Computer crasbes when attempting to run/install virus software.

Computer stopped updating Trend Micro virus software on 5/5/09. Tried to switch to Kaspersky. Computer crashes with blue screen when online scanner attempts to run, or when KIS 2009 installation is attempted. Gaopdxcounter (Trojan.Agent) detected with Malwarebytes scan. Cannot quarantine or delete.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:34 PM, on 6/24/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2MW221O\Hijack(GP)This[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ErrorRepairPro] C:\Program Files\Error Repair Professional\autostart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: is-J8QJQ.lnk = C:\Users\Owner\Desktop\Virus Removal Tool2\is-J8QJQ\startup.exe
O4 - Startup: is-TCCFM.lnk = C:\Users\Owner\Desktop\Virus Removal Tool1\is-TCCFM\startup.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245897950964
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9c2ea9a8edec0) (gupdate1c9c2ea9a8edec0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10905 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

I've included two logs from the Malwarebytes scans. Each time it runs, it says the trojan was removed, but upon reboot, it reappears. Please advise.





Malwarebytes' Anti-Malware 1.37
Database version: 2297
Windows 6.0.6001 Service Pack 1

6/25/2009 9:30:02 AM
mbam-log-2009-06-25 (09-30-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 227704
Time elapsed: 54 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.37
Database version: 2297
Windows 6.0.6001 Service Pack 1

6/25/2009 10:57:26 AM
mbam-log-2009-06-25 (10-57-26).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 227337
Time elapsed: 53 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully.

Hello.
Can you not update MBAM? you have an old database and probably a rootkit present, which is why the file keeps regenerating.

Try updating MBAM first, and let me know what happens.

I am unable to update MBAM. I get Error code: 732 (12007). Update failed. Make sure firewall is set to allow...
My firewall is turned off, and I have no virus protection on the computer at this moment which would prevent an update. Have attempted multiple times to install KIS2009 but computer crashes every time during the installation.

Hello.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV. (a-sqaured)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

Here's the first half of the combofix text...


* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG
c:\users\Owner\eula.txt
c:\windows\system32\drivers\gaopdxvlonjftbelulftegxrswidcamtacvuvu.sys
c:\windows\system32\gaopdxmjbjtppiwkfahrckkqxhomxvqwujfdjq.dll
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-06-26 )))))))))))))))))))))))))))))))
.

2009-06-26 01:27 . 2009-06-26 01:27 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-06-26 01:09 . 2009-06-26 01:09 84 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.bat
2009-06-25 02:44 . 2009-06-25 02:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 02:43 . 2009-02-12 09:35 38208 ----a-w- c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-25 02:43 . 2009-06-25 02:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 02:42 . 2009-06-25 02:42 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-25 02:42 . 2009-06-25 13:22 -------- d-----w- c:\programdata\NOS
2009-06-25 02:42 . 2009-06-25 13:22 -------- d-----w- c:\program files\NOS
2009-06-25 02:40 . 2009-06-25 02:45 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2009-06-25 02:14 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-25 02:14 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 01:22 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-25 01:22 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-25 01:22 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-25 01:22 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-25 01:22 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-25 01:22 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-25 01:22 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-25 01:13 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-25 01:13 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-25 01:13 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-25 01:12 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-25 01:12 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-20 18:09 . 2009-06-20 18:09 -------- d-----w- c:\users\Owner\AppData\Local\Apple
2009-06-20 18:08 . 2009-06-20 18:08 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2009-06-18 12:46 . 2009-06-18 12:46 -------- d-----w- c:\program files\totalfix
2009-06-18 12:46 . 2009-06-18 12:46 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2009-06-18 12:45 . 2009-06-18 12:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 11:36 . 2009-06-25 13:31 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-18 03:20 . 2009-06-26 01:03 -------- d-----w- c:\program files\a-squared Free
2009-06-18 02:19 . 2009-06-18 02:19 -------- d-----w- c:\programdata\is-DF710
2009-06-18 01:55 . 2009-06-18 01:55 -------- d-----w- c:\programdata\is-J8QJQ
2009-06-18 00:34 . 2009-06-18 00:34 -------- d-----w- c:\program files\CCleaner
2009-06-17 01:46 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-17 01:46 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-17 01:42 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-17 01:42 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-17 01:42 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-16 21:06 . 2009-06-16 21:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-06-16 21:00 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-16 21:00 . 2009-06-25 13:31 -------- d-----w- c:\program files\Ken
2009-06-16 21:00 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-16 21:00 . 2009-06-16 21:00 -------- d-----w- c:\programdata\Malwarebytes
2009-06-16 20:55 . 2009-06-16 20:55 -------- d-----w- c:\users\Owner\New Folder
2009-06-16 15:23 . 2009-06-16 15:23 -------- d-----w- c:\programdata\is-B8IQC
2009-06-16 01:14 . 2009-06-16 01:14 -------- d-----w- c:\programdata\is-7GCHG
2009-06-16 00:37 . 2009-06-16 00:37 -------- d-----w- c:\programdata\is-TCCFM
2009-06-16 00:09 . 2009-06-16 00:09 -------- d-----w- c:\programdata\is-F15LU
2009-06-15 18:39 . 2009-06-15 18:39 -------- d-----w- c:\programdata\McAfee
2009-06-14 00:38 . 2009-06-14 00:38 -------- d-----w- c:\users\Owner\AppData\Local\MigWiz
2009-06-14 00:28 . 2009-06-14 00:28 -------- d-----w- c:\windows\BDOSCAN8
2009-06-13 16:15 . 2009-06-26 01:18 127229984 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-13 16:15 . 2009-06-17 12:27 32 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-13 16:04 . 2009-06-13 16:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-13 15:36 . 2009-06-18 00:29 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-12 12:13 . 2009-06-12 12:13 758088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 01:18 . 2009-06-13 16:15 373820 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-26 01:17 . 2006-12-18 18:49 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-25 14:41 . 2007-06-07 03:44 13025 ----a-w- c:\users\Owner\AppData\Roaming\nvModes.dat
2009-06-25 02:26 . 2007-10-18 14:26 680 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2009-06-25 01:47 . 2007-06-07 09:52 92016 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-25 01:37 . 2006-12-18 19:35 -------- d-----w- c:\programdata\Microsoft Help
2009-06-25 01:34 . 2006-12-18 19:32 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 00:52 . 2009-04-22 01:33 -------- d-----w- c:\programdata\Google Updater
2009-06-17 12:27 . 2009-06-13 16:15 32 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-17 12:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-13 15:51 . 2007-06-07 11:35 -------- d-----w- c:\program files\Trend Micro
2009-05-28 02:56 . 2007-06-24 05:48 -------- d-----w- c:\program files\Google
2009-05-26 22:32 . 2009-05-26 22:32 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-26 02:15 . 2006-12-18 19:40 -------- d-----w- c:\program files\HP
2009-04-16 01:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-14 21:21 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-04-14 21:21 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-04-02 21:29 . 2009-04-02 21:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-31 20:35 . 2009-04-25 00:04 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 22:30 . 2009-04-25 00:04 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2007-06-07 02:40 . 2007-06-07 02:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-12-10 323216]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-14 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-14 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-14 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
_uninst_.bat [2009-6-25 84]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]

