GFI

Thanks again for all your help. My computer is once again running smooth.

Thanks, everything worked. I have one more question if you wouldn't mind. Is there anything I should do to keep from getting a virus like the Antispyware 2010 in the future? Any programs you would recommend? It was quite the ordeal and I want to avoid going through it again. It seemed to have something to do with my adobe viewer when I first got the virus. Not sure if I should use another PDF viewer? Thank your for all your help.

Thanks....Symantec worked fine after that. I tried to remove Avira AntiVir Personal, but got the following message "Cannot Load Master Resource File". So far I have tried: http://www.avira.com/en/documents/utils/av...uninstXPeng.zip & http://www.themisteriosos.com/uninstall-av...-completely.htm both programs fail to complete with the error: "Unsetup was not able to delete all components"

Here is the log file: Junction v1.05 - Windows junction creator and reparse point viewer Copyright © 2000-2007 Mark Russinovich Systems Internals - http://www.sysinternals.com Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process. Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process. ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... . Failed to open \\?\c:\\Program Files\Symantec AntiVirus\VPC32.exe: Access is denied. .. ... ... ... ... ...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 \\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e ... ... ... ... ... ... ... ... ... ... ..

Hi, Inherit allowed me to run a couple of the programs that were being blocked, but I still can't run Symantec and I still am unable to uninstall Avira. Any other ideas?

Here are the two logs: log.txt Logfile of random's system information tool 1.06 (written by random/random) Run by gives at 2009-09-03 07:38:19 Microsoft Windows XP Professional Service Pack 2 System drive C: has 28 GB (36%) free of 76 GB Total RAM: 2046 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:38:41 AM, on 9/3/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Documents and Settings\gives\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\gives\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\gives\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\gives\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\gives\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\gives\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Documents and Settings\gives\Desktop\RSIT.exe C:\Program Files\trend micro\gives.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://companyweb O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://ntserver/connectcomputer/nshelp.dll O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MHCiv.local O17 - HKLM\Software\..\Telephony: DomainName = MHCiv.local O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MHCiv.local O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Transoft Solutions License Server V1.4 - Unknown owner - C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe -- End of file - 6928 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1368161332-2723273657-3337644624-1172Core.job C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1368161332-2723273657-3337644624-1172UA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-01 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-01 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-03-21 5537792] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-01 149280] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"=C:\Documents and Settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 133104] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BbInstallUser] C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe [2008-04-24 49824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe [2008-04-16 156320] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-10-04 48752] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Documents and Settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 133104] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2002-11-05 188416] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-04-25 139264] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphcgolj0ee8t] C:\WINDOWS\system32\lphcgolj0ee8t.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MicroBrw] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrw.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod] C:\DOCUME~1\gives\LOCALS~1\Temp\b.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll [2005-03-21 5537792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Antispyware 2010] C:\Program Files\PC_Antispyware2010\PC_Antispyware2010.exe /hide [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe [2006-02-10 282624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe [2005-11-15 85744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [2008-01-15 37376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [2003-05-15 217193] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~2.EXE [2006-08-15 11000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 "Lavasoft Ad-Aware Service"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2005-11-15 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoBandCustomize"=0 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoWelcomeScreen"= "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" ======File associations====== .ini - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 .scr - open - "C:\WINDOWS\notepad.exe" "%1" .scr - install - .scr - config - .txt - open - C:\WINDOWS\SYSTEM32\NOTEPAD.EXE %1 ======List of files/folders created in the last 1 months====== 2009-09-03 07:38:19 ----D---- C:\rsit 2009-09-03 07:38:19 ----D---- C:\Program Files\trend micro 2009-09-02 13:07:53 ----D---- C:\Program Files\Pandora 2009-09-02 11:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-09-01 16:01:54 ----A---- C:\WINDOWS\system32\javaws.exe 2009-09-01 16:01:54 ----A---- C:\WINDOWS\system32\javaw.exe 2009-09-01 16:01:54 ----A---- C:\WINDOWS\system32\java.exe 2009-09-01 16:01:54 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-09-01 14:22:36 ----SHD---- C:\RECYCLER 2009-09-01 14:14:40 ----D---- C:\WINDOWS\temp 2009-09-01 09:05:41 ----A---- C:\RootRepeal report 09-01-09 (09-05-41).txt 2009-09-01 08:20:30 ----A---- C:\Boot.bak 2009-09-01 08:20:23 ----RASHD---- C:\cmdcons 2009-09-01 08:16:56 ----D---- C:\WINDOWS\ERDNT 2009-08-28 13:01:05 ----A---- C:\WINDOWS\system32\KDSInterface.txt 2009-08-28 12:17:53 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2009-08-27 11:04:41 ----A---- C:\djos.exe.virus 2009-08-26 16:02:43 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-08-18 16:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-08-17 16:03:08 ----D---- C:\2b5cbe60827d3b240995272f 2009-08-12 16:00:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-08-12 15:59:26 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-08-12 15:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-08-12 15:59:12 ----D---- C:\WINDOWS\ServicePackFiles 2009-08-12 15:59:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$ 2009-08-12 15:59:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-08-12 15:58:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-08-12 15:58:49 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-08-12 15:58:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-08-12 15:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-08-12 15:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$ ======List of files/folders modified in the last 1 months====== 2009-09-03 07:38:23 ----D---- C:\WINDOWS\Prefetch 2009-09-03 07:38:19 ----D---- C:\Program Files 2009-09-03 07:32:41 ----D---- C:\WINDOWS\security 