010-07-07 16:38   680   ----a-w-   c:\users\user\AppData\Local\d3d9caps.dat
2010-06-09 18:14 . 2010-06-18 20:48   220926964   ----a-w-   c:\users\Admin\AppData\Roaming\ijjigame\U_GUNZ_setup.exe
2010-06-09 02:13 . 2010-06-09 18:26   --------   d-----w-   c:\users\user\AppData\Local\Windows Server

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 00:00 . 2008-08-12 05:18   --------   d-----w-   c:\users\Admin\AppData\Roaming\WTablet
2010-07-07 23:59 . 2009-10-01 15:31   17408   ----a-w-   c:\windows\system32\rpcnetp.exe
2010-07-07 23:59 . 2009-10-02 19:41   56680   ----a-w-   c:\windows\system32\rpcnet.dll
2010-07-06 22:04 . 2008-08-21 01:07   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-07-05 04:54 . 2010-05-05 23:33   --------   d-----w-   c:\users\Admin\AppData\Roaming\Scirra
2010-07-01 00:52 . 2010-07-01 00:52   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-06-30 19:35 . 2008-06-19 03:46   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-06-30 18:58 . 2008-08-20 07:11   --------   d-----w-   c:\program files\Java
2010-06-30 18:18 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-06-30 18:09 . 2008-06-20 17:24   --------   d-----w-   c:\programdata\Microsoft Help
2010-06-28 06:07 . 2009-10-01 14:03   243024   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-06-28 06:07 . 2009-10-01 14:03   216400   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-06-26 05:34 . 2010-01-10 00:24   --------   d-----w-   c:\programdata\FLEXnet
2010-06-26 04:37 . 2010-04-17 18:08   --------   d-----w-   c:\users\Admin\AppData\Roaming\BitTorrent
2010-06-25 21:58 . 2010-04-20 01:22   --------   d-----w-   c:\programdata\Autodesk
2010-06-25 21:21 . 2010-04-20 01:26   --------   d-----w-   c:\program files\Autodesk
2010-06-25 04:05 . 2009-10-29 02:38   --------   d-----w-   c:\users\Admin\AppData\Roaming\gtk-2.0
2010-06-23 18:55 . 2010-05-15 17:07   --------   d-----w-   c:\users\Admin\AppData\Roaming\RealWorld
2010-06-17 02:08 . 2009-10-01 15:31   17408   ----a-w-   c:\windows\system32\rpcnetp.dll
2010-06-17 01:55 . 2009-09-30 21:33   185558831   ----a-w-   c:\windows\DUMP51f6.tmp
2010-06-13 02:19 . 2010-03-28 23:49   --------   d-----w-   c:\users\Admin\AppData\Roaming\Audacity
2010-06-11 01:01 . 2010-03-30 22:50   --------   d--h--w-   c:\users\Admin\AppData\Roaming\ijjigame
2010-06-09 18:44 . 2010-05-25 19:38   1100   ----a-w-   c:\users\user\AppData\Local\d3d8caps.dat
2010-06-06 01:49 . 2010-06-06 01:49   --------   d-----w-   c:\users\Admin\AppData\Roaming\Malwarebytes
2010-06-06 01:48 . 2010-06-06 01:48   --------   d-----w-   c:\programdata\Malwarebytes
2010-06-04 23:55 . 2010-06-04 23:54   --------   d-----w-   c:\program files\Project64 1.6
2010-06-04 23:54 . 2010-02-28 21:15   8854   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2010-06-04 23:54 . 2010-02-28 21:15   40960   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2010-06-04 23:54 . 2010-02-28 21:15   40960   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2010-06-03 22:59 . 2010-06-03 22:59   --------   d-----w-   c:\program files\Panda Security
2010-06-03 02:57 . 2010-06-03 02:57   2560   ----a-w-   c:\windows\_MSRSTRT.EXE
2010-06-01 14:30 . 2009-10-01 14:03   29584   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-05-28 20:45 . 2010-05-21 23:56   --------   d-----w-   c:\users\Admin\AppData\Roaming\Juce VST Host
2010-05-28 20:45 . 2010-05-21 23:55   --------   d-----w-   c:\users\Admin\AppData\Roaming\Sawer
2010-05-28 01:15 . 2010-03-20 20:11   --------   d-----w-   c:\users\Admin\AppData\Roaming\codeblocks
2010-05-26 16:16 . 2010-06-28 18:14   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-05-26 14:25 . 2010-06-28 18:14   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-05-25 01:49 . 2008-08-12 05:12   163808   ----a-w-   c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-21 23:57 . 2010-05-21 23:57   --------   d-----w-   c:\users\Admin\AppData\Roaming\Hardcore
2010-05-21 21:35 . 2010-05-21 21:35   --------   d-----w-   c:\program files\Image-Line
2010-05-21 21:35 . 2010-05-21 21:35   --------   d-----w-   c:\program files\Outsim
2010-05-21 14:37 . 2008-08-21 20:08   1510   ----a-w-   c:\windows\Sketchpad Preferences.dat
2010-05-16 21:14 . 2010-05-16 21:14   --------   d-----w-   c:\programdata\2DBoy
2010-05-15 17:05 . 2010-05-15 17:05   9062   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_6FEFF9B68218417F98F549.exe
2010-05-15 17:05 . 2010-05-15 17:05   23558   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_357C06FAD2FC0DA52A6B45.exe
2010-05-15 17:05 . 2010-05-15 17:05   137115   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_ADAB0E427A888143B08FAE.exe