Here's the second half of the combofix text


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{95ECDD01-AB84-4195-A36C-29147C571235}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{847B4D9A-56A3-49A5-9521-2D7585715908}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{90528E1E-A1FE-4A81-B793-12DCFBBD3662}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6B57F522-FAAD-41A8-B1C1-953062BF9446}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{60DEC888-F219-4253-B879-9DCB9F49D1E6}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{69766FF7-C030-44B6-941A-342BD87A0965}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6B858232-CDA8-4787-BC69-95686C88817A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{964A17A2-B864-49C4-AE05-C970AF48F245}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A86F8FF0-19C8-4804-AAD8-6F30F322CB77}"= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{4BD789D8-67FF-411E-BFC7-55ED99F8ADE8}"= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"TCP Query User{8299AEB9-26D8-49E9-9BE7-EFC672FB2327}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{72B9E37A-DD0A-4003-A64F-3E47FF55D0C7}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{034C687C-BD08-43AC-A4AA-FAFB0156B64E}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{FC97A59A-3BDB-46EA-815C-8111120D61D8}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{920FBB7D-3F2E-4DE9-8220-F7ABF093ECF1}c:\\program files\\deer hunter 4\\deer hunter 4.exe"= UDP:c:\program files\deer hunter 4\deer hunter 4.exe:Deer Hunter 4
"UDP Query User{AFB4B7BD-1A80-4661-8FFA-D3C16BDC863F}c:\\program files\\deer hunter 4\\deer hunter 4.exe"= TCP:c:\program files\deer hunter 4\deer hunter 4.exe:Deer Hunter 4
"TCP Query User{6E0AAADC-5BFE-41A9-B2FD-AB5E7B5C8F95}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{7EBB2C14-EE84-4F3B-B3C2-5D1529983D86}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{50B92401-166F-456F-81EE-F409E6A4BC69}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\f46lmf38\\wow-burningcrusade-trial-enus-installer-downloader[1].exe"= UDP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\f46lmf38\wow-burningcrusade-trial-enus-installer-downloader[1].exe:wow-burningcrusade-trial-enus-installer-downloader[1].exe
"UDP Query User{AEE831E3-27C8-4D9A-986D-DC0BAE04BBB2}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\f46lmf38\\wow-burningcrusade-trial-enus-installer-downloader[1].exe"= TCP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\f46lmf38\wow-burningcrusade-trial-enus-installer-downloader[1].exe:wow-burningcrusade-trial-enus-installer-downloader[1].exe
"TCP Query User{E71F942F-E80B-4E39-898F-0CD974D033B4}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\d5q83odx\\wow-intro-enus-downloader[1].exe"= UDP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5q83odx\wow-intro-enus-downloader[1].exe:wow-intro-enus-downloader[1].exe
"UDP Query User{E9508784-EA8F-498E-B4A6-FE1E58506A5B}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\d5q83odx\\wow-intro-enus-downloader[1].exe"= TCP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5q83odx\wow-intro-enus-downloader[1].exe:wow-intro-enus-downloader[1].exe
"{B7C47F81-E4BD-4A30-90AB-570C03882092}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C65FCF53-678B-4E86-99A2-04B1C39FE298}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B0B2A1FA-A48C-47E4-BD32-F929821B299C}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{DEFEF03B-D58D-4C21-ACF4-9017B17BF2C2}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{9FBAF5E8-978A-4505-BF9A-E0908DC723A9}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"TCP Query User{F12B9353-173D-41EC-B405-07E2D1AC1B07}c:\\program files\\ruckus player\\ruckus.exe"= UDP:c:\program files\ruckus player\ruckus.exe:Ruckus Player
"UDP Query User{A81E5C69-FC1C-48B7-8A8F-570F3BEDE61C}c:\\program files\\ruckus player\\ruckus.exe"= TCP:c:\program files\ruckus player\ruckus.exe:Ruckus Player
"{6CFAD591-4800-4271-98B1-CF94E4F8F87F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{767FF138-755A-467E-918A-D0F3909BBB91}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EAD73A3C-70B7-4ED5-A2D0-C4798EA6F5A2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D12D7920-B9BE-4C58-85CE-0C6E32517D30}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E6C9A4C1-E3C1-4C62-93A1-B81A39D94633}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{054B7AE0-3FD1-4B55-AC74-43996D9F1891}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D004946D-5AA8-40BC-A4A1-F250A6AAFBC1}c:\\users\\public\\world of warcraft\\launcher.exe"= UDP:c:\users\public\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{0EDE9FA8-6E64-45FF-99BB-0D003617F842}c:\\users\\public\\world of warcraft\\launcher.exe"= TCP:c:\users\public\world of warcraft\launcher.exe:Blizzard Launcher
"{562FC53F-8C1D-4F40-B75E-8F1A1F02C862}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B460501-94FE-49AE-9185-148A92048769}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C5A87238-9498-4ABA-8389-6A70CDF4F6D7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CF32F97A-29BD-4013-A904-2BBB458AAD24}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

