advice on possible virus

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/07 08:36
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8D600000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA899F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{796b1184-f747-11de-9398-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{796b11be-f747-11de-9398-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{796b11c3-f747-11de-9398-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{796b11c8-f747-11de-9398-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{796b11cc-f747-11de-9398-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{796b11d0-f747-11de-9398-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a87c9cdd-edaf-11de-9565-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c11cce69-daf3-11de-bd15-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ca50f2c8-f8ab-11de-a480-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{dfbc5b63-e291-11de-ab86-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e9b8db77-dc4d-11de-9f3f-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ebc3296a-f8e0-11de-84f5-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{796b1180-f747-11de-9398-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{212afee6-e511-11de-952f-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{572d5a38-f329-11de-a662-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{68a57de3-e06b-11de-a60c-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6920deec-e129-11de-b0b2-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6e23ee60-f7f8-11de-9ade-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{6e23ee6c-f7f8-11de-9ade-00e0b8fbcd07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: c:\windows\temp\mcmsc_fwodpsuynvnvpij
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\BACKUP\09-09-25 0554PM\Windows\MEMORY.DMP
Status: Visible to the Windows API, but not on disk.

Path: C:\Windows\PLA\Reports\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Rules\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\System32\XPSViewer\XPSVIE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.nȯne.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.16884_none_9a0b894107fccf79\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6000.21082_none_9a92fd9a211c6fd7\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.18288_none_9bf5c90f051fc5c6\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6001.22468_none_9c9507981e2d2ad5\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18005_none_9e2fbb5f0207ec84\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.18064_none_9deddb8d02397ad3\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\GATHER~1.XSL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wlansvc_31bf3856ad364e35_6.0.6002.22170_none_9e68a7441b62d132\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_c4f661e592b1c88e\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_c53b1e00ac03aaa2\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_c6794ec590232523\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_c7663d56a8f5f949\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_cab9e41b8efd69ed\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_cafea036a84f4c01\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_cc3cd0fb8c6ec682\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_cd29bf8ca5419aa8\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_f87832f6f02b1a0c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_f8bcef12097cfc20\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_f9fb1fd6ed9c76a1\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.16708_none_74dcd7a292078251\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6000.20864_none_752193bdab596465\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.18096_none_765fc4828f78dee6\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_reg_31bf3856ad364e35_6.0.6001.22208_none_774cb313a84bb30c\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.0.6000.16708_none_c29392a082f7409d\SERVIC~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_end_perf_h_31bf3856ad364e35_6.0.6000.20864_none_24101549d032590a\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_fae80e68066f4ac7\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_c8512a7445976b57\_SERVI~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_f49cbb9015dc43b3\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_ddd4d2342f7e88a6\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_f477a046162e5054\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-dv_aspnetmmc_chm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_ddac10e22fd3c967\DV_ASP~1.CHM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.16720_none_9b01a5fdd9371aff\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6000.20883_none_9b4d641ef282ae74\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.18111_none_9cf3b4d9d654a956\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-config_files_.._gacutil_exe_config_31bf3856ad364e35_6.0.6001.22230_none_9d66b182ef8367ab\GACUTI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.18096_none_8023fb392e87c40a\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6001.22208_none_8110e9ca475a9830\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.16708_none_7ab8208b3397ed7d\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6000.20864_none_7afcdca64ce9cf91\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.18096_none_7c3b0d6b31094a12\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_reg_31bf3856ad364e35_6.0.6001.22208_none_7d27fbfc49dc1e38\_TRANS~1.REG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_807ba2c12fe38edc\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_80c05edc493570f0\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_81fe8fa12d54eb71\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_82eb7e324627bf97\_TRANS~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.16708_none_c71adcbf2e98b7f5\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6000.20864_none_c75f98da47ea9a09\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.18096_none_c89dc99f2c0a148a\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_vrg_31bf3856ad364e35_6.0.6001.22208_none_c98ab83044dce8b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.16708_none_9958372092944487\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6000.20864_none_999cf33babe6269b\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.18096_none_9adb24009005a11c\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_h_31bf3856ad364e35_6.0.6001.22208_none_9bc81291a8d87542\_SERVI~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.16708_none_78c5c5708f85fc49\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6000.20864_none_790a818ba8d7de5d\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.18096_none_7a48b2508cf758de\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.0.6001.22208_none_7b35a0e1a5ca2d04\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wwf-cwetargets_i_31bf3856ad364e35_6.0.6002.18005_none_a247400ed5fa688d\WORKFL~1.TAR
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.16708_none_b25b01638e2dbfa3\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6000.20864_none_b29fbd7ea77fa1b7\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.18096_none_b3ddee438b9f1c38\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_h_31bf3856ad364e35_6.0.6001.22208_none_b4cadcd4a471f05e\_TRANS~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_7ea10e5931166775\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_7ee5ca744a684989\_TRANS~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.16708_none_c1843fad322b4004\_SERVI~2.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.0.6000.20864_none_c1c8fbc84b7d2218\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_op_perfProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1240 Status: Locked to the Windows API!

