Jump to content

dl737

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by dl737

  1. dl737
    Thanks so much Chris. Pretty much did everything you requested/suggested (except the firewall - that's the final thing on my list to do) Thank you and your team so much for the phenomenal help and support!! All the best - Danny.
  2. dl737
    As requested!! Results of screen317's Security Check version 0.98.9 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Symantec AntiVirus Client WMIC entry does not exist for antivirus; attempting automatic update. `````````````````````````````` Anti-malware/Other Utilities Check: Spybot - Search & Destroy Malwarebytes' Anti-Malware Sophos Anti-Rootkit 1.5.0 HijackThis 2.0.2 TweakNow RegCleaner Standard Java SE Runtime Environment 6 Update 1 Adobe Flash Player 10 `````````````````````````````` Process Check: objlist.exe by Laurent Symantec AntiVirus DefWatch.exe Symantec AntiVirus Rtvscan.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` How am I doing??
  3. dl737
    Removed Spybot and Ad-Aware, reinstalled Spybot, undated and ram MBAM with following result: Malwarebytes' Anti-Malware 1.40 Database version: 2719 Windows 5.1.2600 Service Pack 3 8/30/2009 4:54:15 PM mbam-log-2009-08-30 (16-54-15).txt Scan type: Quick Scan Objects scanned: 104013 Time elapsed: 5 minute(s), 32 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: C:\Program Files\Symantec AntiVirus\vptray.exe (Trojan.Dropper) -> Not selected for removal. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Symantec AntiVirus\vptray.exe (Trojan.Dropper) -> Not selected for removal. C:\RECYCLER\S-1-5-21-1644491937-630328440-839522115-1003\Dc18.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1644491937-630328440-839522115-1003\Dc19\teatimer.exe118 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1644491937-630328440-839522115-1003\Dc19\teatimer.exe61 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1644491937-630328440-839522115-1003\Dc19\teatimer.exe63 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1644491937-630328440-839522115-1003\Dc19\teatimer.exe68 (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1644491937-630328440-839522115-1003\Dc19\teatimer.exe91 (Trojan.Dropper) -> Quarantined and deleted successfully. As you can see, zapped everything, except my anti-virus. Following your lead, took the liberty of uninstalling, then re-installing and updating my antivirus program - and re-ran MBAM with the following results: Malwarebytes' Anti-Malware 1.40 Database version: 2719 Windows 5.1.2600 Service Pack 3 8/30/2009 5:19:20 PM mbam-log-2009-08-30 (17-19-20).txt Scan type: Quick Scan Objects scanned: 103989 Time elapsed: 5 minute(s), 39 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Best log I've seen in a while. Does that mean I am done? Did we get everything or is there anything more for me to do. Again - will refrain from using the computer till I get the final OK from you. Thanks as always!!
  4. dl737
    After doing the Kaspersky On-Line Scan - I may have been infected by something else (not sure) because I got one of those IE popups that says my computer is infected and that I need to run a program. I kept on "X"ing the popup, but when I closed out Kaspersky it seemed to run anyway. Immediately went offline and Cntl+Alt+Del to stop and close the IE window. Took another HiJack this log to see if it's part of the same problem or another one that came on board during the scan. As always - any help appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:22:04 AM, on 8/29/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\SYMANT~1\vptray.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\SYMANT~1\vptray .exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\dl737\LOCALS~1\Temp\ctv344.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Google\Update\GoogleUpdate.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stickam.com/viewFriends.do?userId=173978414 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://mobile.coair.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://mobile.coair.com/llclient/postsp/wi...java+AXXPEE.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238346970205 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200347491531 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A9C70AF0-0F2A-11D1-B230-0000C08C00C4} (SSDBCombo Control 3.1) - http://insidetis.coair.com/edocs/cabs/ssdw3b32.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://mobile.coair.com/dana-cached/setup/...perSetupSP1.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...721/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2792218B-15FF-4D9F-94E6-9C59EE816951}: NameServer = 68.87.64.146,68.87.75.194 O17 - HKLM\System\CS1\Services\Tcpip\..\{2792218B-15FF-4D9F-94E6-9C59EE816951}: NameServer = 68.87.64.146,68.87.75.194 O17 - HKLM\System\CS2\Services\Tcpip\..\{2792218B-15FF-4D9F-94E6-9C59EE816951}: NameServer = 68.87.64.146,68.87.75.194 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Google Update Service (gupdate1c98bf037187472) (gupdate1c98bf037187472) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11330 bytes
  5. dl737