2009-09-02 16:01:05 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-09-02 15:50:15 ----D---- C:\cadtemp 2009-09-02 15:37:24 ----D---- C:\autosaves 2009-09-02 14:36:34 ----HD---- C:\WINDOWS\inf 2009-09-02 14:34:09 ----D---- C:\WINDOWS\system32\CatRoot2 2009-09-02 13:07:54 ----SHD---- C:\WINDOWS\Installer 2009-09-02 13:07:54 ----HD---- C:\Config.Msi 2009-09-02 12:58:17 ----SHD---- C:\System Volume Information 2009-09-02 12:58:17 ----D---- C:\WINDOWS\system32\Restore 2009-09-02 12:56:12 ----D---- C:\WINDOWS 2009-09-02 12:56:07 ----D---- C:\WINDOWS\system32 2009-09-02 11:29:19 ----D---- C:\WINDOWS\Microsoft.NET 2009-09-02 11:08:35 ----D---- C:\WINDOWS\system32\dllcache 2009-09-02 11:08:33 ----D---- C:\WINDOWS\system32\drivers 2009-09-02 10:51:31 ----D---- C:\Documents and Settings\gives\Application Data\AdobeUM 2009-09-02 08:43:46 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-09-01 16:01:33 ----D---- C:\Program Files\Java 2009-09-01 15:54:28 ----D---- C:\Program Files\Common Files 2009-09-01 14:03:33 ----A---- C:\WINDOWS\system.ini 2009-09-01 14:01:50 ----D---- C:\WINDOWS\AppPatch 2009-09-01 13:53:08 ----D---- C:\WINDOWS\system32\xircom 2009-09-01 13:53:08 ----D---- C:\WINDOWS\system32\wins 2009-09-01 13:53:08 ----D---- C:\WINDOWS\system32\The All-New `08 CTS dir 2009-09-01 13:53:08 ----D---- C:\WINDOWS\system32\ShellExt 2009-09-01 13:53:08 ----D---- C:\WINDOWS\system32\scripting 2009-09-01 13:53:07 ----D---- C:\WINDOWS\system32\inetsrv 2009-09-01 13:53:07 ----D---- C:\WINDOWS\system32\FxsTmp 2009-09-01 13:53:07 ----D---- C:\WINDOWS\system32\export 2009-09-01 13:53:07 ----D---- C:\WINDOWS\system32\en 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\dhcp 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\CatRoot_bak 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\bits 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\3com_dmi 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\3076 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\2052 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\1054 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\1042 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\1041 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\1037 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\1031 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\1028 2009-09-01 13:53:06 ----D---- C:\WINDOWS\system32\1025 2009-09-01 13:53:00 ----D---- C:\WINDOWS\l2schemas 2009-09-01 13:52:56 ----D---- C:\WINDOWS\Connection Wizard 2009-09-01 13:52:56 ----D---- C:\WINDOWS\Config 2009-09-01 13:32:53 ----A---- C:\WINDOWS\ODBC.INI 2009-09-01 08:50:24 ----SD---- C:\WINDOWS\Tasks 2009-09-01 08:46:44 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-09-01 08:41:35 ----D---- C:\WINDOWS\system32\config 2009-09-01 08:39:51 ----RSD---- C:\WINDOWS\Fonts 2009-09-01 08:25:11 ----N---- C:\WINDOWS\system32\eventlog.dll 2009-09-01 08:20:31 ----RASH---- C:\boot.ini 2009-08-31 13:48:03 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-08-31 13:46:51 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2009-08-31 13:46:50 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-08-31 13:14:12 ----D---- C:\gfi 2009-08-31 08:19:22 ----A---- C:\WINDOWS\HPOTBX05.INI 2009-08-28 14:05:37 ----D---- C:\WINDOWS\network diagnostic 2009-08-28 13:45:53 ----D---- C:\WINDOWS\WinSxS 2009-08-28 13:27:34 ----SHD---- C:\WINDOWS\CSC 2009-08-28 13:04:23 ----D---- C:\WINDOWS\system32\CatRoot 2009-08-27 13:46:52 ----HD---- C:\WINDOWS\$hf_mig$ 2009-08-27 12:49:01 ----A---- C:\WINDOWS\win.ini 2009-08-27 11:46:30 ----SD---- C:\Documents and Settings\gives\Application Data\Microsoft 2009-08-27 11:21:12 ----D---- C:\Documents and Settings\gives\Application Data\GetRightToGo 2009-08-26 16:02:50 ----A---- C:\WINDOWS\imsins.BAK 2009-08-18 08:03:58 ----RSD---- C:\WINDOWS\assembly 2009-08-17 16:03:48 ----D---- C:\WINDOWS\system32\XPSViewer 2009-08-17 16:03:46 ----D---- C:\WINDOWS\system32\en-us 2009-08-17 16:01:28 ----D---- C:\Program Files\Internet Explorer 2009-08-13 07:39:19 ----D---- C:\WINDOWS\system32\Setup 2009-08-12 15:58:43 ----D---- C:\Program Files\Outlook Express 2009-08-11 08:00:04 ----D---- C:\Program Files\Common Files\Adobe AIR 2009-08-05 05:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628] R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684] R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848] R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys [] R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys [] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-10-19 195728] R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628] R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496] R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524] R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684] R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364] R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036] R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332] R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544] R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2005-12-16 132608] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081216.003\naveng.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081216.003\navex15.sys [] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-03-21 3434464] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-10 1107224] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [] S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [] S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] S3 pctplsg;pctplsg; \??\C:\WINDOWS\system32\drivers\pctplsg.sys [] S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-10-19 24720] S3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-04 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-04 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-04 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-04 41088] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-04 42240] S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-10-04 177776] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2005-11-15 20208] R2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-04-25 86142] R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-13 155648] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-01 153376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-03-21 127046] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632] R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2005-11-15 169200] R2 Transoft Solutions License Server V1.4;Transoft Solutions License Server V1.4; C:\Program Files\Transoft Solutions\License Server\TransoftLS.exe [2006-08-01 307200] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2006-09-06 77944] S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2006-08-15 902760] S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-10-04 185968] S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-10-04 83568] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-10-19 214672] S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-03-30 992864] S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2005-11-15 1756912] S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336] S4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF----------------- info.txt info.txt logfile of random's system information tool 1.06 2009-09-03 07:38:44 ======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01} Adobe Acrobat 6.0 Standard-->MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001} Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe ArcExplorer Java Edition-->"C:\Program Files\ArcGIS\ArcExplorer\UninstallerData\Uninstall AEJava.exe" AutoCAD 2005 Express Tools Volumes 