==EOF==

Sorry, I didn't see page 2 so I posted the file again. Just edited the file out of this post.
Judy

Last edited by judyjudy on 7th January 2010, 5:34 pm; edited 1 time in total (Reason for editing : already sent file)

Re-running ComboFix:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   DirLook::
   c:\windows\temp\mcmsc_fwodpsuynvnvpij
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Ran combofix as you instructed. I am posted from another laptop now because my computer will not allow me to do anything. If I click on the C:\combofix I get a window that says "illegal operation attempted on a registry key that has been marked for deletion". I still have the combofix notepad open in my taskbar menu but when I try to reconnect to Internet Explorer I get a window that says the same thing and when I X out of that I get a window titled Internet that says"The item you selected is unavailable. It might have been moved, renamed, or removed. Do you want to remove it from the list?"

What now????

Started laptop in safe mode and was able to get online.

ComboFix 10-01-04.01 - claire 01/07/2010 18:12:53.3.2 - x86
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3062.1674 [GMT -6:00]
Running from: c:\users\claire\Desktop\commy.exe
Command switches used :: c:\users\claire\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 00:17 . 2010-01-08 00:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-08 00:17 . 2010-01-08 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-07 14:34 . 2010-01-07 14:34 0 ----a-w- c:\windows\system32\settings.dat
2010-01-07 00:16 . 2010-01-07 00:16 -------- d-----w- C:\576977e1acd33bf2c3d252fb9f478689
2010-01-06 21:42 . 2010-01-06 21:42 -------- d-----w- C:\d94631834e44ccfcac57
2010-01-06 15:30 . 2010-01-06 20:16 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-06 14:32 . 2010-01-06 14:32 -------- d-----w- C:\found.000
2010-01-06 03:05 . 2010-01-06 03:05 -------- d-----w- c:\users\claire\AppData\Roaming\Malwarebytes
2010-01-06 03:05 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 03:05 . 2010-01-06 03:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 03:05 . 2010-01-06 03:05 -------- d-----w- c:\programdata\Malwarebytes
2010-01-06 03:05 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 09:00 . 2010-01-03 09:00 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 06:49 . 2010-01-02 06:50 -------- d-----w- c:\program files\Microsoft Location Finder
2010-01-02 06:49 . 2010-01-02 06:50 -------- d-----w- c:\program files\Microsoft Streets and Trips Essentials
2010-01-02 06:46 . 2010-01-02 06:47 -------- d-----w- c:\program files\Encarta
2010-01-02 06:41 . 2010-01-02 06:45 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-01-02 06:39 . 2010-01-02 06:40 -------- d-----w- c:\program files\microsoft money
2010-01-02 06:28 . 2010-01-02 06:28 -------- d-----w- c:\windows\system32\URTTEMP
2010-01-02 06:27 . 2010-01-02 06:27 -------- d-----w- c:\program files\Microsoft Works Suite 2006
2010-01-01 21:08 . 2010-01-01 21:32 -------- d-----w- c:\program files\Snood 4
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\programdata\Norton
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\program files\Norton Security Scan
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\programdata\NortonInstaller
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\program files\NortonInstaller
2009-12-28 04:53 . 2009-12-28 04:54 -------- d-----w- c:\windows\system32\Adobe
2009-12-26 07:15 . 2009-12-26 07:15 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-09 22:30 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 22:30 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 22:30 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 09:03 . 2009-09-26 03:39 -------- d-----w- c:\program files\Microsoft Works
2010-01-02 06:52 . 2009-09-26 00:30 94808 ----a-w- c:\users\claire\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-31 19:11 . 2009-09-26 03:41 -------- d-----w- c:\programdata\Symantec
2009-12-20 21:43 . 2009-09-26 03:51 -------- d-----w- c:\program files\Java
2009-12-14 05:55 . 2009-10-02 01:31 204 ----a-w- c:\users\claire\AppData\Roaming\wklnhst.dat
2009-12-09 23:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 22:30 . 2009-09-26 03:47 -------- d-----w- c:\programdata\Microsoft Help
2009-12-03 01:03 . 2009-09-26 01:05 -------- d-----w- c:\programdata\McAfee
2009-11-27 09:19 . 2009-11-27 09:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-27 09:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-27 09:19 . 2009-11-27 09:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-26 19:49 . 2009-11-26 19:49 680 ----a-w- c:\users\claire\AppData\Local\d3d9caps.dat
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-26 17:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-21 06:40 . 2009-12-08 22:58 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 22:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-08 22:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-08 22:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 00:48 . 2009-11-17 00:48 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-11-17 00:47 . 2009-11-17 00:47 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-11-01 16:31 . 2009-11-01 16:31 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-25 09:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 10:17 . 2009-09-26 01:37 411368 ----a-w- c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\temp\mcmsc_fwodpsuynvnvpij ----