    As requested: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Saturday, August 29, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, August 29, 2009 07:15:16 Records in database: 2700691 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan statistics: Objects scanned: 387128 Threats found: 13 Infected objects found: 47 Suspicious objects found: 5 Scan duration: 07:22:55 File name / Threat / Threats count C:\PROGRA~1\SYMANT~1\vptray.exe/C:\PROGRA~1\SYMANT~1\vptray.exe Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Backup\Outlook\archive backup.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0000.VBN Infected: Packed.Win32.Krap.r 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40000.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40002.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40004.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40006.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40008.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C4000A.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C4000C.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C4000E.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40010.VBN Infected: Trojan.Win32.FraudPack.rcj 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80000.VBN Infected: Trojan.Win32.Agent2.kvz 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80002.VBN Infected: Trojan-Downloader.Win32.FraudLoad.fiq 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80004.VBN Infected: Trojan.Win32.Small.can 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940000.VBN Infected: Trojan-Dropper.Win32.VB.izg 1 C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\16500000.VBN Infected: Trojan-Dropper.Win32.VB.izg 1 C:\Documents and Settings\dl737\Local Settings\Application Data\Microsoft\Outlook\archive02.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1 C:\Documents and Settings\dl737\Local Settings\Temporary Internet Files\Content.IE5\BTM2JI7E\beza[1].htm Infected: Trojan-Downloader.JS.LuckySploit.q 1 C:\Program Files\Adobe\acrotray .exe Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Adobe\acrotray.exe Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Lavasoft\Ad-Aware\aawtray.exe Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Spybot - Search & Destroy\teatimer.exe Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Spybot - Search & Destroy\teatimer.exe118 Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Spybot - Search & Destroy\teatimer.exe61 Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Spybot - Search & Destroy\teatimer.exe63 Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Spybot - Search & Destroy\teatimer.exe68 Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Spybot - Search & Destroy\teatimer.exe91 Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Program Files\Symantec AntiVirus\vptray.exe Infected: Trojan-Downloader.Win32.Small.amed 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\tajf83ikdmf.dll.vir Infected: Trojan-Downloader.Win32.Agent.cnhi 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\~.exe.vir Infected: Trojan-Downloader.Win32.Agent.cnhj 1 E:\Zip Files\palm\Palm OS Software Over 100 Programs.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1 F:\Backup\Outlook\archive backup.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\027C0000.VBN Infected: Packed.Win32.Krap.r 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40000.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40002.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40004.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40006.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40008.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C4000A.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C4000C.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C4000E.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40010.VBN Infected: Trojan.Win32.FraudPack.rcj 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80000.VBN Infected: Trojan.Win32.Agent2.kvz 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80002.VBN Infected: Trojan-Downloader.Win32.FraudLoad.fiq 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09B80004.VBN Infected: Trojan.Win32.Small.can 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C940000.VBN Infected: Trojan-Dropper.Win32.VB.izg 1 L:\C\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\16500000.VBN Infected: Trojan-Dropper.Win32.VB.izg 1 L:\C\Documents and Settings\dl737\Local Settings\Application Data\Microsoft\Outlook\archive02.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1 L:\E\Zip Files\palm\Palm OS Software Over 100 Programs.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1 L:\F\Backup\Outlook\archive backup.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1 L:\~Backup\PC Install\Danny'sPC\MB_Install\Motherboard\Install\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.e 1 Selected area has been scanned.
  6. dl737
    I was able to correct my update issue with based on another post in the forum. Updated mbam, did a quick scan and got the following: Malwarebytes' Anti-Malware 1.40 Database version: 2708 Windows 5.1.2600 Service Pack 3 8/27/2009 11:50:50 PM mbam-log-2009-08-27 (23-50-42).txt Scan type: Quick Scan Objects scanned: 102185 Time elapsed: 5 minute(s), 51 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: C:\Program Files\Symantec AntiVirus\vptray.exe (Trojan.Dropper) -> No action taken. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Ertfor) -> No action taken. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\spybotsd teatimer (Trojan.Dropper) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ad-watch (Trojan.Dropper) -> No action taken. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Program Files\Symantec AntiVirus\vptray.exe (Trojan.Dropper) -> No action taken. C:\Program Files\Spybot - Search & Destroy\teatimer.exe (Trojan.Dropper) -> No action taken. C:\Program Files\Lavasoft\Ad-Aware\aawtray.exe (Trojan.Dropper) -> No action taken. As you can see took no action bec it's showing my anti-virus and anti-malware programs as infected. Not sure if it's a false positive or not. Will wait on your advice as to what to do next. Thanks
  7. dl737
    Not sure if this belongs in this forum - but got this when attempted to update mbam - so ran the installed version.