1-9-->MsiExec.exe /X{5783F2D7-0311-0409-0000-0060B0CE6BBA} Autodesk Civil 3D - Civil Design Companion 2007-->MsiExec.exe /I{C89B6268-5E93-4E1F-B04B-2F573233C099} Autodesk Civil 3D 2007-->MsiExec.exe /I{5783F2D7-5000-0409-0002-0060B0CE6BBA} Autodesk Civil Design 2005-->MsiExec.exe /I{5783F2D7-1308-0409-0002-0060B0CE6BBA} Autodesk Design Review 2008-->MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB} Autodesk Land Desktop 2005-->MsiExec.exe /I{5783F2D7-0308-0409-0002-0060B0CE6BBA} Autodesk Land Desktop 2007-->MsiExec.exe /I{5783F2D7-5008-0409-0002-0060B0CE6BBA} Autodesk Raster Design 2005-->MsiExec.exe /I{D8E1165F-F5A9-4915-AC4F-A34E70BDD0AA} Autodesk Raster Design 2007-->MsiExec.exe /I{786029E8-4396-4A01-A89B-C4589239515A} Autodesk Survey 2005-->MsiExec.exe /I{5783F2D7-2308-0409-0002-0060B0CE6BBA} Autodesk Survey 2007-->MsiExec.exe /I{7619DEB2-BC52-43A6-ADEC-6C2963270971} AutoTURN 5-->"C:\WINDOWS\AutoTURN 5\uninstall.exe" "/U:C:\Program Files\Transoft Solutions\AutoTURN 5\AutoTURN Uninstall.xml" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Bluebeam PDF Revu v6.2.0-->C:\Program Files\InstallShield Installation Information\{4C8F6A88-3C1C-4568-82CA-10E6D3C9C126}\setup.exe -runfromtemp -l0x0409 Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Broadcom Advanced Control Suite-->MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83} Carlson 2008 for AutoCAD-->C:\Program Files\InstallShield Installation Information\{516692F9-2E33-45AC-861E-113A89004A6F}\setup.exe -runfromtemp -l0x0009 -uninst -removeonly Carlson Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9A991FB-4AA3-4FE9-B719-C975362A9D31}\setup.exe" -l0x9 Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall Footprints-->MsiExec.exe /I{BDCF2167-ABCB-4988-8A41-10F68767E8FD} Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe" High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe" Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat hp deskjet 3820 series (Remove only)-->C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3820 -huninstall HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat Hydraflow Hydrographs 2007-->MsiExec.exe /I{AB9D3A14-7426-476E-AC9D-91B5A7DD2005} Hydraflow Storm Sewers 2005-->MsiExec.exe /I{5B723DBA-C2B2-4EC3-A0B6-A100CE79EF2C} Hydroworks Stormwater Treatment Program-->MsiExec.exe /I{802AE9F1-5D8F-469E-B3EC-5BC09631C6F9} Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST Inventor Plug-In 5.3-->MsiExec.exe /I{70FBACE0-90C5-4C53-8015-5830845950B8} Java 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033) Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548} Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9} Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B} Pandora-->msiexec /qb /x {BF4A5346-599E-E1A8-99C4-E46DA044A6A2} Pandora-->MsiExec.exe /I{BF4A5346-599E-E1A8-99C4-E46DA044A6A2} PCSWMM for Stormceptor-->MsiExec.exe /I{BA1AD403-2585-4513-9806-8170EE91396E} Photometric Viewer v3.3.02-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\PhotometricViewer\ST6UNST.LOG" PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB} Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe" Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Shadow Copy Client-->MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Symantec AntiVirus-->MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40} Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1} The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe Trimble Link for Land Desktop 2005-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{493ADB2D-9755-4B2C-AC5F-524F7531E7B0}\Setup.exe" uninstall Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe" Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Virtual Earth 3D (Beta)-->MsiExec.exe /I{2D87E961-577B-492B-AD54-1368680FB9A7} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Visual FoxPro ODBC Driver-->MsiExec.exe /X{31821EFE-1B31-4744-9FB0-208F92BD7168} VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe Volo View Express-->MsiExec.exe /I{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21} Winamp-->"C:\Program Files\Winamp\UninstWA.exe" Wind2 Financial Management System - Workstation-->MsiExec.exe /I{12BD67A7-DDFE-4C52-BD41-326388BF2058} Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe ======Security center information====== AV: Symantec AntiVirus Corporate Edition ======System event log====== Computer Name: GFIXP Event Code: 7023 Message: The Computer Browser service terminated with the following error: This operation returned because the timeout period expired. Record Number: 36 Source Name: Service Control Manager Time Written: 20090827111151.000000-240 Event Type: error User: Computer Name: GFIXP Event Code: 20 Message: Printer Driver HP Officejet Pro L7700 Series for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, hpwl7703.GPD, UNIDRV.HLP, hpwhl750.cfg, hpcdmc32.dll, hpbcfgre.dll, hpwl770a.ini, hpzst4sa.dll, hpwl7703.xml, hpzsc4sa.dtd, hpzui4sa.dll, hpz3r4sa.dll, hpzpr4sa.dll, hpzsm4sa.gpd, hpz3m4sa.gpd, hpzev4sa.dll, hpzhl4sa.cab, STDNAMES.GPD, hpfie4sa.dll, hpfig4sa.dll, hpfrs4sa.dll, UNIRES.DLL. Record Number: 32 Source Name: Print Time Written: 20090827110827.000000-240 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: GFIXP Event Code: 7026 Message: The following boot-start or system-start driver(s) failed to load: avgio avipbb Beep ssmdrv Record Number: 17 Source Name: Service Control Manager Time Written: 20090827110659.000000-240 Event Type: error User: Computer Name: GFIXP Event Code: 7000 Message: The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. Record Number: 13 Source Name: Service Control Manager Time Written: 20090827110651.000000-240 Event Type: error User: Computer Name: GFIXP Event Code: 10010 Message: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Record Number: 9 Source Name: DCOM Time Written: 20090827110533.000000-240 Event Type: error User: MHCIV\gives =====Application event log===== Computer Name: GFIXP Event Code: 32026 Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed. Record Number: 9070 Source Name: Microsoft Fax Time Written: 20090806073629.000000-240 Event Type: warning User: Computer Name: GFIXP Event Code: 1517 Message: Windows saved user MHCIV\GIves registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 9061 Source Name: Userenv Time Written: 20090805160511.000000-240 Event Type: warning User: NT AUTHORITY\SYSTEM Computer Name: GFIXP Event Code: 32068 Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*' Record Number: 9040 Source Name: Microsoft Fax Time Written: 20090805072857.000000-240 Event Type: warning User: Computer Name: GFIXP Event Code: 32026 Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed. Record Number: 9039 Source Name: Microsoft Fax Time Written: 20090805072857.000000-240 Event Type: warning User: Computer Name: GFIXP Event Code: 1517 Message: Windows saved user MHCIV\GIves registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. Record Number: 9030 Source Name: Userenv Time Written: 20090804155953.000000-240 Event Type: warning User: NT AUTHORITY\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Raster Design 2005;C:\Program Files\Raster Design 2007;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0604 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ "SBSSERVER"=NTSERVER "CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip -----------------EOF-----------------

I did all of the clean up procedures and removed all the logs. For some reason I still cannot get rid of Avira. I also tried to run my Symantec Anti virus and I got the error: "Windows cannot access the specified device, path, or file. You may not have permissions to access the item." I find myself in a pickle once again.