((((((((((((((((((((((((((((( SnapShot@2010-01-05_20.16.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-01-07 14:25 39912 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-07 14:25 69504 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-09-26 03:32 . 2010-01-05 19:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-26 03:32 . 2010-01-07 14:25 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-09-26 03:31 . 2010-01-07 14:25 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-26 03:31 . 2010-01-05 19:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-09-26 03:32 . 2010-01-05 19:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-26 03:32 . 2010-01-07 14:25 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-26 00:51 . 2010-01-07 14:25 8658 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3878062665-890052964-3471927553-1000_UserData.bin
- 2010-01-05 19:32 . 2010-01-05 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-07 14:22 . 2010-01-07 14:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-05 19:32 . 2010-01-05 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-07 14:22 . 2010-01-07 14:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-26 19:41 . 2010-01-08 00:05 207968 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 10:33 . 2010-01-05 20:07 604452 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-07 14:29 604452 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-01-05 20:07 105376 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-01-07 14:29 105376 c:\windows\System32\perfc009.dat
- 2006-11-02 10:24 . 2009-12-01 20:06 25966024 c:\windows\System32\mrt.exe
+ 2006-11-02 10:24 . 2009-12-01 18:06 25966024 c:\windows\System32\mrt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-19 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]

c:\users\claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d4,e9,fe,19,bf,6e,ca,01

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/25/2009 7:15 PM 93320]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:23 PM 21504]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/25/2009 9:50 PM 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [1/5/2010 9:05 PM 38224]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 4:25 AM 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2010-01-01 c:\windows\Tasks\Norton Security Scan for claire.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-31 19:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 18:18
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5224)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
.
Completion time: 2010-01-07 18:20:25
ComboFix-quarantined-files.txt 2010-01-08 00:20
ComboFix2.txt 2010-01-05 20:18

Pre-Run: 60,497,879,040 bytes free
Post-Run: 59,249,213,440 bytes free

- - End Of File - - 312EFB1025DC8B8BD509FF9784438812

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   DirLook::
   C:\found.000
   C:\d94631834e44ccfcac57
   C:\576977e1acd33bf2c3d252fb9f478689
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

ComboFix 10-01-04.01 - claire 01/08/2010 6:43.4.2 - x86 NETWORK
Microsoft Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.3062.2667 [GMT -6:00]
Running from: c:\users\claire\Desktop\commy.exe
Command switches used :: c:\users\claire\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-08 to 2010-01-08 )))))))))))))))))))))))))))))))
.