2010-05-15 17:05 . 2010-05-15 17:05   137115   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_5D50E12A3F942D5765FD03.exe
2010-05-15 17:05 . 2010-05-15 17:05   11310   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_8C743AFA18BBC51C7F134B.exe
2010-05-15 17:05 . 2010-05-15 17:05   11310   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_1A3359F6F38FB6AB48EC63.exe
2010-05-15 17:05 . 2010-05-15 17:05   11310   ----a-r-   c:\users\Admin\AppData\Roaming\Microsoft\Installer\{3143DA02-D491-4C34-B7D2-0F9EA76486CB}\_081E09237481BE9AB76A14.exe
2010-05-15 03:31 . 2008-08-12 05:13   --------   d-----w-   c:\program files\Google
2010-05-11 03:38 . 2010-05-11 03:38   1988608   ----a-w-   c:\programdata\YoYoGames\yoyo80.exe
2010-05-11 03:38 . 2010-05-07 22:24   495616   ----a-w-   c:\programdata\YoYoGames\d3dx8.dll
2010-05-11 03:38 . 2010-05-07 22:21   --------   d-----w-   c:\programdata\YoYoGames
2010-05-11 03:34 . 2010-05-11 03:33   1598272   ----a-w-   c:\programdata\YoYoGames\yoyo61.exe
2010-05-07 22:24 . 2010-05-07 22:23   1992000   ----a-w-   c:\programdata\YoYoGames\yoyo70.exe
2010-05-05 23:50 . 2010-05-04 07:12   1100   ----a-w-   c:\windows\blocks.dat
2010-05-05 11:38 . 2010-05-05 11:38   0   ----a-w-   C:\LOG104B.tmp
2010-05-04 07:11 . 2010-05-04 07:11   130   ----a-w-   c:\windows\hs2.dat
2010-05-04 07:11 . 2010-05-04 07:11   130   ----a-w-   c:\windows\hs1.dat
2010-05-04 05:59 . 2010-06-28 18:14   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-28 18:14   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-28 18:14   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-28 18:14   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 13:53 . 2010-06-28 18:14   2036224   ----a-w-   c:\windows\system32\win32k.sys
2010-04-23 13:55 . 2010-05-25 21:45   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-04-16 16:10 . 2010-06-28 18:14   1314816   ----a-w-   c:\windows\system32\quartz.dll
2010-04-16 16:05 . 2010-06-28 18:14   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
2010-04-16 16:05 . 2010-06-28 18:14   459776   ----a-w-   c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:05 . 2010-06-28 18:14   173056   ----a-w-   c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:05 . 2010-06-28 18:14   2153984   ----a-w-   c:\windows\AppPatch\AcGenral.dll
2010-04-16 16:05 . 2010-06-28 18:14   541696   ----a-w-   c:\windows\AppPatch\AcLayers.dll
2010-04-16 14:17 . 2010-06-28 18:14   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-12 08:44 . 2010-04-12 08:44   59388   ----a-w-   c:\windows\system32\drivers\scdemu.sys
2010-01-23 13:40 . 2010-04-28 03:11   568832   ----a-w-   c:\program files\mozilla firefox\plugins\msvcp90.dll
2010-01-23 13:40 . 2010-04-28 03:11   655872   ----a-w-   c:\program files\mozilla firefox\plugins\msvcr90.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-21 68856]
"Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"331BigDog"="c:\windows\VM331_STI.EXE" [2008-10-29 294912]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-20 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-10 1045800]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2007-02-09 97072]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2008-02-01 88616]
"SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\fjdvrupd\updatenv.exe" [2007-08-09 167936]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2008-06-06 3010560]
"NWTRAY"="NWTRAY.EXE" [2009-03-27 30992]
"Vlogin"="c:\batch\xo\vlogin.bat" [2008-06-03 1438]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-24 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-24 145944]
"NotificationManager"="c:\program files\PatchLink\Update Agent\NotificationManager.exe" [2008-04-28 587112]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-28 2065760]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Malwarebytes' Anti-Malware"="d:\my files\Virus Protection\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
Novell iFolder.lnk - c:\program files\Novell\iFolder\trayapp.exe [2008-8-20 266317]
WinZip Quick Pick.lnk - d:\my files\Zipping+Splitting+Extracting Programs\WinZip\WZQKPICK.EXE [2010-4-5 494920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2007-08-08 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2007-01-10 16:52   24576   ----a-w-   c:\windows\System32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages   REG_MULTI_SZ      msv1_0 ncv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-504159495-1915777745-560655815-1000]
"EnableNotificationsRef"=dword:0000000a