Here is the ESET Log: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=1ae7922d65baf74f856a042b0d52df72 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-09-02 12:53:41 # local_time=2009-09-02 08:53:41 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=3585 63 50 0 0 # scanned=25914 # found=0 # cleaned=0 # scan_time=403 esets_scanner_update returned -1 esets_gle=53251 # version=6 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6050 # api_version=3.0.2 # EOSSerial=1ae7922d65baf74f856a042b0d52df72 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2009-09-02 02:23:34 # local_time=2009-09-02 10:23:34 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=3585 63 50 0 0 # scanned=110271 # found=6 # cleaned=0 # scan_time=5362 C:\gfi\SmitfraudFix.exe multiple threats 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\kvhwftjn.exe.vir Win32/TrojanDownloader.Small.ORV trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.ADG trojan 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\winhelper.dll.vir Win32/Adware.CoreguardAntivirus application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir Win32/Adware.XPSecurityCenter application 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_kbiwkmuyrqjctl_.sys.zip a variant of Win32/Rootkit.Kryptik.I trojan 00000000000000000000000000000000 I Both of those programs failed to remove Avira. I will try some of the other suggestions on that second webpage and let you know.

Hi, I tried to remove Avira AntiVir Personal, but got the following message "Cannot Load Master Resource File". I have to keep Symantec. Everything else went fine until I tried to run Kaspersky. I got the following error message: "Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Antivirus bases have been updated after key expiration]" I re-tried to run the scan 3 or 4 times but got the same message every time. Please let me know what to do next. Thank you for all your help with this.

Computer still seems fine. No issues that I can see. Here's the next round of logs: ComboFix log: ComboFix 09-08-31.04 - 09/01/2009 13:57.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1512 [GMT -4:00] Running from: c:\documents and settings\\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\gives\Desktop\CFScript.txt AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} file zipped: c:\documents and settings\gives\Application Data\zaxiceti.dat file zipped: c:\program files\Common Files\gyjad._sy file zipped: c:\program files\Common Files\ivixaxa.lib file zipped: c:\program files\Common Files\ojosum._sy file zipped: c:\windows\fatugu.dat file zipped: c:\windows\owukekejum.com file zipped: c:\windows\system32\fesuf.com file zipped: c:\windows\system32\ihiwih.com file zipped: c:\documents and settings\gives\Local Settings\Application Data\omap.dat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\gives\Application Data\zaxiceti.dat c:\program files\Common Files\gyjad._sy c:\program files\Common Files\ivixaxa.lib c:\program files\Common Files\ojosum._sy c:\windows\fatugu.dat c:\windows\owukekejum.com c:\windows\system32\fesuf.com c:\windows\system32\ihiwih.com . ((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 ))))))))))))))))))))))))))))))) . 2009-09-01 12:40 . 2009-09-01 12:40 32428 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.sys 2009-09-01 12:40 . 2009-09-01 12:40 32428 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.sys 2009-08-28 16:37 . 2004-08-04 10:00 4224 ------w- c:\windows\system32\drivers\beep.sys 2009-08-28 16:17 . 2009-08-31 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-08-27 17:01 . 2009-08-27 17:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-27 15:15 . 2009-08-27 15:15 14400 ----a-w- c:\documents and settings\gives\Local Settings\Application Data\omap.dat 2009-08-17 20:03 . 2009-08-17 20:03 -------- d-----w- C:\2b5cbe60827d3b240995272f 2009-08-12 19:59 . 2009-08-12 19:59 -------- d-----w- c:\windows\ServicePackFiles 2009-08-12 11:52 . 2009-06-09 15:06 1871872 ------w- c:\windows\system32\dllcache\mstscax.dll 2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-01 14:59 . 2006-09-07 13:38 -------- d-----w- c:\documents and settings\gives\Application Data\AdobeUM 2009-09-01 12:25 . 2004-08-11 22:00 55808 ------w- c:\windows\system32\eventlog.dll 2009-08-31 17:48 . 2008-09-18 16:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-31 17:46 . 2009-02-05 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-27 15:21 . 2009-03-18 19:26 -------- d-----w- c:\documents and settings\gives\Application Data\GetRightToGo 2009-08-20 14:14 . 2006-09-06 19:41 55736 -c--a-w- c:\documents and settings\gives\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-11 12:00 . 2009-04-28 17:55 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-08-11 11:59 . 2009-07-23 13:19 38208 ----a-w- c:\documents and settings\gives\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-08-05 09:11 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-23 13:20 . 2009-07-23 13:20 -------- d-----w- c:\documents and settings\gives\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1 2009-07-23 13:20 . 2009-07-23 13:20 -------- d-----w- c:\program files\Pandora 2009-07-23 12:34 . 2009-07-23 12:11 -------- d-----w- c:\program files\fvbaju 2009-07-17 18:55 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-11 22:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-11 22:00 915456 ------w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2004-08-11 22:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-11 22:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-11 22:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-11 22:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-11 22:00 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-11 22:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-11 22:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-11 22:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-11 22:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-11 22:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-11 22:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-22 11:49 . 2004-08-11 22:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-11 22:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-11 22:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-11 22:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-16 14:55 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:55 . 2004-08-11 22:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 11:50 . 2004-08-11 22:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 11:50 . 