2010-01-08 12:50 . 2010-01-08 12:50 -------- d-----w- c:\users\claire\AppData\Local\temp
2010-01-08 12:50 . 2010-01-08 12:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-08 12:50 . 2010-01-08 12:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-08 12:41 . 2010-01-08 12:41 -------- d-----w- C:\32788R22FWJFW
2010-01-07 14:34 . 2010-01-07 14:34 0 ----a-w- c:\windows\system32\settings.dat
2010-01-07 00:16 . 2010-01-07 00:16 -------- d-----w- C:\576977e1acd33bf2c3d252fb9f478689
2010-01-06 21:42 . 2010-01-06 21:42 -------- d-----w- C:\d94631834e44ccfcac57
2010-01-06 15:30 . 2010-01-06 20:16 -------- d-----w- c:\programdata\Kaspersky Lab
2010-01-06 14:32 . 2010-01-06 14:32 -------- d-----w- C:\found.000
2010-01-06 03:05 . 2010-01-06 03:05 -------- d-----w- c:\users\claire\AppData\Roaming\Malwarebytes
2010-01-06 03:05 . 2009-12-30 20:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-06 03:05 . 2010-01-06 03:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 03:05 . 2010-01-06 03:05 -------- d-----w- c:\programdata\Malwarebytes
2010-01-06 03:05 . 2009-12-30 20:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 09:00 . 2010-01-03 09:00 -------- d-----w- c:\program files\MSXML 4.0
2010-01-02 06:49 . 2010-01-02 06:50 -------- d-----w- c:\program files\Microsoft Location Finder
2010-01-02 06:49 . 2010-01-02 06:50 -------- d-----w- c:\program files\Microsoft Streets and Trips Essentials
2010-01-02 06:46 . 2010-01-02 06:47 -------- d-----w- c:\program files\Encarta
2010-01-02 06:41 . 2010-01-02 06:45 -------- d-----w- c:\program files\Microsoft Digital Image 2006
2010-01-02 06:39 . 2010-01-02 06:40 -------- d-----w- c:\program files\microsoft money
2010-01-02 06:28 . 2010-01-02 06:28 -------- d-----w- c:\windows\system32\URTTEMP
2010-01-02 06:27 . 2010-01-02 06:27 -------- d-----w- c:\program files\Microsoft Works Suite 2006
2010-01-01 21:08 . 2010-01-01 21:32 -------- d-----w- c:\program files\Snood 4
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\programdata\Norton
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\windows\system32\drivers\NSS
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\program files\Norton Security Scan
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\programdata\NortonInstaller
2009-12-31 19:11 . 2009-12-31 19:11 -------- d-----w- c:\program files\NortonInstaller
2009-12-28 04:53 . 2009-12-28 04:54 -------- d-----w- c:\windows\system32\Adobe
2009-12-26 07:15 . 2009-12-26 07:15 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-09 22:30 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 22:30 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 22:30 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-03 09:03 . 2009-09-26 03:39 -------- d-----w- c:\program files\Microsoft Works
2010-01-02 06:52 . 2009-09-26 00:30 94808 ----a-w- c:\users\claire\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-31 19:11 . 2009-09-26 03:41 -------- d-----w- c:\programdata\Symantec
2009-12-20 21:43 . 2009-09-26 03:51 -------- d-----w- c:\program files\Java
2009-12-14 05:55 . 2009-10-02 01:31 204 ----a-w- c:\users\claire\AppData\Roaming\wklnhst.dat
2009-12-09 23:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 22:30 . 2009-09-26 03:47 -------- d-----w- c:\programdata\Microsoft Help
2009-12-03 01:03 . 2009-09-26 01:05 -------- d-----w- c:\programdata\McAfee
2009-11-27 09:19 . 2009-11-27 09:19 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-27 09:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-27 09:19 . 2009-11-27 09:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-26 19:49 . 2009-11-26 19:49 680 ----a-w- c:\users\claire\AppData\Local\d3d9caps.dat
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-11-26 17:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-11-26 17:30 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-11-21 06:40 . 2009-12-08 22:58 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-08 22:58 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-08 22:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-08 22:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 00:48 . 2009-11-17 00:48 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-11-17 00:47 . 2009-11-17 00:47 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-11-01 16:31 . 2009-11-01 16:31 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-29 09:17 . 2009-11-25 09:00 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-11 10:17 . 2009-09-26 01:37 411368 ----a-w- c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\576977e1acd33bf2c3d252fb9f478689 ----