  8. dl737
    Thank you so much!! I was able to get so much further along this time - gives me hope that you guys can lick this!! Avenger Log: Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\WINDOWS\ServicePackFiles\i386\eventlog.dll|C:\WINDOWS\system32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate. ComboFix Log: ComboFix 09-08-27.02 - dl737 08/27/2009 21:19.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.630 [GMT -4:00] Running from: c:\documents and settings\dl737\Desktop\Combo-Fix.exe . ADS - WINDOWS: deleted 72 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\dl737\LOCALS~1\Temp\winlogon.exe c:\documents and settings\All Users\Start Menu\Programs\Windows Live Messenger .lnk c:\recycler\NPROTECT c:\windows\010112010146118114.dat c:\windows\0101120101464849.dat c:\windows\934fdfg34fgjf23 c:\windows\jestertb.dll c:\windows\setup.exe c:\windows\system32\~.exe c:\windows\system32\1.tmp c:\windows\system32\ctfmon .exe c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\tajf83ikdmf.dll c:\windows\system32\wpcap.dll c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SFX -------\Legacy_SFXDRV -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} -------\Service_NPF -------\Service_sfx -------\Service_sFxdrv ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 ))))))))))))))))))))))))))))))) . 2009-08-28 01:02 . 2009-08-28 01:02 -------- d-sh--we c:\windows\system32\GroupPolicy\User\Scripts\Logoff\Logoff 2009-08-28 01:02 . 2009-08-28 01:02 -------- d-sh--we c:\windows\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown 2009-08-27 09:34 . 2006-05-23 22:05 110592 ----a-w- c:\documents and settings\dl737\Application Data\U3\temp\cleanup.exe 2009-08-27 01:15 . 2009-06-18 16:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys 2009-08-27 00:00 . 2009-08-27 00:00 -------- d-----w- c:\windows\McAfee.com 2009-08-26 18:25 . 2009-08-26 18:25 -------- d-----w- c:\program files\Sophos 2009-08-26 01:51 . 2009-08-27 09:34 -------- d-----w- c:\documents and settings\dl737\Application Data\U3 2009-08-25 20:09 . 2009-08-25 10:31 46080 ----a-w- C:\Win32kDiag.exe 2009-08-25 20:06 . 2009-08-25 20:06 0 ----a-w- C:\settings.dat 2009-08-25 18:32 . 2009-08-25 18:32 -------- d-----w- c:\program files\Trend Micro 2009-08-25 18:31 . 2009-08-25 10:01 812344 ----a-w- C:\HijackThisInstaller.exe 2009-08-25 18:25 . 2009-08-25 18:25 -------- d-----w- c:\program files\ESET 2009-08-25 18:15 . 2006-02-21 03:21 166912 ----a-w- C:\StartupList.exe 2009-08-25 18:15 . 2005-02-09 15:08 456208 ----a-w- C:\procexp.exe 2009-08-25 17:37 . 2009-08-25 17:37 75 ----a-w- C:\fixes.bat 2009-08-25 03:19 . 2005-04-16 23:58 577088 ----a-w- C:\TweakUiPowertoySetup.exe 2009-08-24 20:36 . 2009-08-24 20:36 26112 ----a-r- c:\documents and settings\dl737\Application Data\Microsoft\Installer\{B93251B5-9209-4DAB-867C-AA98D91584CD}\IconB93251B51.exe 2009-08-24 20:36 . 2009-08-24 20:36 24576 ----a-r- c:\documents and settings\dl737\Application Data\Microsoft\Installer\{B93251B5-9209-4DAB-867C-AA98D91584CD}\IconB93251B52.exe 2009-08-24 20:36 . 2009-08-24 20:36 184320 ----a-r- c:\documents and settings\dl737\Application Data\Microsoft\Installer\{B93251B5-9209-4DAB-867C-AA98D91584CD}\IconB93251B5.exe 2009-08-21 22:22 . 2009-08-26 23:54 -------- d-----w- c:\documents and settings\dl737\Application Data\dvdcss 2009-08-21 21:56 . 2009-08-21 21:56 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-21 21:55 . 2009-08-21 21:55 -------- d-----w- c:\program files\MSBuild 2009-08-21 21:55 . 2009-08-21 21:55 -------- d-----w- c:\program files\Reference Assemblies 2009-08-21 21:55 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-21 21:55 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-21 21:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-21 21:55 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-21 21:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-21 21:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-21 21:55 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-21 21:54 . 2009-08-28 01:02 -------- d-----w- c:\windows\SxsCaPendDel 2009-08-20 22:48 . 2009-08-20 22:48 -------- d-----w- c:\temp\Temp1 2009-08-20 18:55 . 2009-08-20 18:55 -------- d-----w- c:\program files\Common Files\Windows Live 2009-08-17 22:38 . 2009-08-17 22:38 17542 ----a-r- c:\documents and settings\dl737\Application Data\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_E1B1EA20E9EDDDC819A517.exe 2009-08-17 22:38 . 2009-08-17 22:38 17542 ----a-r- c:\documents and settings\dl737\Application Data\Microsoft\Installer\{F343FA04-CFC0-487C-A617-A5E8CF4D7B10}\_CA425E9E8A2DC2A74652F0.exe 2009-08-17 22:38 . 2009-08-17 22:43 -------- d-----w- c:\program files\Image Grabber II.NET 2009-08-17 00:31 . 2009-08-17 22:51 -------- d-----w- c:\program files\Image Grabber II 2009-08-13 22:29 . 2009-08-27 02:33 -------- d-----w- c:\documents and settings\dl737\Application Data\vlc 2009-08-13 22:24 . 2009-08-13 22:24 -------- d-----w- c:\program files\VideoLAN 2009-08-11 22:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-08-05 00:26 . 2009-08-05 00:26 -------- d-----w- c:\program files\Garmin GPS Plugin 2009-08-04 19:31 . 