S2 gupdate1c9c2ea9a8edec0;Google Update Service (gupdate1c9c2ea9a8edec0);c:\program files\Google\Update\GoogleUpdate.exe [4/21/2009 8:35 PM 133104]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [4/3/2007 10:43 AM 1131136]

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\programdata\is-DF710
c:\programdata\is-J8QJQ
c:\programdata\is-B8IQC
c:\programdata\is-7GCHG
c:\programdata\is-TCCFM
c:\programdata\is-F15LU

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Here is the first half of the log:


ComboFix 09-06-26.02 - Owner 06/28/2009 15:15.3 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.1.1033.18.958.254 [GMT -5:00]
Running from: c:\users\Owner\Desktop\Combo-Fixit.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-27 18:29 . 2009-06-27 18:30 -------- d-----w- c:\users\Owner\AppData\Local\QuickPlay
2009-06-27 17:19 . 2009-06-27 17:19 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-26 15:39 . 2009-06-26 15:39 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-06-26 15:39 . 2009-06-26 15:39 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-06-26 15:39 . 2009-06-26 15:39 206088 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-06-26 15:39 . 2009-06-26 15:39 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-06-26 15:17 . 2009-06-26 17:13 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-26 15:17 . 2009-06-26 17:13 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-26 15:16 . 2009-06-28 18:05 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-26 15:16 . 2009-06-26 15:16 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-26 01:29 . 2009-06-28 20:22 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-06-26 01:12 . 2009-06-28 19:36 -------- d-s---w- C:\Combo-Fix
2009-06-25 02:44 . 2009-06-25 02:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 02:43 . 2009-02-12 09:35 38208 ----a-w- c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-25 02:43 . 2009-06-25 02:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 02:42 . 2009-06-25 02:42 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-25 02:42 . 2009-06-25 13:22 -------- d-----w- c:\programdata\NOS
2009-06-25 02:42 . 2009-06-25 13:22 -------- d-----w- c:\program files\NOS
2009-06-25 02:40 . 2009-06-25 02:45 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2009-06-25 02:14 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-25 02:14 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 01:22 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-25 01:22 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-25 01:22 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-25 01:22 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-25 01:22 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-25 01:22 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-25 01:22 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-25 01:13 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-25 01:13 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-25 01:13 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-25 01:12 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-25 01:12 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-20 18:09 . 2009-06-20 18:09 -------- d-----w- c:\users\Owner\AppData\Local\Apple
2009-06-20 18:08 . 2009-06-20 18:08 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2009-06-18 12:46 . 2009-06-18 12:46 -------- d-----w- c:\program files\totalfix
2009-06-18 12:46 . 2009-06-18 12:46 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2009-06-18 12:45 . 2009-06-18 12:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-18 02:19 . 2009-06-18 02:19 -------- d-----w- c:\programdata\is-DF710
2009-06-18 01:55 . 2009-06-18 01:55 -------- d-----w- c:\programdata\is-J8QJQ
2009-06-17 01:46 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-17 01:46 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-17 01:42 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-17 01:42 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-17 01:42 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-16 21:06 . 2009-06-16 21:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-06-16 21:00 . 2009-06-16 21:00 -------- d-----w- c:\programdata\Malwarebytes
2009-06-16 20:55 . 2009-06-16 20:55 -------- d-----w- c:\users\Owner\New Folder
2009-06-16 15:23 . 2009-06-16 15:23 -------- d-----w- c:\programdata\is-B8IQC
2009-06-16 01:14 . 2009-06-16 01:14 -------- d-----w- c:\programdata\is-7GCHG
2009-06-16 00:37 . 2009-06-16 00:37 -------- d-----w- c:\programdata\is-TCCFM
2009-06-16 00:09 . 2009-06-16 00:09 -------- d-----w- c:\programdata\is-F15LU
2009-06-15 18:39 . 2009-06-15 18:39 -------- d-----w- c:\programdata\McAfee
2009-06-14 00:38 . 2009-06-14 00:38 -------- d-----w- c:\users\Owner\AppData\Local\MigWiz
2009-06-14 00:28 . 2009-06-14 00:28 -------- d-----w- c:\windows\BDOSCAN8
2009-06-13 16:15 . 2009-06-28 20:18 647200 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-06-13 16:15 . 2009-06-28 03:38 127229984 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-13 16:04 . 2009-06-13 16:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-06-13 15:36 . 2009-06-18 00:29 410984 ----a-w- c:\windows\system32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 20:15 . 2009-06-13 16:15 3292 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-28 18:05 . 2009-04-22 01:33 -------- d-----w- c:\programdata\Google Updater
2009-06-28 03:38 . 2009-06-13 16:15 373820 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-06-28 03:37 . 2006-12-18 18:49 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-27 20:29 . 2007-06-24 05:48 -------- d-----w- c:\program files\Google
2009-06-27 19:24 . 2007-06-07 03:44 13025 ----a-w- c:\users\Owner\AppData\Roaming\nvModes.dat
2009-06-27 18:28 . 2006-12-18 19:41 -------- d-----w- c:\programdata\CyberLink
2009-06-27 18:24 . 2006-12-18 19:40 -------- d-----w- c:\program files\HP
2009-06-27 18:23 . 2006-12-18 19:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 18:07 . 2006-12-18 19:07 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-27 18:04 . 2007-06-07 09:46 -------- d-----w- c:\users\Owner\AppData\Roaming\Hewlett-Packard
2009-06-27 17:28 . 2006-12-18 20:07 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-26 15:39 . 2008-01-29 23:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-25 02:26 . 2007-10-18 14:26 680 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2009-06-25 01:47 . 2007-06-07 09:52 92016 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-25 01:37 . 2006-12-18 19:35 -------- d-----w- c:\programdata\Microsoft Help
2009-06-25 01:34 . 2006-12-18 19:32 -------- d-----w- c:\program files\Microsoft Works
2009-06-17 12:26 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-26 22:32 . 2009-05-26 22:32 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-04-16 01:15 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-04-14 21:21 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-04-14 21:21 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-04-02 21:29 . 2009-04-02 21:29 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-31 20:35 . 2009-04-25 00:04 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 22:30 . 2009-04-25 00:04 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2007-06-07 02:40 . 2007-06-07 02:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-12-10 323216]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-06-26 206088]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{95ECDD01-AB84-4195-A36C-29147C571235}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{847B4D9A-56A3-49A5-9521-2D7585715908}"= UDP:c:\program files\HP\QuickPlay\QP.exe:_this_program_will_be_deleted
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6B57F522-FAAD-41A8-B1C1-953062BF9446}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{60DEC888-F219-4253-B879-9DCB9F49D1E6}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{69766FF7-C030-44B6-941A-342BD87A0965}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6B858232-CDA8-4787-BC69-95686C88817A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{964A17A2-B864-49C4-AE05-C970AF48F245}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A86F8FF0-19C8-4804-AAD8-6F30F322CB77}"= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{4BD789D8-67FF-411E-BFC7-55ED99F8ADE8}"= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft

Here is the second half of the log...


