Jump to content

dsloan85

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. sorry it took so long to get back to you, got a little busy with some stuff. here are the logs you asked for Malwarebytes' Anti-Malware 1.40 Database version: 2712 Windows 5.1.2600 Service Pack 3 8/29/2009 11:20:21 AM mbam-log-2009-08-29 (11-20-21).txt Scan type: Quick Scan Objects scanned: 91248 Time elapsed: 5 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) The ESET Log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=79616c878f3b9a46ab4a1b2aa510d970 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-08-29 11:16:33 # local_time=2009-08-29 06:16:33 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1026 37 66 100 345137031250 # compatibility_mode=5889 61 66 100 760238031875000 # scanned=123313 # found=5 # cleaned=0 # scan_time=2367 C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinIRCBotkow14.zip Win32/Bagle.gen.zip worm 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\desot.exe.vir Win32/Adware.WindowsAntivirusPro application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\kbiwkmyrvidkuo.sys.vir a variant of Win32/Olmarik.LF trojan 00000000000000000000000000000000 I E:\Dsp4\Music\My Music\iTunes\iTunes Music\songs\Matt_Wertz-Under_Summer_Sun-2008-RVP\10-matt_wertz-with_you_tonight.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I E:\Dsp4\Programs\CyberLink PowerDVD ULTRA EDITION v8.0.1531(New-with serial keys)\CyberLink PowerDVD Ultra v8.0.1513\Keymaker\keygen.exe probably a variant of Win32/TrojanDownloader.Agent trojan 00000000000000000000000000000000 I E:\ is an external hard drive, where i keep my music files and such
  2. just got done running Malwarebytes, here is the log from that Malwarebytes' Anti-Malware 1.40 Database version: 2710 Windows 5.1.2600 Service Pack 3 8/28/2009 5:05:07 PM mbam-log-2009-08-28 (17-05-07).txt Scan type: Quick Scan Objects scanned: 90771 Time elapsed: 2 minute(s), 55 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\UAChvcdrgrmhc.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACtubloynjwe.dll (Rogue.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\UACtkrnrnqxcm.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACbusgmmffxj.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACgawumboyrx.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\UACnmccoasidq.dat (Trojan.Agent) -> Quarantined and deleted successfully. still have some issues with some of the programs that were locked out by the virus not being able to be deleted, an instance of mbam.exe, rootrepeal, gmer.exe files, and hijackthis exe files that are unable to be modified/accessed, mostly just need to clean them off my desktop. dont care that much about stuff in directories and stuff and thanks again for all your help so far, you've been a tremendous help
  3. Here is the combo-fix.txt ComboFix 09-08-28.01 - Dps 08/28/2009 16:36.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2516 [GMT -5:00] Running from: c:\documents and settings\Dps\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Dps\Application Data\wiaserva.log c:\program files\Mozilla Firefox\chrome\amba.jar c:\program files\Windows Antivirus Pro c:\program files\Windows Antivirus Pro\msvcm80.dll c:\program files\Windows Antivirus Pro\msvcp80.dll c:\program files\Windows Antivirus Pro\msvcr80.dll c:\program files\Windows Antivirus Pro\Windows Antivirus Pro.exe c:\windows\msa.exe c:\windows\run.log c:\windows\system32\desot.exe c:\windows\system32\drivers\kbiwkmyrvidkuo.sys c:\windows\system32\kbiwkmdoidlfav.dat c:\windows\system32\kbiwkmgoecjdfq.dat c:\windows\system32\kbiwkmtmpppqlx.dll c:\windows\system32\kbiwkmyuhrbvcx.dll c:\windows\system32\sonhelp.htm c:\windows\system32\uacinit.dll E:\Autorun.inf c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_kbiwkmlsmlhbak -------\Legacy_UACd.sys -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} -------\Service_kbiwkmlsmlhbak -------\Service_UACd.sys ((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 ))))))))))))))))))))))))))))))) . 2009-08-28 06:32 . 