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-504159495-1915777745-560655815-1005]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-504159495-1915777745-560655815-500]
"EnableNotificationsRef"=dword:00000001

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-06-28 216400]
R1 SASDIFSV;SASDIFSV;d:\my files\Virus Protection\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;d:\my files\Virus Protection\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2008-05-14 1172728]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-28 308136]
R2 EQSharedEngine;EQ Shared Engine;c:\program files\Equitrac\Express\Client\EQSharedEngine.exe [2009-10-16 1709416]
R2 FJSPA;FJSPA;c:\program files\Fujitsu\FJSPA\FJSPA.sys [2006-12-08 17712]
R2 gupdate1c9ff3c1c6b3ac5;Google Update Service (gupdate1c9ff3c1c6b3ac5);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 133104]
R2 MBAMService;MBAMService;d:\my files\Virus Protection\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2009-03-27 82456]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2009-03-27 54296]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-05-01 3032360]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\fjdvrupd\updnvsrv.exe [2007-08-02 11264]
R2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\XTAgent.exe [2007-01-10 61440]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2009-03-27 16656]
R3 ADVNTDRV;ADVNTDRV;c:\windows\System32\drivers\ADVNTDRV.SYS [1999-11-18 3872]
R3 ampa;ampa;c:\windows\system32\ampa.sys [2010-05-25 12728]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2008-05-14 475520]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-02-23 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-02-23 8456]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-01 3660800]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-03-10 3601608]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys

R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys

R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2008-04-03 16808]
R3 vm331avs;USB2.0 Digital Camera;c:\windows\system32\Drivers\vm331avs.sys [2008-09-23 976896]
R3 vvftav323;vvftav323;c:\windows\system32\drivers\vvftav323.sys [2007-03-19 475136]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-04 52872]
S0 FBIOSDRV;FBIOSDRV;c:\windows\system32\drivers\FBIOSDRV.SYS [2006-08-29 8960]
S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [2008-06-19 12712]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2009-03-27 91160]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2009-03-27 110616]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2009-03-27 22552]
S0 NifFltr;NifFltr;

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-28 243024]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [2008-03-27 224384]
S3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\DRIVERS\FjBtnDrv.sys [2008-03-03 18944]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2006-11-01 5632]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-02-05 47448]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-01-21 41560]
S3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\DRIVERS\wisdpen.sys [2008-03-27 30888]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ      PLA DPS BFE mpssvc
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-12 14:55]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:49]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 19:49]