"TCP Query User{8299AEB9-26D8-49E9-9BE7-EFC672FB2327}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{72B9E37A-DD0A-4003-A64F-3E47FF55D0C7}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{034C687C-BD08-43AC-A4AA-FAFB0156B64E}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{FC97A59A-3BDB-46EA-815C-8111120D61D8}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{920FBB7D-3F2E-4DE9-8220-F7ABF093ECF1}c:\\program files\\deer hunter 4\\deer hunter 4.exe"= UDP:c:\program files\deer hunter 4\deer hunter 4.exe:Deer Hunter 4
"UDP Query User{AFB4B7BD-1A80-4661-8FFA-D3C16BDC863F}c:\\program files\\deer hunter 4\\deer hunter 4.exe"= TCP:c:\program files\deer hunter 4\deer hunter 4.exe:Deer Hunter 4
"TCP Query User{6E0AAADC-5BFE-41A9-B2FD-AB5E7B5C8F95}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{7EBB2C14-EE84-4F3B-B3C2-5D1529983D86}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{50B92401-166F-456F-81EE-F409E6A4BC69}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\f46lmf38\\wow-burningcrusade-trial-enus-installer-downloader[1].exe"= UDP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\f46lmf38\wow-burningcrusade-trial-enus-installer-downloader[1].exe:wow-burningcrusade-trial-enus-installer-downloader[1].exe
"UDP Query User{AEE831E3-27C8-4D9A-986D-DC0BAE04BBB2}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\f46lmf38\\wow-burningcrusade-trial-enus-installer-downloader[1].exe"= TCP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\f46lmf38\wow-burningcrusade-trial-enus-installer-downloader[1].exe:wow-burningcrusade-trial-enus-installer-downloader[1].exe
"TCP Query User{E71F942F-E80B-4E39-898F-0CD974D033B4}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\d5q83odx\\wow-intro-enus-downloader[1].exe"= UDP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5q83odx\wow-intro-enus-downloader[1].exe:wow-intro-enus-downloader[1].exe
"UDP Query User{E9508784-EA8F-498E-B4A6-FE1E58506A5B}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\d5q83odx\\wow-intro-enus-downloader[1].exe"= TCP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5q83odx\wow-intro-enus-downloader[1].exe:wow-intro-enus-downloader[1].exe
"{B7C47F81-E4BD-4A30-90AB-570C03882092}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C65FCF53-678B-4E86-99A2-04B1C39FE298}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B0B2A1FA-A48C-47E4-BD32-F929821B299C}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{DEFEF03B-D58D-4C21-ACF4-9017B17BF2C2}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{9FBAF5E8-978A-4505-BF9A-E0908DC723A9}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"TCP Query User{F12B9353-173D-41EC-B405-07E2D1AC1B07}c:\\program files\\ruckus player\\ruckus.exe"= UDP:c:\program files\ruckus player\ruckus.exe:Ruckus Player
"UDP Query User{A81E5C69-FC1C-48B7-8A8F-570F3BEDE61C}c:\\program files\\ruckus player\\ruckus.exe"= TCP:c:\program files\ruckus player\ruckus.exe:Ruckus Player
"{6CFAD591-4800-4271-98B1-CF94E4F8F87F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{767FF138-755A-467E-918A-D0F3909BBB91}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EAD73A3C-70B7-4ED5-A2D0-C4798EA6F5A2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D12D7920-B9BE-4C58-85CE-0C6E32517D30}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E6C9A4C1-E3C1-4C62-93A1-B81A39D94633}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{054B7AE0-3FD1-4B55-AC74-43996D9F1891}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{D004946D-5AA8-40BC-A4A1-F250A6AAFBC1}c:\\users\\public\\world of warcraft\\launcher.exe"= UDP:c:\users\public\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{0EDE9FA8-6E64-45FF-99BB-0D003617F842}c:\\users\\public\\world of warcraft\\launcher.exe"= TCP:c:\users\public\world of warcraft\launcher.exe:Blizzard Launcher
"{562FC53F-8C1D-4F40-B75E-8F1A1F02C862}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B460501-94FE-49AE-9185-148A92048769}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C5A87238-9498-4ABA-8389-6A70CDF4F6D7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CF32F97A-29BD-4013-A904-2BBB458AAD24}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FE40C665-E3A2-4500-927D-C44FB9762060}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{67CAC3A4-C959-4A63-B6F1-A5E3CD581B5B}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [7/9/2008 6:28 PM 20496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
S2 gupdate1c9c2ea9a8edec0;Google Update Service (gupdate1c9c2ea9a8edec0);c:\program files\Google\Update\GoogleUpdate.exe [4/21/2009 8:35 PM 133104]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [4/3/2007 10:43 AM 1131136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-24 01:33]

2009-06-28 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 01:34]

2009-06-28 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]

2009-06-28 c:\windows\Tasks\User_Feed_Synchronization-{4ADE60B6-83F0-4345-9AE9-C09A30B039C9}.job
- c:\windows\system32\msfeedssync.exe [2009-06-25 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-28 15:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1583243981-2661809924-717926472-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,36,c7,ba,6a,ad,9e,b8,99,4c,0e,58,d5,a9,a7,e3,33,a3,8a,19,63,ed,a5,
bc,5e,9d,33,4a,2a,aa,06,31,88,b6,2d,09,42,ae,25,9c,ca,db,50,53,5b,14,88,08,\
"??"=hex:b2,11,50,ee,af,8d,c3,1f,c2,a9,b4,bf,cb,11,2f,7a

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4424)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-06-28 15:24
ComboFix-quarantined-files.txt 2009-06-28 20:24
ComboFix2.txt 2009-06-28 20:01
ComboFix3.txt 2009-06-26 01:29

Pre-Run: 52,387,426,304 bytes free
Post-Run: 52,356,751,360 bytes free

281 --- E O F --- 2009-06-26 13:45

I was able to install KIS2009, but I am still unable to update necessary Microsoft security updates. Computer won't allow an internet connection for this action. Otherwise, internet works fine.