2004-08-11 22:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2004-08-11 22:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2008-07-18 14:28 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-09 15:06 . 2004-08-11 22:11 1871872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-11 22:00 1290752 ----a-w- c:\windows\system32\quartz.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\2b5cbe60827d3b240995272f ---- 2009-08-17 20:03 . 2008-06-19 15:03 73 ------w- c:\2b5cbe60827d3b240995272f\i386\msxpsinc.gpd 2009-08-17 20:03 . 2008-06-19 05:33 72 ------w- c:\2b5cbe60827d3b240995272f\i386\msxpsinc.ppd 2009-08-17 20:03 . 2008-06-19 05:33 72 ------w- c:\2b5cbe60827d3b240995272f\amd64\msxpsinc.ppd 2009-08-17 20:03 . 2008-06-19 05:33 2204 ------w- c:\2b5cbe60827d3b240995272f\i386\msxpsdrv.inf 2009-08-17 20:03 . 2008-06-19 05:33 2204 ------w- c:\2b5cbe60827d3b240995272f\amd64\msxpsdrv.inf 2009-08-17 20:03 . 2008-07-06 12:06 10929 ------w- c:\2b5cbe60827d3b240995272f\amd64\msxpsdrv.cat 2009-08-17 20:03 . 2008-07-06 12:06 10929 ------w- c:\2b5cbe60827d3b240995272f\i386\msxpsdrv.cat 2009-08-17 20:03 . 2008-07-06 12:06 147456 ------w- c:\2b5cbe60827d3b240995272f\amd64\filterpipelineprintproc.dll 2009-08-17 20:03 . 2008-07-06 12:06 89088 ------w- c:\2b5cbe60827d3b240995272f\i386\filterpipelineprintproc.dll 2009-08-17 20:03 . 2008-07-06 12:06 765440 ------w- c:\2b5cbe60827d3b240995272f\i386\mxdwdrv.dll 2009-08-17 20:03 . 2008-07-06 12:06 1676288 ------w- c:\2b5cbe60827d3b240995272f\i386\xpssvcs.dll 2009-08-17 20:03 . 2008-07-06 12:06 748032 ------w- c:\2b5cbe60827d3b240995272f\amd64\mxdwdrv.dll 2008-07-06 21:36 . 2008-07-06 21:36 2936832 ------w- c:\2b5cbe60827d3b240995272f\amd64\xpssvcs.dll 2008-06-19 15:03 . 2008-06-19 15:03 73 ------w- c:\2b5cbe60827d3b240995272f\amd64\msxpsinc.gpd ---- Directory of c:\program files\fvbaju ---- ((((((((((((((((((((((((((((( SnapShot@2009-09-01_12.43.18 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-11 22:00 . 2009-09-01 12:46 79630 c:\windows\system32\perfc009.dat - 2004-08-11 22:00 . 2009-08-17 20:06 79630 c:\windows\system32\perfc009.dat + 2004-08-11 22:00 . 2009-09-01 12:46 466414 c:\windows\system32\perfh009.dat - 2004-08-11 22:00 . 2009-08-17 20:06 466414 c:\windows\system32\perfh009.dat + 2006-08-30 07:09 . 2009-09-01 17:19 3777536 c:\windows\Installer\c67f.msi - 2006-08-30 07:09 . 2009-08-31 19:49 3777536 c:\windows\Installer\c67f.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-28 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-21 5537792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Lavasoft Ad-Aware Service"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200] R2 Transoft Solutions License Server V1.4;Transoft Solutions License Server V1.4;c:\program files\Transoft Solutions\License Server\TransoftLS.exe [4/30/2007 5:19 PM 307200] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/9/2008 1:58 PM 99376] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368161332-2723273657-3337644624-1172Core.job - c:\documents and settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 17:25] 2009-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368161332-2723273657-3337644624-1172UA.job - c:\documents and settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 17:25] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 14:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(568) c:\program files\Bonjour\mdnsNSP.dll . Completion time: 2009-09-01 14:06 ComboFix-quarantined-files.txt 2009-09-01 18:05 ComboFix2.txt 2009-09-01 12:51 Pre-Run: 28,687,855,616 bytes free Post-Run: 28,654,960,640 bytes free 187 --- E O F --- 2009-08-26 20:02 Upload was successful Add-Remove Programs Log: Adobe Acrobat - Reader 6.0.2 Update Adobe Acrobat 6.0 Standard Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin ArcExplorer Java Edition AutoCAD 2005 Express Tools Volumes 1-9 Autodesk Civil 3D - Civil Design Companion 2007 Autodesk Civil 3D 2007 Autodesk Civil Design 2005 Autodesk Design Review 2008 Autodesk Land Desktop 2005 Autodesk Land Desktop 2007 Autodesk Raster Design 2005 Autodesk Raster Design 2007 Autodesk Survey 2005 Autodesk Survey 2007 AutoTURN 5 Avira AntiVir Personal - Free Antivirus Bluebeam PDF Revu v6.2.0 Bonjour Broadcom Advanced Control Suite BufferChm Carlson 2008 for AutoCAD Carlson Connect Compatibility Pack for the 2007 Office system Critical Update for Windows Media Player 11 (KB959772) CustomerResearchQFolder CutePDF Writer 2.7 D4100 D4100_Help DeviceManagementQFolder eSupportQFolder Footprints Google Chrome Google Gmail Notifier High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB908673) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) HP Customer Participation Program 7.0 hp deskjet 3820 series (Remove only) HP Imaging Device Functions 7.0 HP Photosmart Essential HP Software Update HP Solution Center 7.0 hph_ProductContext hph_readme hph_software hph_software_req HPPhotoSmartExpress HPProductAssistant Hydraflow Hydrographs 2007 Hydraflow Storm Sewers 2005 Hydroworks Stormwater Treatment Program InstantShareDevicesMFC Intel Matrix Storage Manager Inventor Plug-In 5.3 J2SE Runtime Environment 5.0 Update 6 LiveUpdate 2.6 (Symantec Corporation) MarketResearch Microsoft .NET Framework (English) Microsoft .NET Framework (English) v1.0.3705 Microsoft .NET Framework 1.0 Hotfix (KB928367) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Basic Edition 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C Runtime MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6 Service Pack 2 (KB954459) NVIDIA Drivers OMCI Pandora PanoStandAlone PCSWMM for Stormceptor Photometric Viewer v3.3.02 PowerDVD 5.7 QuickTime Roxio DLA Roxio Express Labeler Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913433) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB937894) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939653) Security Update for Windows XP (KB941202) Security Update for Windows XP (KB941568) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB941644) Security Update for Windows XP (KB941693) Security Update for Windows XP (KB943055) Security Update for Windows XP (KB943460) Security Update for Windows XP (KB943485) Security Update for Windows XP (KB944653) Security Update for Windows XP (KB945553) Security Update for Windows XP (KB946026) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB948590) Security Update for Windows XP (KB948881) Security Update for Windows XP (KB950749) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971032) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Shadow Copy Client SolutionCenter Sonic Update Manager Status Symantec AntiVirus Symantec Technical