2009-08-04 19:30 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-07-30 02:45 . 2009-08-05 01:14 -------- d-----w- c:\temp\MandyVidPics . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-28 01:27 . 2009-06-24 00:55 -------- d-----w- c:\program files\Symantec AntiVirus 2009-08-28 01:27 . 2006-12-23 14:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-28 01:26 . 2006-12-23 19:55 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2009-08-28 01:02 . 2006-12-23 17:10 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Juniper Networks 2009-08-26 21:19 . 2008-11-18 01:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-25 02:37 . 2007-04-20 02:26 -------- d-----w- c:\documents and settings\dl737\Application Data\Azureus 2009-08-24 20:35 . 2009-01-30 20:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-24 08:01 . 2006-12-23 05:44 -------- d-----w- c:\program files\SyncBack 2009-08-21 22:24 . 2006-12-22 18:35 86208 ----a-w- c:\documents and settings\dl737\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-15 22:56 . 2006-12-25 22:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-12 09:29 . 2008-04-28 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-05 09:01 . 2001-08-23 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 19:31 . 2008-11-24 19:33 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-08-04 19:30 . 2009-08-25 03:11 38208 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-08-04 19:30 . 2008-07-17 17:00 38208 ----a-w- c:\documents and settings\dl737\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-08-03 17:36 . 2008-11-18 01:21 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 17:36 . 2008-11-18 01:21 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-25 22:19 . 2007-04-20 02:26 -------- d-----w- c:\program files\Azureus 2009-07-17 19:01 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2006-12-22 18:28 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-11 04:19 . 2009-06-27 21:22 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-07-11 04:19 . 2009-06-27 21:22 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-07-11 04:19 . 2009-06-27 21:22 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-07-08 18:05 . 2009-07-08 18:05 -------- d-----w- c:\program files\TweetDeck 2009-07-03 03:35 . 2007-01-05 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2009-07-03 03:34 . 2009-07-03 03:34 -------- d-----w- c:\program files\Avanquest 2009-07-03 03:34 . 2009-07-03 03:34 -------- d-----w- c:\documents and settings\dl737\Application Data\Avanquest 2009-06-29 16:12 . 2001-08-23 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2006-12-22 18:28 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2001-08-23 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-28 03:09 . 2008-11-18 01:21 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-27 21:22 . 2009-06-28 02:40 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-06-27 21:22 . 2009-06-27 21:22 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-06-27 21:22 . 2009-06-27 21:22 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-06-27 21:22 . 2009-06-27 21:22 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-06-25 20:58 . 2007-01-25 01:04 17616 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-25 08:25 . 2001-08-23 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2001-08-23 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2001-08-23 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2001-08-23 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2001-08-23 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2001-08-23 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-24 00:54 . 2009-06-24 00:55 83672 ----a-w- c:\windows\system32\S32EVNT1.DLL 2009-06-24 00:54 . 2009-06-24 00:55 73224 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2001-08-23 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2001-08-23 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:13 . 2001-08-23 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 13:19 . 2006-12-22 18:10 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 06:14 . 2001-08-23 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-07 00:44 . 2009-06-07 00:44 2494 ----a-r- c:\documents and settings\dl737\Application Data\Microsoft\Installer\{69640730-B830-4C24-BB5C-222DA1260548}\ARPPRODUCTICON.exe 2009-06-03 19:09 . 2001-08-23 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-03-20 00:51 . 2009-03-20 00:51 13469 ----a-w- c:\program files\hijackthis.log 2008-12-24 02:35 . 2008-05-22 19:31 5120 --sha-w- c:\program files\Thumbs.db 2006-07-10 19:22 . 2006-12-23 04:37 398912 ----a-w- c:\program files\autoruns.exe 2006-02-21 03:21 . 2006-12-23 03:45 166912 ----a-w- c:\program files\StartupList.exe 2005-12-30 07:58 . 2006-12-23 15:15 16074 ----a-w- c:\program files\shexview.chm 2005-12-30 07:40 . 2006-12-23 15:15 37888 ----a-w- c:\program files\shexview.exe 2005-02-09 15:08 . 2006-12-23 04:47 456208 ----a-w- c:\program files\procexp.exe 2004-10-22 18:59 . 2007-01-02 03:52 126976 ------w- c:\program files\Common Files\CCCWinLib2.dll 2004-10-22 18:55 . 2007-01-02 03:52 241664 ------w- c:\program files\Common Files\CCCData1.dll 2004-10-22 18:53 . 