Hello, it seems you didn't run the script correctly as those items are still their. Can you do this step again and remember to save it as CFScript.txt exactly:

Origin wrote:

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\programdata\is-DF710
c:\programdata\is-J8QJQ
c:\programdata\is-B8IQC
c:\programdata\is-7GCHG
c:\programdata\is-TCCFM
c:\programdata\is-F15LU

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

I did what you asked. The resulting log was so long. The computer seems to work fine now. How do I remove Combofix from my Vista system?

Here is the latest log from Combofix, as you said, I hope...


ComboFix 09-07-14.08 - Owner 07/16/2009 21:13.5.2 - NTFSx86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.958.273 [GMT -5:00]
Running from: c:\combo-fix\Combo-Fixit.exe
Command switches used :: c:\combo-fix\CFScript_used_2009-07-14_14.33.48.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.

2009-07-15 00:53 . 2009-07-15 00:53 -------- d-----w- c:\program files\iPod
2009-07-15 00:53 . 2009-07-15 00:53 -------- d-----w- c:\program files\iTunes
2009-07-15 00:50 . 2009-07-15 00:51 -------- d-----w- c:\program files\QuickTime
2009-07-15 00:44 . 2009-07-15 00:44 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-07-14 19:24 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 19:24 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 19:24 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 19:24 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 19:24 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-02 04:12 . 2009-07-02 04:13 -------- d-----w- c:\windows\system32\ca-ES
2009-07-02 04:12 . 2009-07-02 04:13 -------- d-----w- c:\windows\system32\eu-ES
2009-07-02 04:12 . 2009-07-02 04:13 -------- d-----w- c:\windows\system32\vi-VN
2009-07-02 03:47 . 2009-07-02 03:47 -------- d-----w- c:\windows\system32\EventProviders
2009-07-02 03:44 . 2009-02-18 18:38 619864 ----a-w- c:\windows\system32\icardagt.exe
2009-07-02 03:43 . 2009-04-11 06:28 1856512 ----a-w- c:\windows\system32\dbgeng.dll
2009-07-02 03:42 . 2009-04-11 06:28 723968 ----a-w- c:\windows\system32\powercpl.dll
2009-07-02 03:41 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-02 03:41 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-02 03:41 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-02 03:41 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-02 03:41 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-02 03:41 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-02 03:41 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-02 03:41 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-02 03:41 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-02 03:41 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-02 03:41 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-27 18:29 . 2009-06-27 18:30 -------- d-----w- c:\users\Owner\AppData\Local\QuickPlay
2009-06-27 17:19 . 2009-06-27 17:19 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-26 15:39 . 2009-06-26 15:39 44808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\fssync.dll
2009-06-26 15:39 . 2009-06-26 15:39 33808 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\klbg.sys
2009-06-26 15:39 . 2009-06-26 15:39 206088 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\avp.exe
2009-06-26 15:39 . 2009-06-26 15:39 224272 ----a-w- c:\programdata\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.454\Vista\klif.sys
2009-06-26 15:17 . 2009-06-26 17:13 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-26 15:17 . 2009-06-26 17:13 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-26 15:16 . 2009-07-17 00:47 -------- d-----w- c:\programdata\Kaspersky Lab
2009-06-26 15:16 . 2009-06-26 15:16 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-26 01:29 . 2009-07-17 02:21 -------- d-----w- c:\users\Owner\AppData\Local\temp
2009-06-26 01:12 . 2009-07-17 02:13 -------- d-s---w- C:\Combo-Fix
2009-06-25 02:44 . 2009-06-25 02:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 02:43 . 2009-02-12 09:35 38208 ----a-w- c:\users\Owner\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-25 02:43 . 2009-06-25 02:43 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-25 02:42 . 2009-06-25 02:42 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-25 02:42 . 2009-06-25 13:22 -------- d-----w- c:\programdata\NOS
2009-06-25 02:42 . 2009-06-25 13:22 -------- d-----w- c:\program files\NOS
2009-06-25 02:40 . 2009-06-25 02:45 -------- d-----w- c:\users\Owner\AppData\Local\Adobe
2009-06-25 02:14 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-25 02:14 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 01:13 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-20 18:09 . 2009-06-20 18:09 -------- d-----w- c:\users\Owner\AppData\Local\Apple
2009-06-20 18:08 . 2009-06-20 18:08 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer
2009-06-18 12:46 . 2009-06-18 12:46 -------- d-----w- c:\program files\totalfix
2009-06-18 12:46 . 2009-06-18 12:46 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2009-06-18 12:45 . 2009-06-18 12:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 00:43 . 2009-06-13 16:15 720928 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-17 00:43 . 2009-06-13 16:15 373820 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-17 00:43 . 2009-06-13 16:15 3544 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-07-17 00:43 . 2009-06-13 16:15 127229984 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-17 00:42 . 2006-12-18 18:49 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-17 00:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-17 00:32 . 2009-04-22 01:33 -------- d-----w- c:\programdata\Google Updater
2009-07-15 00:53 . 2007-07-13 05:46 -------- d-----w- c:\program files\Common Files\Apple
2009-07-02 04:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-02 04:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-02 04:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-07-02 04:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-02 04:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-02 04:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-02 04:12 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-02 04:10 . 2009-07-02 04:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-02 03:59 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-30 20:36 . 2009-07-14 19:59 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe
2009-06-30 20:10 . 2009-07-14 19:59 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe
2009-06-30 20:03 . 2009-07-14 19:59 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-06-30 17:44 . 2009-07-14 19:59 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe
2009-06-27 20:29 . 2007-06-24 05:48 -------- d-----w- c:\program files\Google
2009-06-27 19:24 . 2007-06-07 03:44 13025 ----a-w- c:\users\Owner\AppData\Roaming\nvModes.dat
2009-06-27 18:28 . 2006-12-18 19:41 -------- d-----w- c:\programdata\CyberLink
2009-06-27 18:24 . 2006-12-18 19:40 -------- d-----w- c:\program files\HP
2009-06-27 18:23 . 2006-12-18 19:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-27 18:07 . 2006-12-18 19:07 -------- d-----w- c:\program files\Hewlett-Packard
2009-06-27 18:04 . 2007-06-07 09:46 -------- d-----w- c:\users\Owner\AppData\Roaming\Hewlett-Packard
2009-06-27 17:28 . 2006-12-18 20:07 -------- d-----w- c:\programdata\Hewlett-Packard
2009-06-26 23:36 . 2009-07-14 19:59 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe
2009-06-26 15:39 . 2008-01-29 23:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-25 02:26 . 2007-10-18 14:26 680 ----a-w- c:\users\Owner\AppData\Local\d3d9caps.dat
2009-06-25 01:47 . 2007-06-07 09:52 92016 ----a-w- c:\users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-25 01:37 . 2006-12-18 19:35 -------- d-----w- c:\programdata\Microsoft Help
2009-06-25 01:34 . 2006-12-18 19:32 -------- d-----w- c:\program files\Microsoft Works
2009-06-18 00:29 . 2009-06-13 15:36 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-16 21:06 . 2009-06-16 21:06 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2009-06-16 21:00 . 2009-06-16 21:00 -------- d-----w- c:\programdata\Malwarebytes
2009-06-15 18:39 . 2009-06-15 18:39 -------- d-----w- c:\programdata\McAfee
2009-06-13 16:04 . 2009-06-13 16:04 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-05-26 22:32 . 2009-05-26 22:32 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-04-23 12:15 . 2009-06-17 01:42 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-17 01:42 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-17 01:42 2034688 ----a-w- c:\windows\system32\win32k.sys
2007-06-07 02:40 . 2007-06-07 02:40 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot_2009-07-14_19.43.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 19:24 . 2009-06-15 14:58 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\lpk.dll
+ 2009-07-14 19:24 . 2009-06-15 14:58 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\fontsub.dll
+ 2009-07-14 19:24 . 2009-06-15 14:58 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\dciman32.dll
+ 2009-07-14 19:24 . 2009-06-15 12:45 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmlib.dll
+ 2009-07-14 19:24 . 2009-06-15 14:52 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\lpk.dll
+ 2009-07-14 19:24 . 2009-06-15 14:52 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\fontsub.dll
+ 2009-07-14 19:24 . 2009-06-15 14:51 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\dciman32.dll
+ 2009-07-14 19:24 . 2009-06-15 15:22 23552 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\lpk.dll
+ 2009-07-14 19:24 . 2009-06-15 15:20 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\fontsub.dll
+ 2009-07-14 19:24 . 2009-06-15 15:19 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\dciman32.dll
+ 2009-07-14 19:24 . 2009-06-15 15:19 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmlib.dll
+ 2009-07-14 19:24 . 2009-06-15 15:20 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\fontsub.dll
+ 2009-07-14 19:24 . 2009-06-15 15:20 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\dciman32.dll
+ 2009-07-14 19:24 . 2009-06-15 15:04 24064 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\lpk.dll
+ 2009-07-14 19:24 . 2009-06-15 15:03 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\fontsub.dll
+ 2009-07-14 19:24 . 2009-06-15 15:02 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\dciman32.dll
+ 2009-07-14 19:24 . 2009-06-15 15:02 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmlib.dll
+ 2009-07-14 19:24 . 2009-06-15 15:23 24064 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\lpk.dll
+ 2009-07-14 19:24 . 2009-06-15 15:22 72704 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\fontsub.dll
+ 2009-07-14 19:24 . 2009-06-15 15:21 10240 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\dciman32.dll
+ 2009-07-14 19:24 . 2009-06-15 15:20 34304 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmlib.dll
+ 2006-12-18 19:07 . 2009-07-17 00:47 55186 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-17 00:47 67346 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-06-07 09:46 . 2009-07-17 00:47 12186 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1583243981-2661809924-717926472-1000_UserData.bin
+ 2009-06-05 16:42 . 2009-06-05 16:42 39424 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_867e7481\usbaapl.sys
+ 2009-06-05 16:42 . 2009-06-05 16:42 17408 c:\windows\System32\DriverStore\FileRepository\netaapl.inf_56082f61\netaapl.sys
- 2007-06-07 09:42 . 2009-07-14 19:23 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-06-07 09:42 . 2009-07-17 00:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-06-07 09:42 . 2009-07-14 19:23 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-07 09:42 . 2009-07-17 00:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-06-07 09:42 . 2009-07-14 19:23 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-06-07 09:42 . 2009-07-17 00:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-06-20 15:45 . 2009-07-14 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-06-20 15:45 . 2009-07-01 02:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-06-20 15:45 . 2009-07-01 02:52 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-06-20 15:45 . 2009-07-14 21:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Fi