Support Web Controls The Weather Channel Desktop 6 Toolbox TrayApp Trimble Link for Land Desktop 2005 Unload Unlocker 1.8.7 Update for Windows Internet Explorer 8 (KB971930) Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB912945) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB925876) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB932823-v3) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) Update for Windows XP (KB942763) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB973815) Virtual Earth 3D (Beta) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual FoxPro ODBC Driver VLC media player 0.9.2 Volo View Express WebFldrs XP WebReg Winamp Wind2 Financial Management System - Workstation Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 11 Windows Presentation Foundation Windows Search 4.0 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinRAR archiver XML Paper Specification Shared Components Pack 1.0 Uploadthis is attached. Thanks again. Uploadthis.zip

Thanks. Computer seems to be doing better. None of the error messages and search engines are no longer redirecting. Here are the logs: ComboFix Log: ComboFix 09-08-31.03 - 09/01/2009 8:32.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1644 [GMT -4:00] Running from: c:\documents and settings\\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\-1200117383 c:\docume~1\gives\LOCALS~1\Temp\csrss.exe c:\docume~1\gives\LOCALS~1\Temp\install_flash_player.exe c:\docume~1\gives\LOCALS~1\Temp\services.exe c:\documents and settings\All Users\Application Data\acybowytoz.pif c:\documents and settings\All Users\Application Data\alaguxemyv.com c:\documents and settings\All Users\Application Data\folakofu._sy c:\documents and settings\All Users\Application Data\okydoqiz.dll c:\documents and settings\All Users\Application Data\ynylyty.bin c:\documents and settings\All Users\Documents\falupej.bin c:\documents and settings\All Users\Documents\idabyw.vbs c:\documents and settings\All Users\Documents\tehulymag.dll c:\documents and settings\All Users\Documents\ybopox.reg c:\documents and settings\gives\Application Data\feryrege.bat c:\documents and settings\gives\Application Data\jafalir.reg c:\documents and settings\gives\Application Data\uwelutigid.scr c:\documents and settings\gives\Cookies\ivilovat._dl c:\documents and settings\gives\Cookies\johinewy.pif c:\documents and settings\gives\Cookies\ponomemiv.scr c:\documents and settings\gives\Cookies\tikynony._dl c:\documents and settings\gives\Cookies\utoxukif.exe c:\documents and settings\gives\Cookies\xajunaxyto.bin c:\documents and settings\gives\Local Settings\Application Data\eravysafa.com c:\documents and settings\gives\Local Settings\Application Data\ygibizom.dl c:\documents and settings\gives\Local Settings\Temporary Internet Files\ajacukeje.vbs c:\documents and settings\gives\Local Settings\Temporary Internet Files\alosydu._dl c:\documents and settings\gives\Local Settings\Temporary Internet Files\cytyr.scr c:\documents and settings\gives\Local Settings\Temporary Internet Files\ilyvewo.bin c:\documents and settings\gives\Local Settings\Temporary Internet Files\koxagaxo.bat c:\documents and settings\gives\Local Settings\Temporary Internet Files\uhejoxu.dll c:\documents and settings\gives\Local Settings\Temporary Internet Files\woryhib.exe c:\documents and settings\gives\Local Settings\Temporary Internet Files\ylipunaxad.scr C:\kvhwftjn.exe C:\p2hhr.bat c:\program files\Common Files\cige.vbs c:\program files\Common Files\izev.com c:\program files\Common Files\okuhom.com c:\windows\arik._dl c:\windows\azixu.sys c:\windows\bocumaxaz._dl c:\windows\dicuguw.pif c:\windows\Fonts\AcadEref.ttf c:\windows\Fonts\ZWAdobeF.TTF c:\windows\funisevahy.bat c:\windows\ikylojyp.ban c:\windows\Installer\1b58ea6.msp c:\windows\Installer\1b58f0a.msp c:\windows\Installer\37a2ad.msp c:\windows\Installer\4ecce9.msp c:\windows\Installer\ccb749.msp c:\windows\Installer\f1023.msp c:\windows\ixefin.dl c:\windows\ozyzyleh.sys c:\windows\qewijyv.ban c:\windows\run.log c:\windows\system32\_scui.cpl c:\windows\system32\asuki._dl c:\windows\system32\critical_warning.html c:\windows\system32\dllcache\beep.sys c:\windows\system32\drivers\kbiwkmuyrqjctl.sys c:\windows\system32\gilo.scr c:\windows\system32\imawaquw.dl c:\windows\system32\jesoke.dll c:\windows\system32\kbiwkmkkylksdj.dat c:\windows\system32\kbiwkmmtkqlxmu.dll c:\windows\system32\kbiwkmpauaicdl.dat c:\windows\system32\kbiwkmpcoulqgd.dll c:\windows\system32\loxebasyl.bin c:\windows\system32\oduvyviq.dl c:\windows\system32\sofev.dll c:\windows\system32\terrapof32 c:\windows\system32\terrapof32\efwef23.gds c:\windows\system32\terrapof32\g45hged.gdp c:\windows\system32\winhelper.dll c:\windows\system32\ywirocy.bin c:\windows\vunitemu.dl c:\windows\yjok.sys Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected Restored copy from - c:\i386\beep.sys Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmyydvtvob -------\Legacy_kbiwkmyydvtvob -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 ))))))))))))))))))))))))))))))) . 2009-09-01 12:40 . 2009-09-01 12:40 32428 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.sys 2009-09-01 12:40 . 2009-09-01 12:40 32428 ----a-w- c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP0.sys 2009-08-28 16:37 . 2004-08-04 10:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys 2009-08-28 16:17 . 2009-08-31 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2009-08-27 17:01 . 2009-08-27 17:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-27 16:58 . 2009-08-27 16:58 18195 ----a-w- c:\windows\system32\ihiwih.com 2009-08-27 16:58 . 2009-08-27 16:58 11672 ----a-w- c:\windows\fatugu.dat 2009-08-27 16:58 . 2009-08-27 16:58 10234 ----a-w- c:\windows\owukekejum.com 2009-08-27 15:15 . 2009-08-27 15:15 14400 ----a-w- c:\documents and settings\gives\Local Settings\Application Data\omap.dat 2009-08-27 15:15 . 2009-08-27 15:15 10554 ----a-w- c:\windows\system32\fesuf.com 2009-08-17 20:03 . 2009-08-17 20:03 -------- d-----w- C:\2b5cbe60827d3b240995272f 2009-08-12 19:59 . 2009-08-12 19:59 -------- d-----w- c:\windows\ServicePackFiles 2009-08-12 11:52 . 2009-06-09 15:06 1871872 ------w- c:\windows\system32\dllcache\mstscax.dll 2009-08-05 09:11 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-01 12:25 . 2004-08-11 22:00 55808 ----a-w- c:\windows\system32\eventlog.dll 2009-08-31 19:49 . 2006-09-07 13:38 -------- d-----w- c:\documents and settings\gives\Application Data\AdobeUM 2009-08-31 17:48 . 2008-09-18 16:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-31 17:46 . 2009-02-05 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-28 16:21 . 