2010-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-504159495-1915777745-560655815-1005Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 03:34]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-504159495-1915777745-560655815-1005UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-05 03:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8v9q6ylk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.d-e.org/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppanda3d.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\users\user\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SMARTSNMPAgent.exe - c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe
HKLM-Run-PWRISOVM.EXE - d:\poweriso\PWRISOVM.EXE
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe
AddRemove-BitTorrent - d:\bittorrent\uninst.exe
AddRemove-CompuApps SwissKnife - d:\my files\useful programs\SWISSKNIFE\SKUninst.ISU
AddRemove-Construct_is1 - d:\scirra\Construct\unins000.exe
AddRemove-Easy Picture2Icon - d:\my files\Useful Programs\EasyPicture2Icon\uninst.exe
AddRemove-FFmpeg for Audacity on Windows_is1 - d:\ffmpeg for audacity\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - d:\free youtube to mp3 converter\unins000.exe
AddRemove-GooTool - d:\my files\Games\WorldOfGoo\uninstall.exe
AddRemove-GSplit3Set - d:\gsplit\Uninst.exe
AddRemove-HTMLKit_is1 - d:\chami\HTML-Kit\unins000.exe
AddRemove-Magic ISO Maker v5.5 (build 0274) - d:\myfile~1\USEFUL~1\MagicISO\UNWISE.EXE
AddRemove-MilkShape 3D 1.8.2 - d:\milkshape 3d 1.8.2\uninstall.exe
AddRemove-Panda3D 1.6.2 - d:\panda3d-1.6.2\uninst.exe
AddRemove-Panda3D Game Engine - d:\panda3d\uninst.exe
AddRemove-Partition Assistant Home Edition_is1 - d:\my files\Useful Programs\Partition Assistant\unins000.exe
AddRemove-PartitionExpert - d:\my files\Useful Programs\PartitionExpert\MediaBuilder.exe
AddRemove-PowerISO - d:\poweriso\uninstall.exe
AddRemove-Scratch - c:\program files\Scratch\uninstall.exe
AddRemove-UltraISO_is1 - d:\my files\Useful Programs\UltraISO\unins000.exe
AddRemove-WinGimp-2.0_is1 - c:\program files\GIMP-2.0\setup\unins001.exe
AddRemove-WinRAR archiver - d:\winrar\uninstall.exe
AddRemove-CodeBlocks - c:\program files\CodeBlocks\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 23:53
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\ncv1_0.dll
.
Completion time: 2010-07-07  23:57:15
ComboFix-quarantined-files.txt  2010-07-08 03:57

Pre-Run: 3,978,924,032 bytes free
Post-Run: 4,042,391,552 bytes free

- - End Of File - - 90794934A4AAFCCE5184F453F94A6E90








GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-08 00:22:17
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Windows\TEMP\pfrdipod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           bridge.sys                                                                                                             8BC83462 519 Bytes  [8B, FF, 55, 8B, EC, 81, EC, ...]
?               C:\Windows\TEMP\catchme.sys                                                                                            The system cannot find the file specified. !
?               C:\Windows\TEMP\mbr.sys                                                                                                The system cannot find the file specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                   [74AF88B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                    [74B398A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                [74AFB9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                          [74AEFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                    [74AF7A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                 [74AEEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                     [74B2B17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                        [74AFBC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                                [74AF074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                                 [74AF06B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                                  [74AE71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                          [74B7D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                             [74B17379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                [74AEE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                          [74AE697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                         [74AE69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[992] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                            [74AF2465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                               fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

ADS             C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe:BAK  22528 bytes executable

---- EOF - GMER 1.0.15 ----






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:18 AM, on 7/8/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\Explorer.EXE
D:\My Files\Virus Protection\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Vlogin] C:\batch\xo\vlogin.bat
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NotificationManager] C:\Program Files\PatchLink\Update Agent\NotificationManager.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\My Files\Zipping+Splitting+Extracting Programs\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Express\Client\EQSharedEngine.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ff3c1c6b3ac5) (gupdate1c9ff3c1c6b3ac5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: ZENworks Patch Management Update (PatchLink Update) - Novell, Inc. - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\Windows\System32\Novell\XTAgent.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe

--
End of file - 8589 bytes





www.malwarebytes.org

Database version: 4245

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18928

7/8/2010 3:30:11 PM
mbam-log-2010-07-08 (15-30-11).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 379287
Time elapsed: 50 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






I am really desperate (considering I basically can't use my computer without safe mode), so I'll try pretty much anything.
--Sorry I'm asking for help again so soon, I really don't have any idea how this happened.

[risingstar64]

Oh, and a few scanners got stuck on a file in the folder:
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache...
and just never moved on from that file. I will check to see what file it was and edit this post with the answer.
EDIT: I tried it again, and it moved on eventually, so I guess it was just a big file or something.