2007-01-02 03:52 114688 ------w- c:\program files\Common Files\CCCErr3.dll 2004-10-12 20:25 . 2007-01-02 03:52 49152 ----a-w- c:\program files\Common Files\FPDaemon.exe 2004-10-12 20:18 . 2007-01-02 03:52 450648 ----a-w- c:\program files\Common Files\phookctl.dll 2004-10-01 20:00 . 2006-12-23 03:45 40960 ----a-w- c:\program files\Uninstall_CDS.exe 2000-07-28 20:38 . 2000-07-28 20:38 194048 ----a-w- c:\program files\ASCIIPic.exe 1999-10-31 03:54 . 2006-12-23 03:45 561152 ----a-w- c:\program files\Convert.exe 1997-06-30 05:10 . 2006-12-23 03:45 29696 ----a-w- c:\program files\nail.exe 1992-07-30 13:00 . 1992-07-30 13:00 15920 ----a-w- c:\program files\done.wav 2007-01-25 01:04 . 2007-01-25 01:04 56 --sh--r- c:\windows\system32\2FE51E7293.sys 2005-07-14 17:31 . 2005-07-14 17:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll 2005-06-26 20:32 . 2005-06-26 20:32 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-22 03:37 . 2005-06-22 03:37 45568 --sha-r- c:\windows\system32\cygz.dll 2006-05-03 09:06 . 2008-04-06 21:10 163328 --sh--r- c:\windows\system32\flvDX.dll 2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2007-02-21 10:47 . 2008-04-06 21:10 31232 --sh--r- c:\windows\system32\msfDX.dll 2007-12-17 12:43 . 2008-04-06 21:10 27648 --sh--w- c:\windows\system32\Smab0.dll 2005-02-28 18:16 . 2005-02-28 18:16 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-25 05:00 . 2004-01-25 05:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808] "msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-08-28 26112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-29 8523776] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2007-02-06 252704] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-29 81920] "vptray"="c:\progra~1\SYMANT~1\vptray.exe" [2009-08-28 26112] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-08-28 26112] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-29 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760] c:\documents and settings\dl737\Start Menu\Programs\Startup\ HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-7-19 299008] TweetDeck.lnk - c:\program files\TweetDeck\TweetDeck.exe [2009-7-8 95744] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "PreXPSP2ShellProtocolBehavior"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 01000000 "NoSMMyDocs"= 01000000 "NoSMMyPictures"= 01000000 "NoNetworkConnections"= 01000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^dl737^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\dl737\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^dl737^Start Menu^Programs^Startup^DataViz Messenger.lnk] path=c:\documents and settings\dl737\Start Menu\Programs\Startup\DataViz Messenger.lnk backup=c:\windows\pss\DataViz Messenger.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^dl737^Start Menu^Programs^Startup^YouTube Uploader.lnk] path=c:\documents and settings\dl737\Start Menu\Programs\Startup\YouTube Uploader.lnk backup=c:\windows\pss\YouTube Uploader.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Palm\\HOTSYNC.EXE"= "c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"= "c:\\Program Files\\Savings Bond Wizard\\SBWizard.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\dl737\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/27/2009 5:22 PM 64160] R1 NEOFLTR_550_11905;Juniper Networks TDI Filter Driver (NEOFLTR_550_11905);c:\windows\system32\drivers\NEOFLTR_550_11905.sys [6/22/2007 5:42 PM 63008] R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [8/26/2009 9:15 PM 18816] R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [7/30/2008 1:51 AM 277736] R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 6:06 AM 21632] S2 gupdate1c98bf037187472;Google Update Service (gupdate1c98bf037187472);c:\program files\Google\Update\GoogleUpdate.exe [2/10/2009 10:26 PM 133104] S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [12/23/2006 1:47 PM 69575] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\6.tmp --> c:\windows\system32\6.tmp [?] . Contents of the 'Scheduled Tasks' folder 2009-08-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:23] 2009-08-26 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34] 2009-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 02:26] 2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-11 02:26] 2009-03-07 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01] 2009-08-24 c:\windows\Tasks\SyncBack C Drive.job - c:\program files\SyncBack\SyncBack.exe [2006-12-23 20:16] 2009-08-24 c:\windows\Tasks\SyncBack D Drive.job - c:\program files\SyncBack\SyncBack.exe [2006-12-23 20:16] 2009-08-24 c:\windows\Tasks\SyncBack E Drive.job - c:\program files\SyncBack\SyncBack.exe [2006-12-23 20:16] 2009-08-24 c:\windows\Tasks\SyncBack F Drive.job - c:\program files\SyncBack\SyncBack.exe [2006-12-23 20:16] 2009-08-24 c:\windows\Tasks\SyncBack X Drive.job - c:\program files\SyncBack\SyncBack.exe [2006-12-23 20:16] 2009-08-28 c:\windows\Tasks\User_Feed_Synchronization-{CC78415D-02BE-47F9-8775-B8C5AC151C47}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 16:58] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-Google Update - c:\documents and settings\dl737\Local Settings\Application Data\Google\Update\1.1.17.0\GoogleUpdate.