2009-08-28 16:21 19937 ----a-w- c:\program files\Common Files\gyjad._sy 2009-08-28 16:21 . 2009-08-28 16:21 12516 ----a-w- c:\program files\Common Files\ivixaxa.lib 2009-08-27 16:58 . 2009-08-27 16:58 13286 ----a-w- c:\program files\Common Files\ojosum._sy 2009-08-27 15:21 . 2009-03-18 19:26 -------- d-----w- c:\documents and settings\gives\Application Data\GetRightToGo 2009-08-27 15:15 . 2009-08-27 15:15 18702 ----a-w- c:\documents and settings\gives\Application Data\zaxiceti.dat 2009-08-20 14:14 . 2006-09-06 19:41 55736 -c--a-w- c:\documents and settings\gives\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-11 12:00 . 2009-04-28 17:55 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-08-11 11:59 . 2009-07-23 13:19 38208 ----a-w- c:\documents and settings\gives\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-08-05 09:11 . 2004-08-11 22:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-23 13:20 . 2009-07-23 13:20 -------- d-----w- c:\documents and settings\gives\Application Data\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1 2009-07-23 13:20 . 2009-07-23 13:20 -------- d-----w- c:\program files\Pandora 2009-07-23 12:34 . 2009-07-23 12:11 -------- d-----w- c:\program files\fvbaju 2009-07-17 18:55 . 2004-08-11 22:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-11 22:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2004-08-11 22:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-25 18:36 . 2004-08-11 22:00 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2004-08-11 22:00 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2004-08-11 22:00 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2004-08-11 22:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2004-08-11 22:00 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2004-08-11 22:00 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2004-08-11 22:00 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2004-08-11 22:00 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2004-08-11 22:00 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2004-08-11 22:00 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2004-08-11 22:00 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 18:36 . 2004-08-11 22:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-22 11:49 . 2004-08-11 22:00 19968 ----a-w- c:\windows\system32\mqbkup.exe 2009-06-22 11:49 . 2004-08-11 22:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe 2009-06-22 11:49 . 2004-08-11 22:00 4608 ----a-w- c:\windows\system32\mqsvc.exe 2009-06-22 11:48 . 2004-08-11 22:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys 2009-06-16 14:55 . 2004-08-11 22:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:55 . 2004-08-11 22:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-06-12 11:50 . 2004-08-11 22:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 11:50 . 2004-08-11 22:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:21 . 2004-08-11 22:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:32 . 2008-07-18 14:28 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-09 15:06 . 2004-08-11 22:11 1871872 ----a-w- c:\windows\system32\mstscax.dll 2009-06-03 19:27 . 2004-08-11 22:00 1290752 ----a-w- c:\windows\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-28 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-21 5537792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "Lavasoft Ad-Aware Service"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [11/15/2005 1:27 PM 169200] R2 Transoft Solutions License Server V1.4;Transoft Solutions License Server V1.4;c:\program files\Transoft Solutions\License Server\TransoftLS.exe [4/30/2007 5:19 PM 307200] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/9/2008 1:58 PM 99376] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?] S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368161332-2723273657-3337644624-1172Core.job - c:\documents and settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 17:25] 2009-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368161332-2723273657-3337644624-1172UA.job - c:\documents and settings\gives\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-28 17:25] . - - - - ORPHANS REMOVED - - - - Notify-dimsntfy - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-01 08:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(568) c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(2792) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Dell\OpenManage\Client\Iap.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\searchindexer.exe . ************************************************************************** . Completion time: 2009-09-01 8:51 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-01 12:51 Pre-Run: 27,899,260,928 bytes free Post-Run: 28,710,633,472 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 270 --- E O F --- 2009-08-26 20:02 RootRepeal Log: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/09/01 08:56 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: catchme.sys Image Path: C:\ComboFix\catchme.sys Address: 0xB3F35000 Size: 31744 File Visible: No Signed: - Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xBA108000 Size: 60416 File Visible: No Signed: - Status: - Name: dump_iastor.sys Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys Address: 0xADAF6000 Size: 872448 File Visible: No Signed: - Status: - Name: PROCEXP90.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Address: 0xBA636000 Size: 6464 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xAE6B5000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\WINDOWS\Config\Config Status: Locked to the Windows API! Path: C:\WINDOWS\Connection Wizard\Connection Wizard Status: Locked to the Windows API! Path: C:\WINDOWS\l2schemas\l2schemas Status: Locked to the Windows API! Path: C:\WINDOWS\system32\ShellExt\ShellExt Status: Locked to the Windows API! Path: C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Status: Locked to the Windows API! Path: C:\WINDOWS\system32\dhcp\dhcp Status: Locked to the Windows API! Path: C:\WINDOWS\system32\export\export Status: Locked to the Windows API! Path: C:\WINDOWS\system32\FxsTmp\FxsTmp Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wins\wins Status: Locked to the Windows API! Path: C:\WINDOWS\system32\inetsrv\inetsrv Status: Locked to the Windows API! Path: C:\WINDOWS\system32\scripting\scripting Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1025\1025 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1028\1028 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1031\1031 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1037\1037 