Also, avast detected the following two threats:
c:\windows\system32\autochk.exe:BAK
c:\windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe:BAK

[risingstar64]

I have been thinking, and I would like to scan my registry. About this I have two questions:
1. is it a good idea/okay?
2. what is the safest/most effective program I should use?

[risingstar64]

 .

[risingstar64]

I managed to run hijack this in normal mode in the time before it freezes up (but just barely), so heres the log in normal mode:






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:47 AM, on 7/9/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\VM331_STI.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Softex\OmniPass\scureapp.exe
C:\Windows\System32\nwtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PatchLink\Update Agent\NotificationManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamgui.exe
D:\My Files\Virus Protection\avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\cmd.exe
C:\Program Files\Novell\iFolder\trayapp.exe
D:\My Files\Zipping+Splitting+Extracting Programs\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\xcopy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
D:\My Files\Virus Protection\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [331BigDog] C:\Windows\VM331_STI.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [SSUtility] C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\fjdvrupd\updatenv.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Vlogin] C:\batch\xo\vlogin.bat
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [NotificationManager] C:\Program Files\PatchLink\Update Agent\NotificationManager.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast5] D:\MYFILE~1\VIRUSP~1\avast\avastUI.exe /nogui
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-504159495-1915777745-560655815-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Admin')
O4 - HKUS\S-1-5-21-504159495-1915777745-560655815-1000\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Admin')
O4 - HKUS\S-1-5-21-504159495-1915777745-560655815-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Admin')
O4 - HKUS\S-1-5-21-504159495-1915777745-560655815-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Admin')
O4 - S-1-5-21-504159495-1915777745-560655815-1000 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Admin')
O4 - S-1-5-21-504159495-1915777745-560655815-1000 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Admin')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Novell iFolder.lnk = C:\Program Files\Novell\iFolder\trayapp.exe
O4 - Global Startup: WinZip Quick Pick.lnk = D:\My Files\Zipping+Splitting+Extracting Programs\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\My Files\Virus Protection\avast\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - D:\My Files\Virus Protection\avast\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - D:\My Files\Virus Protection\avast\AvastSvc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: EQ Shared Engine (EQSharedEngine) - Equitrac - C:\Program Files\Equitrac\Express\Client\EQSharedEngine.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9ff3c1c6b3ac5) (gupdate1c9ff3c1c6b3ac5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\My Files\Virus Protection\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - D:\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe (file missing)
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - C:\Windows\system32\o2flash.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\OmniServ.exe
O23 - Service: ZENworks Patch Management Update (PatchLink Update) - Novell, Inc. - C:\Program Files\PatchLink\Update Agent\GravitixService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Windows\system32\Pen_Tablet.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\fjdvrupd\updnvsrv.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\Windows\System32\Novell\XTAgent.exe
O23 - Service: Novell XTier Service Manager (XTSvcMgr) - Novell, Inc. - C:\Program Files\Novell\Client\XTier\Services\XTSvcMgr.exe

--
End of file - 11900 bytes





Looking forward to any responses, and also I would like to make a restore point after I fix this, so if anyone has any info on that then feel free to post it.

[risingstar64]

I just installed the vista service pack 2 (sure wasn't easy to do in safe mode). It didn't really help, but just in case I decided to post (it may affect the system or something).

[SuperDave]

Hello  and welcome to

Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

First of all, please delete ComboFix from your D: drive. It's out-of-date Also, please uninstall HJT. It's running from the wrong place.

I have been thinking, and I would like to scan my registry. About this I have two questions:
1. is it a good idea/okay?
2. what is the safest/most effective program I should use?

Not a good idea at any time.

Have you checked all the connections in your computer? Is it possible that's it over-heating. It won't heat as much in Safe Mode because there are fewer programs running.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Download it to your desktop.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Right-click ComboFix and select "run as Administrator."
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

[risingstar64]

Hey. I got the new version of commy, but It doesn't work for me. It always goes to completed stage_48, and never moves on from there. I'll try leaving it on tonight, but I don't think it will do much good. If it doesn't end up working, can I just use the old one which I know works (I left it in my recycling bin)?

[risingstar64]

I left it on over night, but it was still on completed stage_48 in the morning. But I don't think this problem is a virus. I tried all of our old scanners and a few new ones a couple days ago and they all came out clean. Anyway, is there an alternative program you would like me to use? I'll try combofix in normal mode but it probably wont finish in time.