2009-08-28 06:32 -------- d-----w- c:\documents and settings\Dps\Application Data\Malwarebytes 2009-08-27 22:24 . 2009-08-27 22:24 -------- d-----w- c:\program files\findit 2009-08-27 22:14 . 2009-08-27 22:14 -------- d-----w- c:\program files\HJ 2009-08-27 22:02 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-27 22:02 . 2009-08-28 06:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-27 22:02 . 2009-08-27 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-27 22:02 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-27 21:55 . 2009-08-27 21:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Subversion 2009-08-27 21:20 . 2009-08-27 21:20 -------- d-----w- c:\documents and settings\Dps\Application Data\Uniblue 2009-08-27 17:00 . 2009-08-27 16:56 138752 ----a-w- c:\windows\msb.exe 2009-08-27 16:55 . 2009-08-27 16:55 19968 ----a-w- c:\windows\system32\UACbusgmmffxj.dll 2009-08-27 16:55 . 2009-08-27 16:55 29696 ----a-w- c:\windows\system32\UACgawumboyrx.dll 2009-08-27 16:55 . 2009-08-27 16:55 174 ----a-w- c:\windows\system32\UACnmccoasidq.dat 2009-08-27 16:55 . 2009-08-28 00:07 74240 ----a-w- c:\windows\system32\UACtubloynjwe.dll 2009-08-27 16:55 . 2009-08-27 16:55 26624 ----a-w- c:\windows\system32\UAChvcdrgrmhc.dll 2009-08-27 16:55 . 2009-08-27 16:55 54784 ----a-w- c:\windows\system32\drivers\UACtkrnrnqxcm.sys 2009-08-27 16:55 . 2009-08-27 16:55 -------- d-----w- C:\spoolerlogs 2009-08-13 06:02 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys 2009-08-13 06:02 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys 2009-08-13 06:02 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2009-08-13 06:02 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2009-08-12 21:53 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-28 04:54 . 2009-06-16 00:12 -------- d-----w- c:\documents and settings\Dps\Application Data\Advanced Combat Tracker 2009-08-27 21:20 . 2009-06-23 18:12 -------- d-----w- c:\program files\Uniblue 2009-08-26 00:01 . 2008-06-05 22:36 -------- d-----w- c:\documents and settings\Dps\Application Data\uTorrent 2009-08-23 01:00 . 2008-06-08 07:31 -------- d-----w- c:\program files\PeerGuardian2 2009-08-15 01:52 . 2008-07-09 04:39 -------- d-----w- c:\program files\InnerSpace 2009-08-13 06:02 . 2008-06-03 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2009-08-11 02:42 . 2009-07-05 03:53 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-27 00:08 . 2008-06-04 01:33 -------- d-----w- c:\program files\Advanced Combat Tracker 2009-07-26 02:52 . 2009-04-24 06:29 -------- d-----w- c:\program files\Free Music Zilla 2009-07-22 23:48 . 2008-06-03 22:22 -------- d-----w- c:\program files\Apple Software Update 2009-07-22 07:05 . 2008-06-30 05:55 188501 ----a-w- c:\documents and settings\Dps\Application Data\ContentGuard\CGGuard2.dll 2009-07-21 22:46 . 2008-06-05 22:36 -------- d-----w- c:\program files\uTorrent 2009-07-19 14:49 . 2008-06-05 20:31 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 04:46 . 2009-07-16 04:45 -------- d-----w- c:\program files\iTunes 2009-07-16 04:46 . 2009-07-16 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-07-16 04:45 . 2009-07-16 04:45 -------- d-----w- c:\program files\iPod 2009-07-16 04:45 . 2008-06-03 22:21 -------- d-----w- c:\program files\Common Files\Apple 2009-07-16 04:44 . 2009-07-16 04:44 -------- d-----w- c:\program files\QuickTime 2009-07-16 04:38 . 2009-07-16 04:38 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe 2009-07-16 04:35 . 2009-07-16 04:35 -------- d-----w- c:\program files\Bonjour 2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-09 17:16 . 2009-07-16 04:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2009-07-09 17:16 . 2009-07-16 04:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll 2009-07-08 15:01 . 2008-07-03 17:26 -------- d-----w- c:\documents and settings\Dps\Application Data\ProfitUI Reborn Updater 2009-07-05 09:09 . 2009-07-04 10:57 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-07-04 11:24 . 2009-07-04 11:24 271360 ----a-w- c:\windows\system32\drivers\atksgt.sys 2009-07-04 11:24 . 2009-07-04 11:24 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2009-07-04 11:00 . 