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.stickam.com/viewFriends.do?userId=173978414 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: coair.com\mobile TCP: {2792218B-15FF-4D9F-94E6-9C59EE816951} = 68.87.64.146,68.87.75.194 DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} - hxxps://mobile.coair.com/llclient/postsp/winxp/,DanaInfo=10.192.130.35,CT=java+AXXPEE.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {A9C70AF0-0F2A-11D1-B230-0000C08C00C4} - hxxp://insidetis.coair.com/edocs/cabs/ssdw3b32.cab FF - ProfilePath - c:\documents and settings\dl737\Application Data\Mozilla\Firefox\Profiles\97ykxf5u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/ FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-27 21:27 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\6.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3848) c:\windows\system32\WININET.dll c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\wanmpsvc.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\rundll32.exe c:\progra~1\MICROS~3\rapimgr.exe c:\progra~1\SYMANT~1\vptray .exe . ************************************************************************** . Completion time: 2009-08-28 21:34 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-28 01:34 Pre-Run: 105,331,466,240 bytes free Post-Run: 106,462,187,520 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn 410 --- E O F --- 2009-08-23 22:26 HijackThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:38:07 PM, on 8/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Palm\HOTSYNC.EXE C:\PROGRA~1\MICROS~3\rapimgr.exe C:\PROGRA~1\SYMANT~1\vptray .exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Avanquest\PowerDesk\PDExplo.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\msfeedssync.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stickam.com/viewFriends.do?userId=173978414 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Startup: TweetDeck.lnk = C:\Program Files\TweetDeck\TweetDeck.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://mobile.coair.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} (Confidence Online for Web Applications) - https://mobile.coair.com/llclient/postsp/wi...java+AXXPEE.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238346970205 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200347491531 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {A9C70AF0-0F2A-11D1-B230-0000C08C00C4} (SSDBCombo Control 3.1) - http://insidetis.coair.com/edocs/cabs/ssdw3b32.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://mobile.coair.com/dana-cached/setup/...perSetupSP1.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...721/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{2792218B-15FF-4D9F-94E6-9C59EE816951}: NameServer = 68.87.64.146,68.87.75.194 O17 - HKLM\System\CS1\Services\Tcpip\..\{2792218B-15FF-4D9F-94E6-9C59EE816951}: NameServer = 68.87.64.146,68.87.75.194 O17 - HKLM\System\CS2\Services\Tcpip\..\{2792218B-15FF-4D9F-94E6-9C59EE816951}: NameServer = 68.87.64.146,68.87.75.194 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Google Update Service (gupdate1c98bf037187472) (gupdate1c98bf037187472) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11186 bytes mbam log Malwarebytes' Anti-Malware 1.40 Database version: 2551 Windows 5.1.2600 Service Pack 3 8/27/2009 9:46:01 PM mbam-log-2009-08-27 (21-46-01).txt Scan type: Quick Scan Objects scanned: 99946 Time elapsed: 4 minute(s), 14 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 4 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\Win32kDiag.exe (Trojan.Agent) -> Quarantined and deleted successfully. Thanks again!! What's next?? :-)
  9. dl737
    As requested: Log file is located at: C:\Documents and Settings\dl737\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB927891\KB927891 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB927891\KB927891 Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\addins\addins Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP160.tmp\ZAP160.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP160.tmp\ZAP160.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP177.tmp\ZAP177.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP177.tmp\ZAP177.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP258.tmp\ZAP258.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP258.tmp\ZAP258.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP266.tmp\ZAP266.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP266.tmp\ZAP266.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP288.tmp\ZAP288.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP288.tmp\ZAP288.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AD.tmp\ZAP2AD.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AD.tmp\ZAP2AD.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC3.tmp\ZAPC3.