[SuperDave]

ComboFix only has a shelf-life of 10 days. Please try this one.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.
  

[risingstar64]

Hey. I still cannot get through combofix (it stops at completed stage_48), however, the 'stepdel' thing did cause it to delete a few files along the way. I am rather concerned as I completely uninstalled superantispyware and double checked my running processes and services (as well as the search box), yet still combofix is convinced superantispyware is active whenever I start it up.

[SuperDave]

Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
• When done, click on Save Report
  
• Save it to the Desktop.
• Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).

[risingstar64]

Hi. RootRepeal went fine. Here is my log:






ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/07/12 18:42
Program Version:      Version 1.3.5.0
Windows Version:      Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x88509000   Size: 851968   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x98671000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: ҃젇痿鳾ɝ씺䄮䉄鍐ᗺ貘誅谈誅믖与⎽쓜丮啒Ɣ቟܄䞘䠆ꋭ䛶᪡⻄䑗鑎㼄Ӷ⨀䫿섚夺
Image Path: ҃젇痿鳾ɝ씺䄮䉄鍐ᗺ貘誅谈誅믖与⎽쓜丮啒Ɣ቟܄䞘䠆ꋭ䛶᪡⻄䑗鑎㼄Ӷ⨀䫿섚夺
Address: 0x8DBFA000   Size: 11008   File Visible: No   Signed: -
Status: Hidden from the Windows API!

Hidden/Locked Files
-------------------
Path: c:\commy\errtrap1
Status: Allocation size mismatch (API: 56, Raw: 0)