2009-07-04 11:00 -------- d-----w- c:\program files\Monte Cristo 2009-07-04 10:59 . 2009-07-04 10:52 -------- d-----w- c:\documents and settings\Dps\Application Data\DAEMON Tools Lite 2009-07-04 10:58 . 2009-07-04 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-07-04 10:57 . 2009-07-04 10:57 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2009-07-04 10:53 . 2009-07-04 10:53 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-07-02 05:10 . 2009-07-02 05:07 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-02 05:10 . 2009-07-02 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-27 13:29 . 2008-06-05 20:32 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-06-27 13:29 . 2008-06-05 20:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:19 . 2008-06-03 00:47 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ABIT uGuruIII"="c:\program files\ABIT\uGuru\uGuru.exe" [2006-07-24 417792] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-27 1948440] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440] "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-08-14 16050176] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\Dps\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-06-27 13:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk backup=c:\windows\pss\Ralink Wireless Utility.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"= "c:\\Program Files\\Sony\\EverQuest II\\EQ2.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Sony\\EverQuest II\\EverQuest2.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\ICQ6\\ICQ.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaws.exe"= "c:\\Program Files\\Free Music Zilla\\FMZilla.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"= "c:\\WINDOWS\\system32\\javaws.exe"= "c:\\Program Files\\Sony\\EverQuest II\\EQ2VoiceService.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [6/2/2008 8:14 PM 14592] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/5/2008 3:31 PM 335752] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/5/2008 3:32 PM 108552] R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2/1/2008 5:24 PM 41456] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 11:51 AM 298776] R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2008 10:32 PM 24652] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [10/31/2008 7:48 AM 93696] S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 11:51 AM 907032] . Contents of the 'Scheduled Tasks' folder 2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34] 2009-08-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2009-08-28 c:\windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job - c:\windows\msb.exe [2009-08-27 16:56] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-minix32 - c:\windows\system32\minix32.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Dps\Application Data\Mozilla\Firefox\Profiles\3iw52zsc.default\ FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-28 16:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(536) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2468) c:\windows\system32\WININET.dll c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\wscntfy.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Microsoft IntelliType Pro\dpupdchk.exe c:\program files\iPod\bin\iPodService.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe . ************************************************************************** . Completion time: 2009-08-28 16:47 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-28 21:47 Pre-Run: 4,819,001,344 bytes free Post-Run: 4,908,855,296 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 292 --- E O F --- 2009-08-28 08:00 Here is the hijackthis.log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:49:33 PM, on 8/28/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\DAEMON Tools Lite\daemon.exe c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6691 bytes I'm about to do a fresh install of Malwarebytes and run that and will post the log when i'm finished with that.