2010-01-07 00:16 . 2010-01-07 00:16 788 ---ha-w- c:\576977e1acd33bf2c3d252fb9f478689\$shtdwn$.req
2009-12-01 18:06 . 2009-12-01 18:06 25966024 ----a-w- c:\576977e1acd33bf2c3d252fb9f478689\mrt.exe
2009-12-01 18:06 . 2009-12-01 18:06 57800 ----a-w- c:\576977e1acd33bf2c3d252fb9f478689\mrtstub.exe

---- Directory of C:\d94631834e44ccfcac57 ----

2010-01-06 21:42 . 2010-01-06 21:42 788 ---ha-w- c:\d94631834e44ccfcac57\$shtdwn$.req
2009-12-01 18:06 . 2009-12-01 18:06 25966024 ----a-w- c:\d94631834e44ccfcac57\mrt.exe
2009-12-01 18:06 . 2009-12-01 18:06 57800 ----a-w- c:\d94631834e44ccfcac57\mrtstub.exe

---- Directory of C:\found.000 ----

2008-02-05 05:23 . 2010-01-06 03:45 33988608 ----a-w- c:\found.000\file0000.chk


((((((((((((((((((((((((((((( SnapShot@2010-01-05_20.16.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-01-07 14:25 39912 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-07 14:25 69504 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-09-26 03:32 . 2010-01-08 00:20 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-26 03:32 . 2010-01-05 19:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-09-26 03:31 . 2010-01-05 19:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-26 03:31 . 2010-01-08 00:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-09-26 03:32 . 2010-01-08 00:20 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-26 03:32 . 2010-01-05 19:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-28 07:20 . 2010-01-08 01:24 1836 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2009-11-28 07:20 . 2009-11-28 07:20 1836 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-09-26 00:51 . 2010-01-07 14:25 8658 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3878062665-890052964-3471927553-1000_UserData.bin
- 2010-01-05 19:32 . 2010-01-05 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-08 12:33 . 2010-01-08 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-08 12:33 . 2010-01-08 12:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-05 19:32 . 2010-01-05 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-26 19:41 . 2010-01-08 01:22 208192 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-01-08 12:38 603466 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-08 12:38 104792 c:\windows\System32\perfc009.dat
- 2006-11-02 10:24 . 2009-12-01 20:06 25966024 c:\windows\System32\mrt.exe
+ 2006-11-02 10:24 . 2009-12-01 18:06 25966024 c:\windows\System32\mrt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-26 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Gateway\traybar.exe" [2007-09-13 638976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-19 30192]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\users\claire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d4,e9,fe,19,bf,6e,ca,01

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/25/2009 7:15 PM 93320]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 8:23 PM 21504]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/25/2009 9:50 PM 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [1/5/2010 9:05 PM 38224]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 4:25 AM 2589184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2010-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 17:22]

2010-01-01 c:\windows\Tasks\Norton Security Scan for claire.job
- c:\program files\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2009-12-31 19:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=ODT&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6827
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-RunOnce- - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-08 06:50
Windows 6.0.6002 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-01-08 06:52:19
ComboFix-quarantined-files.txt 2010-01-08 12:52
ComboFix2.txt 2010-01-08 00:20
ComboFix3.txt 2010-01-05 20:18

Pre-Run: 62,282,813,440 bytes free
Post-Run: 62,233,145,344 bytes free

- - End Of File - - 940D3AA378AC869365C8EB3622497EBB

Please delete this folder:
c:\found.000

==
Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Was running the scan when I got the "blue screen" that said something about a bad disk (maybe, it flashed on the screen too quickly). I rebooted in safe mode and went to C: and this text looks like it accured at the disk check at reboot. What now???

Checking file system on C:
The type of the file system is NTFS.
Volume label is Partition_1.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
248960 file records processed.

1026 large file records processed.

0 bad file records processed.

0 EA records processed.

78 reparse records processed.