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC3.tmp\ZAPC3.tmp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ftpcache\ftpcache Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002159830090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002159830090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\mui\mui Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1025\1025 Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1028\1028 Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1031\1031 Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1037\1037 Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1041\1041 Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1042\1042 Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1054\1054 Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\2052\2052 Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3076\3076 Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1644491937-630328440-839522115-1003\S-1-5-21-1644491937-630328440-839522115-1003 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1644491937-630328440-839522115-1003\S-1-5-21-1644491937-630328440-839522115-1003 Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\GoogleEarth\GoogleEarth Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\GoogleEarth\GoogleEarth Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks\Juniper Networks Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks\Juniper Networks Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\GoogleEarth\GoogleEarth Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\GoogleEarth\GoogleEarth Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\dhcp\dhcp Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn Cannot access: C:\WINDOWS\system32\dumprep.exe Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe [1] 2004-08-04 01:56:50 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 20:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 20:12:18 10752 C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\eventlog.dll Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 01:56:44 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 63488 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\export\export Found mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown Found mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Startup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Startup Found mount point : C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK\IEAK Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK\IEAK Found mount point : C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logoff\Logoff Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logoff\Logoff Found mount point : C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logon\Logon Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logon\Logon Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Found mount point : C:\WINDOWS\system32\Macromed\update\update Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Macromed\update\update Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\sample\sample Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wins\wins Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\xircom\xircom Found mount point : C:\WINDOWS\Temp\bye10C.tmp\Disk1\Disk1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\bye10C.tmp\Disk1\Disk1 Found mount point : C:\WINDOWS\Temp\byeA17.tmp\Disk1\Disk1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\byeA17.tmp\Disk1\Disk1 Found mount point : C:\WINDOWS\Temp\gis1edf7cb9\gis1edf7cb9 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gis1edf7cb9\gis1edf7cb9 Found mount point : C:\WINDOWS\Temp\gis24b288f\gis24b288f Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gis24b288f\gis24b288f Found mount point : C:\WINDOWS\Temp\gis6a417a\gis6a417a Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gis6a417a\gis6a417a Found mount point : C:\WINDOWS\Temp\gis74e7f2b\gis74e7f2b Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gis74e7f2b\gis74e7f2b Found mount point : C:\WINDOWS\Temp\gisbbb99\gisbbb99 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gisbbb99\gisbbb99 Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar Found mount point : C:\WINDOWS\Temp\iss3.tmp\iss3.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\iss3.tmp\iss3.tmp Found mount point : C:\WINDOWS\Temp\KAV6Upgrade\KAV6Upgrade Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\KAV6Upgrade\KAV6Upgrade Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_ Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\_avast4_\_avast4_ Found mount point : C:\WINDOWS\Temp\_isTmp_{8675309}\_isTmp_{8675309} Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\_isTmp_{8675309}\_isTmp_{8675309} Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Finished!
  10. dl737
    I hadn't head from you since your last instruction (I know you guys are busy) so took the liberty of running Sophos Anti Rootkill. It found several dlls and a sys file - all having a WZSZX prefix, but very long names. Though it recommended against it, I had it kill them all - and immediately rebooted. After rebooting, the PC started a little better, so immediately installed mbam, but same results at before. 6 seconds in - it disappears. Tried ComboFix - same as before. Then tried RootRepeal again - files only - and it kept on running quite a bit longer than before, but eventually disappeared as before - with no report generated - what do I do next????