Path: C:\Users\Admin\My Documents
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_34c832162545dbc8\_SMSVC~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a51b01b87\$$DeleteMe.winmm.dll.01cb1fbf21b74886.0053
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_acd0e4ffe1daef0a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_c6e3d20ca2b1ebce.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0a1d2fcba76b3f00.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_08e3747fa83e48bc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_a9427d6be424cb66.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_390a91d20a21a864.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b00dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b366323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead1500a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01cb1fbf225b8766.005d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f52459f8aeb3\$$DeleteMe.atl.dll.01cb1fbf215cd446.004c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f327439667d597c\$$DeleteMe.adsldpc.dll.01cb1fbf1e73c5e6.002e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e34851aa8681b8b0\$$DeleteMe.advapi32.dll.01cb1fbf1d1cffe6.001c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d16f567e1f7\$$DeleteMe.authui.dll.01cb1fbf20d06326.0044
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485a8ade99\$$DeleteMe.cmiv2.dll.01cb1fbf24ba8606.0074
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-codeintegrity_31bf3856ad364e35_6.0.6001.18023_none_a065524404cd682d\$$DeleteMe.ci.dll.01cb1fbf196e5f66.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b111a1a5a793a5\$$DeleteMe.comdlg32.dll.01cb1fbf1eace6e6.002f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_none_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01cb1fbf2288c186.0063
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbddd3c6da\$$DeleteMe.crypt32.dll.01cb1fbf21770366.004f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01cb1fbf227a7946.0060
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01cb1fbf1c492586.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samlib.dll.01cb1fbf20145686.003b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da0f48e64\$$DeleteMe.samsrv.dll.01cb1fbf1cfe0e06.0018
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eappcfg.dll.01cb1fbf1c492586.000e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2cc36a286b\$$DeleteMe.eapphost.dll.01cb1fbf22e59726.0068
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e12c0bbf09\$$DeleteMe.esent.dll.01cb1fbf20e5cf86.0046
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc45c1a12d92f84\$$DeleteMe.wevtsvc.dll.01cb1fbf1d15dbc6.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda112b5794d4e0\$$DeleteMe.feclient.dll.01cb1fbf22924706.0065
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361dee702a605\$$DeleteMe.gpapi.dll.01cb1fbf20276186.003e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\$$DeleteMe.kernel32.dll.01cb1fbf1df0da46.0025
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e167a6afd02\$$DeleteMe.imm32.dll.01cb1fbf1df33ba6.0026
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c4797566bb3db\$$DeleteMe.Wldap32.dll.01cb1fbf20203d66.003c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.18326_none_c74a7d60a56c2a8c\$$DeleteMe.msasn1.dll.01cb1fbf210be586.0049
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none_c7427a4e786d74bc\$$DeleteMe.adtschema.dll.01cb1fbf21619706.004d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536209ee61dad\$$DeleteMe.msvcrt.dll.01cb1fbf1f9fb326.0039
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18306_none_887403b096d0fe9e\$$DeleteMe.msxml6.dll.01cb1fbf23179406.006a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.IPSECSVC.DLL.01cb1fbf1f5d0ca6.0038
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_5dde5591f19c0ea3\$$DeleteMe.ncrypt.dll.01cb1fbf20bfb986.0042
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d050f6301b2186f\$$DeleteMe.netapi32.dll.01cb1fbf21d3d906.0056
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_58d6de41fc2dac16\$$DeleteMe.ntdll.dll.01cb1fbf19732226.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0f92539f0\$$DeleteMe.cscapi.dll.01cb1fbf227817e6.005f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6001.18000_none_bd002a8dfb7a3328\$$DeleteMe.oleaut32.dll.01cb1fbf1e35e226.0029
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasrtutils_31bf3856ad364e35_6.0.6001.18000_none_0d159410ea7a8f9d\$$DeleteMe.rtutils.dll.01cb1fbf1e41c906.002b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18247_none_b3d66539452e6ad2\$$DeleteMe.rpcrt4.dll.01cb1fbf227f3c06.0062
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6001.18000_none_5fc70fc7b14478d4\$$DeleteMe.rsaenh.dll.01cb1fbf1eb40b06.0030
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasdlg_31bf3856ad364e35_6.0.6001.18000_none_6d133c0e4fa0edb1\$$DeleteMe.rasdlg.dll.01cb1fbf1bf5d566.000b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..configurationengine_31bf3856ad364e35_6.0.6001.18000_none_b924e3b3889aaa51\$$DeleteMe.scesrv.dll.01cb1fbf229709c6.0067
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6001.18000_none_3a21c33374546c1e\$$DeleteMe.authz.dll.01cb1fbf21d63a66.0057
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..entication-usermode_31bf3856ad364e35_6.0.6001.18000_none_3a21c33374546c1e\$$DeleteMe.ntmarta.dll.01cb1fbf1f2b0fc6.0036
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..icensing-slc-client_31bf3856ad364e35_6.0.6001.18000_none_c51f5aefa5ed5be4\$$DeleteMe.SLC.dll.01cb1fbf1f2fd286.0037
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\$$DeleteMe.services.exe.01cb1fbf1db2f686.0020
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-smartcardsubsystem_31bf3856ad364e35_6.0.6001.18000_none_17fd3fa469f2e862\$$DeleteMe.SCardSvr.dll.01cb1fbf21d177a6.0055
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.0.6001.18000_none_14fe4f2f50e5bbf4\$$DeleteMe.version.dll.01cb1fbf1cbb6786.0015
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-webdavredir-davclient_31bf3856ad364e35_6.0.6000.16386_none_9196a743555429b0\$$DeleteMe.davclnt.dll.01cb1fbf225b8766.005c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\$$DeleteMe.scecli.dll.01cb1fbf1bf37406.0009