Unable to locate the file name attribute of index entry PenIMC.dll
of index $I30 with parent 0x51b in file 0x1897f.
Deleting index entry PenIMC.dll in index $I30 of file 1307.
Unable to locate the file name attribute of index entry PresentationFontCache.exe
of index $I30 with parent 0x51b in file 0x17f9e.
Deleting index entry PresentationFontCache.exe in index $I30 of file 1307.
Unable to locate the file name attribute of index entry PresentationFontCache.exe.config
of index $I30 with parent 0x51b in file 0x17eb4.
Deleting index entry PresentationFontCache.exe.config in index $I30 of file 1307.
Unable to locate the file name attribute of index entry PresentationHostDLL.dll
of index $I30 with parent 0x51b in file 0x1806b.
Deleting index entry PresentationHostDLL.dll in index $I30 of file 1307.
Unable to locate the file name attribute of index entry wpfgfx_v0300.dll
of index $I30 with parent 0x51b in file 0x193e7.
Deleting index entry wpfgfx_v0300.dll in index $I30 of file 1307.
326870 index entries processed.

CHKDSK is recovering lost files.
Recovering orphaned file PresentationFontCache.exe.config (97972) into directory file 1307.
Recovering orphaned file PresentationFontCache.exe (98206) into directory file 1307.
Recovering orphaned file PresentationHostDLL.dll (98411) into directory file 1307.
Recovering orphaned file PenIMC.dll (100735) into directory file 1307.
5 unindexed files processed.

Recovering orphaned file wpfgfx_v0300.dll (103399) into directory file 1307.
248960 security descriptors processed.

Cleaning up 36 unused index entries from index $SII of file 0x9.
Cleaning up 36 unused index entries from index $SDH of file 0x9.
Cleaning up 36 unused security descriptors.
38956 data files processed.

CHKDSK is verifying Usn Journal...
The remaining of an USN page at offset 0xdb427268 in file 0xb74e
should be filled with zeros.
The USN Journal entry at offset 0xdb428000 and length 0x8c25d crosses
the page boundary.
The USN Journal entry at offset 0xdb429000 and length 0x55390a7d crosses
the page boundary.
The USN Journal entry at offset 0xdb42a000 and length 0x531075ff crosses
the page boundary.
The USN Journal entry at offset 0xdb42b000 and length 0x5e2c149 crosses
the page boundary.
The USN Journal entry at offset 0xdb42c000 and length 0x5724458b crosses
the page boundary.
The USN Journal entry length 0x9b at offset 0xdb42d000 in file
0xb74e is not aligned.
The USN Journal entry at offset 0xdb42e000 and length 0x75ff1574 crosses
the page boundary.
The USN Journal entry at offset 0xdb42f000 and length 0x8d53085d crosses
the page boundary.
Repairing Usn Journal file record segment.
34711288 USN bytes processed.

Usn Journal verification completed.
Windows has made corrections to the file system.

143781749 KB total disk space.
82578760 KB in 203301 files.
111916 KB in 38957 indexes.
0 KB in bad sectors.
358865 KB in use by the system.
65536 KB occupied by the log file.
60732208 KB available on disk.

4096 bytes in each allocation unit.
35945437 total allocation units on disk.
15183052 allocation units available on disk.

Internal Info:
80 cc 03 00 5e b2 03 00 ea 96 06 00 00 00 00 00 ....^...........
d3 01 00 00 4e 00 00 00 00 00 00 00 00 00 00 00 ....N...........
80 19 37 00 48 01 37 00 02 00 00 02 d8 7f 38 00 ..7.H.7.......8.

Windows has finished checking your disk.
Please wait while your computer restarts.

Run chkdsk:

1. Right-click the Start button and select Explore (alternatively, hit WINDOWS key E on your keyboard).
   
2. Using Windows Explorer, navigate to your C:\ drive, then right-click the drive and select Properties
   
3. In the Properties window that pops up, click the Tools tab and then, under "Error-checking", click on the button that says Check Now...
   
4. In the Check disk options window that pops up, place a checkmark in both boxes:
   
   
   
   • Automatically fix file system errors
     
   • Scan for and attempt recovery of bad sectors
     

Now click on Start

A new window will pop up saying, "Windows can't check the disk while it's in use".

Click Yes to schedule the disk check.

Now shut down (do NOT restart!) your computer, and then turn your computer back on with its power button.

When your computer turns on, you will see a black screen with white lettering, this is chkdsk running.