+ 2007-06-20 15:45 . 2009-07-14 21:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-06-20 15:45 . 2009-07-01 02:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-12-02 19:18 . 2005-12-02 19:18 29184 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\ResetFileTime.exe
+ 2009-04-14 22:00 . 2009-04-14 22:00 94208 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\HPDownload.exe
+ 2008-11-12 04:15 . 2008-11-12 04:15 16296 c:\windows\Installer\$PatchCache$\Managed\AA73C45227B60034486F898A429181E7\3.0.0\hpdom.wsf
+ 2006-11-02 10:25 . 2009-07-15 00:48 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-07-02 04:20 51200 c:\windows\inf\infpub.dat
- 2009-07-03 14:40 . 2009-07-14 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-17 00:45 . 2009-07-17 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-17 00:45 . 2009-07-17 00:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-03 14:40 . 2009-07-14 19:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 19:24 . 2009-06-15 12:45 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.22152_none_ac0f1dd570f10812\atmfd.dll
+ 2009-07-14 19:24 . 2009-06-15 12:42 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6002.18051_none_ab8480c057d44ef1\atmfd.dll
+ 2009-07-14 19:24 . 2009-06-15 12:56 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.22450_none_aa26ab5973cc8040\atmfd.dll
+ 2009-07-14 19:24 . 2009-06-15 12:52 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6001.18272_none_a9896d645abd4ddf\atmfd.dll
+ 2009-07-14 19:24 . 2009-06-15 12:53 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.21067_none_a83c750976a7f2bc\atmfd.dll
+ 2009-07-14 19:24 . 2009-06-15 13:03 289792 c:\windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16870_none_a7a12e2a5d988a40\atmfd.dll
+ 2009-07-14 19:24 . 2009-06-15 15:00 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.22152_none_b7fc28a4355e72c9\t2embed.dll
+ 2009-07-14 19:24 . 2009-06-15 14:53 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6002.18051_none_b7718b8f1c41b9a8\t2embed.dll
+ 2009-07-14 19:24 . 2009-06-15 15:26 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.22450_none_b613b6283839eaf7\t2embed.dll
+ 2009-07-14 19:24 . 2009-06-15 15:24 156672 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6001.18272_none_b57678331f2ab896\t2embed.dll
+ 2009-07-14 19:24 . 2009-06-15 15:09 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.21067_none_b4297fd83b155d73\t2embed.dll
+ 2009-07-14 19:24 . 2009-06-15 15:29 156160 c:\windows\winsxs\x86_microsoft-windows-font-embedding_31bf3856ad364e35_6.0.6000.16870_none_b38e38f92205f4f7\t2embed.dll
- 2006-11-02 10:33 . 2009-07-14 19:19 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-17 00:52 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-14 19:19 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-17 00:52 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 12:47 . 2009-07-02 04:17 351920 c:\windows\System32\FNTCACHE.DAT
+ 2006-11-02 12:47 . 2009-07-17 00:44 351920 c:\windows\System32\FNTCACHE.DAT
+ 2009-07-14 19:58 . 2009-07-14 19:58 323072 c:\windows\Installer\2a9187.msi
+ 2009-07-15 00:53 . 2009-07-15 00:53 102400 c:\windows\Installer\{5D601655-6D54-4384-B52C-17EC5385FBBD}\iTunesIco.exe
- 2006-11-02 10:25 . 2009-07-02 04:20 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-07-15 00:48 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-07-15 00:48 143360 c:\windows\inf\infstor.dat
+ 2009-07-14 19:24 . 2009-06-17 08:02 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22160_none_f4b74f0181eee730\OESpamFilter.dat
+ 2009-07-14 19:24 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18056_none_f43e83de68c3c37f\OESpamFilter.dat
+ 2009-07-14 19:24 . 2009-06-17 07:30 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22459_none_f2e4af9f84b85a2a\OESpamFilter.dat
+ 2009-07-14 19:24 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18278_none_f24470cc6babdbc4\OESpamFilter.dat
+ 2009-07-14 19:24 . 2009-06-17 07:35 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.21074_none_f0e3a5eb87a6b883\OESpamFilter.dat
+ 2009-07-14 19:24 . 2009-06-17 07:36 2409776 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16876_none_f05c31926e871825\OESpamFilter.dat
+ 2006-11-02 10:22 . 2009-07-17 00:57 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2009-07-14 19:21 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-06-05 16:42 . 2009-06-05 16:42 2060288 c:\windows\System32\DriverStore\FileRepository\usbaapl.inf_867e7481\usbaaplrc.dll
+ 2009-06-05 16:42 . 2009-06-05 16:42 1419232 c:\windows\System32\DriverStore\FileRepository\netaapl.inf_56082f61\wdfcoinstaller01005.dll
- 2008-03-29 06:39 . 2009-07-02 04:36 1232728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-03-29 06:39 . 2009-07-17 00:42 1232728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-15 00:53 . 2009-07-15 00:53 4074496 c:\windows\Installer\18e563.msi
+ 2009-07-15 00:50 . 2009-07-15 00:50 8992256 c:\windows\Installer\18e22e.msi
+ 2009-07-15 00:48 . 2009-07-15 00:48 3295232 c:\windows\Installer\18df5d.msi
- 2009-07-14 19:32 . 2009-07-14 19:32 6471680 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-07-14 19:32 . 2009-07-17 02:12 6471680 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2006-11-02 10:24 . 2009-07-07 15:10 24539592 c:\windows\System32\mrt.exe
+ 2009-06-18 11:28 . 2009-07-17 00:42 224717047 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-12-10 323216]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-06-26 206088]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-02-28 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-28 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-02-28 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):27,4e,7f,8c,cc,fa,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{95ECDD01-AB84-4195-A36C-29147C571235}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{847B4D9A-56A3-49A5-9521-2D7585715908}"= UDP:c:\program files\HP\QuickPlay\QP.exe:_this_program_will_be_deleted