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-kerberos_31bf3856ad364e35_6.0.6001.18272_none_e68d3217b104808b\$$DeleteMe.kerberos.dll.01cb1fbf21b285c6.0052
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18330_none_7c9282c162a30e60\$$DeleteMe.msv1_0.dll.01cb1fbf210be586.004a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-setupapi_31bf3856ad364e35_6.0.6001.18000_none_34f559b0c63dda55\$$DeleteMe.setupapi.dll.01cb1fbf219ab806.0051
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18167_none_6bef4f42122643ed\$$DeleteMe.shell32.dll.01cb1fbf20fd9d46.0048
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\$$DeleteMe.smss.exe.01cb1fbf195691a6.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-spp-main_31bf3856ad364e35_6.0.6001.18000_none_e446f6c1acdcd00d\$$DeleteMe.spp.dll.01cb1fbf228b22e6.0064
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..icesframework-msctf_31bf3856ad364e35_6.0.6001.18000_none_75c3b019eec51999\$$DeleteMe.msctf.dll.01cb1fbf1c6a78c6.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-t..-platform-libraries_31bf3856ad364e35_6.0.6001.18000_none_ea70eae59b4e2b12\$$DeleteMe.IPHLPAPI.DLL.01cb1fbf1e631c46.002d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.0.6001.18000_none_910d33844d26b5fb\$$DeleteMe.TrustedInstaller.exe.01cb1fbf287c3186.0075
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-userenv_31bf3856ad364e35_6.0.6001.18000_none_90406a734b42d9a2\$$DeleteMe.userenv.dll.01cb1fbf227a7946.0061
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\$$DeleteMe.mswsock.dll.01cb1fbf2048b4c6.003f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\$$DeleteMe.winlogon.exe.01cb1fbf2269cfa6.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wintrust-dll_31bf3856ad364e35_6.0.6001.18387_none_ef5ec21d9a4b6d61\$$DeleteMe.wintrust.dll.01cb1fbf1c52ab06.0010
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\$$DeleteMe.wlanmsm.dll.01cb1fbf1dd1e866.0023
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\$$DeleteMe.wlansec.dll.01cb1fbf1d1a9e86.001b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\$$DeleteMe.wlansvc.dll.01cb1fbf20bfb986.0041
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6001.18226_none_fb39b90a79c76e22\$$DeleteMe.fastprox.dll.01cb1fbf235a3a86.0070
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.0.6001.18000_none_e1bfb2e3d6d1ae75\$$DeleteMe.wbemcore.dll.01cb1fbf2363c006.0073
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemess-dll_31bf3856ad364e35_6.0.6001.18000_none_63d54f242fa0e73f\$$DeleteMe.wbemess.dll.01cb1fbf234e53a6.006b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\$$DeleteMe.esscli.dll.01cb1fbf235577c6.006e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\$$DeleteMe.NCProv.dll.01cb1fbf235577c6.006d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6001.18000_none_b95403151f989ff3\$$DeleteMe.wmiutils.dll.01cb1fbf2350b506.006c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18270_none_cbee6c45d70a7f59\$$DeleteMe.wkssvc.dll.01cb1fbf1cf22726.0017
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\$$DeleteMe.PortableDeviceApi.dll.01cb1fbf20fb3be6.0047
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft.windows.winhttp_31bf3856ad364e35_5.1.6001.18315_none_24c830a6c226f613\$$DeleteMe.winhttp.dll.01cb1fbf1dee78e6.0024
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_b87345e4cde48886\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_pg_persnlization_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_a1a7b680e78a0199\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.16720_none_a35a3f7808e4975c\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6000.20883_none_8c92561c2286dc4f\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_cfg_dflt_b03f5f7f11d50a3a_6.0.6000.16720_none_7110cd91effcca62\WEB_ME~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_cfg_dflt_b03f5f7f11d50a3a_6.0.6000.20883_none_5a48e436099f0f55\WEB_ME~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_cfg_dflt_b03f5f7f11d50a3a_6.0.6001.18111_none_70ebb247f04ed703\WEB_ME~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_cfg_dflt_b03f5f7f11d50a3a_6.0.6001.22230_none_5a2022e409f45016\WEB_ME~1.DEF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.22230_none_65bfcd5b5c1529e5\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.16720_none_7cb07809421da431\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6000.20883_none_65e88ead5bbfe924\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-msbuild_data_files_b03f5f7f11d50a3a_6.0.6001.18111_none_7c8b5cbf426fb0d2\MICROS~1.TAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_9b4ded6469d9c4a5\POLICY~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_2e6f68d711833115\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_2eb424f22ad51329\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_2ff255b70ef48daa\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_smsvchost_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_30df444827c761d0\_SMSVC~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.0.6000.16708_none_c3d601207722394b\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.0.6000.20864_none_c41abd3b90741b5f\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.0.6001.18096_none_c558ee00749395e0\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsasrv.dll.01cb1fbf197f0906.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.lsass.exe.01cb1fbf197a4646.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\$$DeleteMe.secur32.dll.01cb1fbf19888e86.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d5836ad30e0ac92d\$$DeleteMe.netshell.dll.01cb1fbf21fc5066.0059
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwevbtargets_i_31bf3856ad364e35_6.0.6001.22208_none_c645dc918d666a06\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:Processes
-------------------
Path: System
PID: 4   Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1204   Status: Locked to the Windows API!

==EOF==

[risingstar64]

SuperDave. Once again I greatly appreciate your help, but I messed around a bit with my c drive, and I'm pretty sure I fixed the problem. I'll post back if anything goes wrong, but it hasn't frozen in normal mode for hours.

[SuperDave]

Please let me know. We still have some more work to do.