  4. avenger worked fine with no hiccups, i can post the log if you like but was pretty much script/files moved sucessfully... finished i am running combo-fix.exe now and it is running fine, but i'm getting a prompt that is asking if i'd like Combo Fix to D/L and Install the recovery console, otherwise it will not attempt to fix some serious infections. right now i have the wireless adapter unplugged, and have been transferring files via a jump drive from my laptop. should i reconnect the wireless adapter, which im hesistant to do as to reinfect what i've been disinfecting so far... or is there a link you might have so that i can download the recovery console from there and install it via a jump drive, before continuing on with Combo-fix.exe process
  5. here you are, thanks again Log file is located at: C:\Documents and Settings\Dps\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865 Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389 Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\addins\addins Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15C.tmp\ZAP15C.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15C.tmp\ZAP15C.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23D.tmp\ZAP23D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23D.tmp\ZAP23D.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25D.tmp\ZAP25D.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25D.tmp\ZAP25D.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29F.tmp\ZAP29F.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29F.tmp\ZAP29F.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3.tmp\ZAPA3.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3.tmp\ZAPA3.tmp Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\temp\temp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Debug\UserMode\UserMode Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ftpcache\ftpcache Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\chsime\applets\applets Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\shared\res\res Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\classes\classes Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\mui\mui Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Attempting to restore permissions of : C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe [1] 2004-08-04 07:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1025\1025 Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1028\1028 Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1031\1031 Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1037\1037 Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1041\1041 Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1042\1042 Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1054\1054 Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\2052\2052 Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3076\3076 Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Found mount point : C:\WINDOWS\system32\Adobe\update\update Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Adobe\update\update Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\dhcp\dhcp Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn Cannot access: C:\WINDOWS\system32\eventlog.dll Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 07:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 62976 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\export\export Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv Found mount point : C:\WINDOWS\system32\Lang\Lang Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Lang\Lang Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\sample\sample Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\good\good Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wins\wins Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\xircom\xircom Found mount point : C:\WINDOWS\Temp\IntelChip\IntelChip Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\IntelChip\IntelChip Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73 Finished!
  6. here is the output from win32kdiag Log file is located at: C:\Documents and Settings\Dps\Desktop\Win32kDiag.txt WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB915865\KB915865 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\addins\addins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15C.tmp\ZAP15C.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP23D.tmp\ZAP23D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25D.tmp\ZAP25D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP29F.tmp\ZAP29F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3.tmp\ZAPA3.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Debug\UserMode\UserMode Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ftpcache\ftpcache Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\mui\mui Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe [1] 2004-08-04 07:00:00 743936 C:\WINDOWS\$NtServicePackUninstall$\helpsvc.exe (Microsoft Corporation) [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe () [1] 2008-04-13 19:12:21 744448 C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe (Microsoft Corporation) Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Adobe\update\update Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Desktop\Desktop Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Favorites\Favorites Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\My Documents Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Recent\Recent Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2004-08-04 07:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation) [1] 2008-04-13 19:11:53 62976 C:\WINDOWS\system32\eventlog.dll () [2] 2008-04-13 19:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\Lang\Lang Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\IntelChip\IntelChip Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\MPTelemetrySubmit\MPTelemetrySubmit Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30411.0_x-ww_71382c73 Mount point destination : \Device\__max++>\^ Finished! thanks for your help
  7. alright, got GMER to start up and start scanning, its gotten the farthest out of any of the programs before getting closed and locked out. have not been able to get a full scan to go completely through but here is the log i could pull out so far gmer.zip
  8. of the issues from #5, CLB Rootkit driver=TDSS/Seneka/GAOPDX/UAC/ovfst/kungsf/SKYNET/MSIVX, seems like its most like my problem, the issue i have is, rootrepeal when i tried to run the scan like it says, it will scan for a few seconds then it closed out, and then when i try to run rootrepeal again i get the error "Windows cannot access the specified device, path or file. You may not have appropriate permissions to access them."
  9. started with AVcare, a.exe, and msb.exe infections this morning, along with a few other trojans. as soon as i started getting the fake alerts or whatever i killed every unknown process running and also some of the extra fluff processes that didnt need to be running. there is still a msb.exe file in my windows folder, and another msb related file in my windows/prefetch folder (i left those there because the last time i dealt with an infection like this when i tried to nuke a similar file, it created a NTauthority error what would auto shutdown the system after 30 seconds of bootup even in safemode). i found all the a.exe related files in my temp files and nuked them at the time. and havent had that process reload since, AVcare and all the fake system alerts have stopped. i'm still getting some google redirects. Neither AVG or Spybot S&D would run, so i tried to d/l and install MBAM, but the setup wouldnt even run, so i changed the name of the setup program, and it ran until it got to the end and then stalled out for an hour. I've tried running HJT but every time i start a scan it will start and a second or two later it shuts off without any trace of a log file output, try to run it again and i get a system error that says "Windows cannot access the specified device, path or file. You may not have appropriate permissions to access them.", then tried to run Rootrepeal, and pretty much got the same problem, it seems that as soon as i get a program on to this infections trail, it shuts it out and then blocks its access to run
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.