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6B57F522-FAAD-41A8-B1C1-953062BF9446}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{60DEC888-F219-4253-B879-9DCB9F49D1E6}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{69766FF7-C030-44B6-941A-342BD87A0965}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6B858232-CDA8-4787-BC69-95686C88817A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{964A17A2-B864-49C4-AE05-C970AF48F245}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{A86F8FF0-19C8-4804-AAD8-6F30F322CB77}"= UDP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"{4BD789D8-67FF-411E-BFC7-55ED99F8ADE8}"= TCP:c:\program files\World of Warcraft\Launcher.exe:World of Warcraft
"TCP Query User{8299AEB9-26D8-49E9-9BE7-EFC672FB2327}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{72B9E37A-DD0A-4003-A64F-3E47FF55D0C7}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"{034C687C-BD08-43AC-A4AA-FAFB0156B64E}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{FC97A59A-3BDB-46EA-815C-8111120D61D8}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{920FBB7D-3F2E-4DE9-8220-F7ABF093ECF1}c:\\program files\\deer hunter 4\\deer hunter 4.exe"= UDP:c:\program files\deer hunter 4\deer hunter 4.exe:Deer Hunter 4
"UDP Query User{AFB4B7BD-1A80-4661-8FFA-D3C16BDC863F}c:\\program files\\deer hunter 4\\deer hunter 4.exe"= TCP:c:\program files\deer hunter 4\deer hunter 4.exe:Deer Hunter 4
"TCP Query User{6E0AAADC-5BFE-41A9-B2FD-AB5E7B5C8F95}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{7EBB2C14-EE84-4F3B-B3C2-5D1529983D86}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"TCP Query User{50B92401-166F-456F-81EE-F409E6A4BC69}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\f46lmf38\\wow-burningcrusade-trial-enus-installer-downloader[1].exe"= UDP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\f46lmf38\wow-burningcrusade-trial-enus-installer-downloader[1].exe:wow-burningcrusade-trial-enus-installer-downloader[1].exe
"UDP Query User{AEE831E3-27C8-4D9A-986D-DC0BAE04BBB2}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\f46lmf38\\wow-burningcrusade-trial-enus-installer-downloader[1].exe"= TCP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\f46lmf38\wow-burningcrusade-trial-enus-installer-downloader[1].exe:wow-burningcrusade-trial-enus-installer-downloader[1].exe
"TCP Query User{E71F942F-E80B-4E39-898F-0CD974D033B4}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\d5q83odx\\wow-intro-enus-downloader[1].exe"= UDP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5q83odx\wow-intro-enus-downloader[1].exe:wow-intro-enus-downloader[1].exe
"UDP Query User{E9508784-EA8F-498E-B4A6-FE1E58506A5B}c:\\users\\owner\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\d5q83odx\\wow-intro-enus-downloader[1].exe"= TCP:c:\users\owner\appdata\local\microsoft\windows\temporary internet files\content.ie5\d5q83odx\wow-intro-enus-downloader[1].exe:wow-intro-enus-downloader[1].exe
"{B7C47F81-E4BD-4A30-90AB-570C03882092}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C65FCF53-678B-4E86-99A2-04B1C39FE298}"= UDP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B0B2A1FA-A48C-47E4-BD32-F929821B299C}"= TCP:c:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{DEFEF03B-D58D-4C21-ACF4-9017B17BF2C2}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{9FBAF5E8-978A-4505-BF9A-E0908DC723A9}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"TCP Query User{F12B9353-173D-41EC-B405-07E2D1AC1B07}c:\\program files\\ruckus player\\ruckus.exe"= UDP:c:\program files\ruckus player\ruckus.exe:Ruckus Player
"UDP Query User{A81E5C69-FC1C-48B7-8A8F-570F3BEDE61C}c:\\program files\\ruckus player\\ruckus.exe"= TCP:c:\program files\ruckus player\ruckus.exe:Ruckus Player
"{6CFAD591-4800-4271-98B1-CF94E4F8F87F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{767FF138-755A-467E-918A-D0F3909BBB91}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EAD73A3C-70B7-4ED5-A2D0-C4798EA6F5A2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D12D7920-B9BE-4C58-85CE-0C6E32517D30}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{D004946D-5AA8-40BC-A4A1-F250A6AAFBC1}c:\\users\\public\\world of warcraft\\launcher.exe"= UDP:c:\users\public\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{0EDE9FA8-6E64-45FF-99BB-0D003617F842}c:\\users\\public\\world of warcraft\\launcher.exe"= TCP:c:\users\public\world of warcraft\launcher.exe:Blizzard Launcher
"{562FC53F-8C1D-4F40-B75E-8F1A1F02C862}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{0B460501-94FE-49AE-9185-148A92048769}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C5A87238-9498-4ABA-8389-6A70CDF4F6D7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{CF32F97A-29BD-4013-A904-2BBB458AAD24}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{FE40C665-E3A2-4500-927D-C44FB9762060}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{67CAC3A4-C959-4A63-B6F1-A5E3CD581B5B}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{AFAC286E-6936-408A-8521-60D7D3CBD94E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A1BCB63E-4A75-4C5D-9BD9-E0DE3B880F13}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [7/9/2008 6:28 PM 20496]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\System32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
S2 gupdate1c9c2ea9a8edec0;Google Update Service (gupdate1c9c2ea9a8edec0);c:\program files\Google\Update\GoogleUpdate.exe [4/21/2009 8:35 PM 133104]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\System32\drivers\Ph3xIB32.sys [4/3/2007 10:43 AM 1131136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.

Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-24 01:33]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 01:34]

2009-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-22 01:34]

2009-07-15 c:\windows\Tasks\HPCeeScheduleForOwner.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]

2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{4ADE60B6-83F0-4345-9AE9-C09A30B039C9}.job
- c:\windows\system32\msfeedssync.exe [2009-06-25 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1583243981-2661809924-717926472-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:51,36,c7,ba,6a,ad,9e,b8,99,4c,0e,58,d5,a9,a7,e3,33,a3,8a,19,63,ed,a5,
bc,5e,9d,33,4a,2a,aa,06,31,88,b6,2d,09,42,ae,25,9c,ca,db,50,53,5b,14,88,08,\
"??"=hex:b2,11,50,ee,af,8d,c3,1f,c2,a9,b4,bf,cb,11,2f,7a

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4384)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
Completion time: 2009-07-17 21:25
ComboFix-quarantined-files.txt 2009-07-17 02:25
ComboFix2.txt 2009-07-14 19:46
ComboFix3.txt 2009-06-28 20:24
ComboFix4.txt 2009-06-28 20:01
ComboFix5.txt 2009-07-17 02:12

Pre-Run: 40,666,972,160 bytes free
Post-Run: 40,423,870,464 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,14
393 --- E O F --- 2009-07-17 01:17

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?

I'm an idiot. Things were working well, but I was out of D drive space so I deleted some files (on the D drive) that the Vista website said were OK to delete. BIG ones. Now I get the message "Could not open key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\Current Version\Drivers32. Verify that you have sufficient access to that key, or contact your support personel." Is this message important? See what I mean? - idiot.

Sound drivers. Does your sound still work?

Yes, the sound works fine.

This should be ok then.

Does that mean I should just ignore the message about the key that will not open?

Yeah.

Thank you for all of your assistance! I think we can consider this case solved!