  11. dl737
    As requested: Log file is located at: C:\Documents and Settings\dl737\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB927891\KB927891 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB927891\KB927891 Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\addins\addins Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP160.tmp\ZAP160.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP160.tmp\ZAP160.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP177.tmp\ZAP177.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP177.tmp\ZAP177.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP258.tmp\ZAP258.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP258.tmp\ZAP258.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP266.tmp\ZAP266.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP266.tmp\ZAP266.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP288.tmp\ZAP288.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP288.tmp\ZAP288.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AD.tmp\ZAP2AD.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2AD.tmp\ZAP2AD.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC3.tmp\ZAPC3.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC3.tmp\ZAPC3.tmp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ftpcache\ftpcache Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109440090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109510090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109511090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109610090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109711090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109910090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109B10090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100A0C00000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002109F100C0400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002159830090400000000000F01FEC\12.0.4518\12.0.4518 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\00002159830090400000000000F01FEC\12.0.4518\12.0.4518 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\mui\mui Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\ERRORREP\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH Cannot access: C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe Attempting to restore permissions of : C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe [1] 2004-08-04 01:56:52 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 20:12:21 744448 C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 20:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\DFS\DFS Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System\News\News Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1025\1025 Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1028\1028 Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1031\1031 Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1037\1037 Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1041\1041 Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1042\1042 Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1054\1054 Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\2052\2052 Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3076\3076 Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1644491937-630328440-839522115-1003\S-1-5-21-1644491937-630328440-839522115-1003 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1644491937-630328440-839522115-1003\S-1-5-21-1644491937-630328440-839522115-1003 Found mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TempDir\TempDir Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\GoogleEarth\GoogleEarth Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Google\GoogleEarth\GoogleEarth Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks\Juniper Networks Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks\Juniper Networks Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\GoogleEarth\GoogleEarth Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\GoogleEarth\GoogleEarth Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\dhcp\dhcp Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn Cannot access: C:\WINDOWS\system32\dumprep.exe Attempting to restore permissions of : C:\WINDOWS\system32\dumprep.exe [1] 2004-08-04 01:56:50 10752 C:\WINDOWS\$NtServicePackUninstall$\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 20:12:18 10752 C:\WINDOWS\ServicePackFiles\i386\dumprep.exe (Microsoft Corporation) [1] 2008-04-13 20:12:18 10752 C:\WINDOWS\system32\dumprep.exe (Microsoft Corporation) Cannot access: C:\WINDOWS\system32\eventlog.dll Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 01:56:44 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 20:11:53 63488 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 20:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\export\export Found mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Shutdown\Shutdown Found mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Startup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\Machine\Scripts\Startup\Startup Found mount point : C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK\IEAK Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\User\MICROSOFT\IEAK\IEAK Found mount point : C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logoff\Logoff Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logoff\Logoff Found mount point : C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logon\Logon Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\GroupPolicy\User\Scripts\Logon\Logon Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Found mount point : C:\WINDOWS\system32\Macromed\update\update Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Macromed\update\update Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\sample\sample Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wins\wins Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\xircom\xircom Found mount point : C:\WINDOWS\Temp\bye10C.tmp\Disk1\Disk1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\bye10C.tmp\Disk1\Disk1 Found mount point : C:\WINDOWS\Temp\byeA17.tmp\Disk1\Disk1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\byeA17.tmp\Disk1\Disk1 Found mount point : C:\WINDOWS\Temp\gis1edf7cb9\gis1edf7cb9 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gis1edf7cb9\gis1edf7cb9 Found mount point : C:\WINDOWS\Temp\gis24b288f\gis24b288f Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gis24b288f\gis24b288f Found mount point : C:\WINDOWS\Temp\gis6a417a\gis6a417a Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gis6a417a\gis6a417a Found mount point : C:\WINDOWS\Temp\gis74e7f2b\gis74e7f2b Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gis74e7f2b\gis74e7f2b Found mount point : C:\WINDOWS\Temp\gisbbb99\gisbbb99 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\gisbbb99\gisbbb99 Found mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\Google Toolbar\Google Toolbar Found mount point : C:\WINDOWS\Temp\iss3.tmp\iss3.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\iss3.tmp\iss3.tmp Found mount point : C:\WINDOWS\Temp\KAV6Upgrade\KAV6Upgrade Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\KAV6Upgrade\KAV6Upgrade Found mount point : C:\WINDOWS\Temp\_avast4_\_avast4_ Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\_avast4_\_avast4_ Found mount point : C:\WINDOWS\Temp\_isTmp_{8675309}\_isTmp_{8675309} Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\_isTmp_{8675309}\_isTmp_{8675309} Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Finished! Thanks!!
  12. dl737
    Hello, My computer was infected last night. I have tried running HiJackThis and Malwarebytes and Sbybot, autoruns, etc. They all stop scanning after a few seconds and then disappear. After disappearing, I try to open then again and I get a system message saying "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I tried changing the name of the file but it didnt help. Looking at the other posts, I downloaded RootRepeal and ran it. On opening I kept on getting
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.