Let chkdsk run through its five stages. When the utility finishes, Windows will boot to the Desktop.
NOTE: Running chkdsk may take some time to complete. Please be patient and do NOT use the computer, press any keys, or try to stop the chkdsk scan once it has started!

==

Locate the chkdsk log and post it here:

1. Click on Start, then click Run...
   
2. Copy and paste the following text into the "Open:" box: eventvwr.msc /s
   NOTE there is a space between "eventvwr.msc" and "/s"!
   
3. Click OK (or hit Enter).
   
   This will bring up the Event Viewer window.
   

In the left panel, click on Application

The chkdsk log should be the first entry, with a source of Winlogon
NOTE: If it is not the first log, click on View, and then on Newest First: that should place the chkdsk log at the top of the list.

Click on the entry once.

Right-click on the entry and choose Properties

In the window that pops up, click on to copy the log.

Paste the log in a reply to this topic.

do i do this in safe mode or normal mode?

Either way. It will tell you to restart your computer, then it will do a large check of your disk to fix it.

I'm on a different laptop typing this. The diskck has been frozen at 17% complete (stage 4 of 5) for about 1/2 hour. Is this normal? I swear I have not touched anything on it and I am TRYING to be patient ;-)

Still frozen at the same 17% after 1 1/2 hours!

Try to press Ctrl+Alt+Delete to get out of it.

Then, after rebooting, let it try CHKDSK again.

nothing happens when I hit Ctl+Alt+Del

Force shutdown (hold power button in), then boot again. It shall try the CHKDSK again.

OK, wish me luck!

It's freezing at the same spot: 17% (stage 4 of 5). Do a hit ctrl+alt+del?

Please shut down.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Log on to Safe Mode as Administrator.

Then, go to Start > Run
type in chkdsk and hit OK.

It will run a quick CHKDSK then give Windows the assurance the CHKDSK was successful.

One quick question, do you have your Windows XP cd?

Please let me know if the above method worked.

this laptop has Windows Vista. I have the operating system disc from Gateway for this windows vista w/ SP1

Ok. Let me know of the results.

right now it is in safe mode and seems to be frozen at loading windows files. It has not gotten to the point of letting me log on.

It's not going past the loading of windows files. I shut it down and got in safe mode again and it still froze at loading windows files. I'm starting to get scared!

Please place your Vista disc in to the drive. Reboot. Allow it to boot from the disc.

While in setup, choose Startup Repair.

ok. it is saying startup repair could not detect a problem. Also: "If you have recently attached a device to this computer, such as a camera or portable music player, remove it and restart your computer." I have not had anything attached to this since we started trying to fix it.

Oops. hope I didn't do anything wrong. I hit the restart button when startup repair said it could find nothing wrong. When it restarted the discck screen came on again and I hit the cancel button to stop the disc check. Then the desktop screen came on as usual with the "windows has blocked some startup programs" warning window.

It's late now. I'm shutting down the computer. Thanks for your patience.

booted up in safe mode and was able to log on did a run chkdsk and it got to about 54% done and then that window just went off the screen. Ran it again and watched to see that it was at: verifying indexes (stage 2 of 3). Then it had about 5 lines that said "Index entry.........is incorrect" Then it was doing something at 50%, 51%....and at 54% the chkdsk window just disappeared.

Go Start type in CMD and right-click on it in the results pane and select Run as Administrator.
Type in: sfc /scannow
Press enter.

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

Dragon Master Jay,
Had a computer friend stop by. He gave kudos to you guys but said "of course it's much easier when one is sitting right at the computer". He did not find a virus on this laptop but thought it was a damaged disk. The problem you and I were having is that in Vista even if one is the administrator there is some program (3 letters..maybe UOS?) that pops up these windows asking to OK any action. I think that means that a disk check can't be done when Windows starts running. (This friend is not a fan of Vista).
So he had to go though some administrative stuff to get that disabled before running a disk check. Something was damaged. Did a repair. Seems to be running fine.

So I'm ready to close this topic and free you up to help all the other poor souls with something nasty on their computers. Thank you soooo very much for all your help. I did learn something about Mbam. You all are great and I will be recommending you to friends.

Thanks. Glad it is working again properly!