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1041\1041 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1042\1042 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\1054\1054 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\2052\2052 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\3076\3076 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\3com_dmi\3com_dmi Status: Locked to the Windows API! Path: C:\WINDOWS\system32\en\en Status: Locked to the Windows API! Path: C:\WINDOWS\system32\xircom\xircom Status: Locked to the Windows API! Path: C:\WINDOWS\system32\The All-New `08 CTS dir\The All-New `08 CTS dir Status: Locked to the Windows API! Path: C:\WINDOWS\system32\bits\bits Status: Locked to the Windows API! Path: C:\WINDOWS\Help\mail\mail Status: Locked to the Windows API! Path: C:\WINDOWS\$hf_mig$\KB929338\KB929338 Status: Locked to the Windows API! Path: C:\WINDOWS\$hf_mig$\KB931784\KB931784 Status: Locked to the Windows API! Path: C:\WINDOWS\$hf_mig$\KB968389\KB968389 Status: Locked to the Windows API! Path: C:\WINDOWS\CSC\d1\d1 Status: Locked to the Windows API! Path: C:\WINDOWS\CSC\d2\d2 Status: Locked to the Windows API! Path: C:\WINDOWS\CSC\d3\d3 Status: Locked to the Windows API! Path: C:\WINDOWS\CSC\d4\d4 Status: Locked to the Windows API! Path: C:\WINDOWS\CSC\d5\d5 Status: Locked to the Windows API! Path: C:\WINDOWS\CSC\d6\d6 Status: Locked to the Windows API! Path: C:\WINDOWS\CSC\d7\d7 Status: Locked to the Windows API! Path: C:\WINDOWS\CSC\d8\d8 Status: Locked to the Windows API! Path: C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\temp\temp Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\tmp\tmp Status: Locked to the Windows API! Path: C:\WINDOWS\msapps\msinfo\msinfo Status: Locked to the Windows API! Path: C:\WINDOWS\Registration\CRMLog\CRMLog Status: Locked to the Windows API! Path: C:\WINDOWS\ime\imejp98\imejp98 Status: Locked to the Windows API! Path: C:\WINDOWS\java\classes\classes Status: Locked to the Windows API! Path: C:\WINDOWS\java\trustlib\trustlib Status: Locked to the Windows API! Path: c:\documents and settings\gives\local settings\temp\etilqs_wigjsb6sedarp4agt9xk Status: Allocation size mismatch (API: 32768, Raw: 0) Path: C:\WINDOWS\system32\drivers\disdn\disdn Status: Locked to the Windows API! Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDF Status: Locked to the Windows API! Path: C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Status: Locked to the Windows API! Path: C:\WINDOWS\system32\appmgmt\S-1-5-21-1368161332-2723273657-3337644624-1172\S-1-5-21-1368161332-2723273657-3337644624-1172 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Status: Locked to the Windows API! Path: C:\WINDOWS\system32\mui\dispspec\dispspec Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\sample\sample Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\snmp\snmp Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Status: Locked to the Windows API! Path: C:\WINDOWS\Sun\Java\Deployment\Deployment Status: Locked to the Windows API! Path: C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Status: Locked to the Windows API! Path: C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Status: Locked to the Windows API! Path: C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Status: Locked to the Windows API! Path: C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Status: Locked to the Windows API! Path: C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Status: Locked to the Windows API! Path: C:\WINDOWS\pchealth\helpctr\Temp\Temp Status: Locked to the Windows API! Path: C:\WINDOWS\ime\chsime\applets\applets Status: Locked to the Windows API! Path: C:\WINDOWS\ime\CHTIME\Applets\Applets Status: Locked to the Windows API! Path: C:\WINDOWS\ime\imejp\applets\applets Status: Locked to the Windows API! Path: C:\WINDOWS\ime\imjp8_1\applets\applets Status: Locked to the Windows API! Path: C:\WINDOWS\ime\imkr6_1\applets\applets Status: Locked to the Windows API! Path: C:\WINDOWS\ime\imkr6_1\dicts\dicts Status: Locked to the Windows API! Path: C:\WINDOWS\ime\shared\res\res Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemcust\oemcust Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemhw\oemhw Status: Locked to the Windows API! Path: C:\WINDOWS\system32\oobe\html\oemreg\oemreg Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\mof\bad\bad Status: Locked to the Windows API! Path: C:\WINDOWS\system32\wbem\mof\good\good Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp\ZAP2F8.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D2.tmp\ZAP3D2.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FD.tmp\ZAP3FD.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9D.tmp\ZAP9D.tmp Status: Locked to the Windows API! Path: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Status: Locked to the Windows API! Path: C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Status: Locked to the Windows API! Path: C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Status: Locked to the Windows API! Path: C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Status: Locked to the Windows API! Path: C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Status: Locked to the Windows API! Path: C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Status: Locked to the Windows API! Path: C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs Status: Locked to the Windows API! Path: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Status: Locked to the Windows API! Path: C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Status: Locked to the Windows API! Path: C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\drivers\w32x86\3\New\New Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526} Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70 Status: Locked to the Windows API! Path: C:\Documents and Settings\gives\Local Settings\Apps\2.0\XK46R0RD.HRV\LVP0EDNM.15G\manifests\clickonce_bootstrap.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\gives\Local Settings\Apps\2.0\XK46R0RD.HRV\LVP0EDNM.15G\manifests\clickonce_bootstrap.exe.manifest Status: Locked to the Windows API! Path: C:\WINDOWS\system32\spool\drivers\w32x86\3\Old\1\1 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3248271683-3951922948-1184423176-500\S-1-5-21-3248271683-3951922948-1184423176-500 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-861567501-1078081533-725345543-500 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ZQPEPHR8\ZQPEPHR8 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\QHVX3U4W\QHVX3U4W Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\668b56910397\668b56910397 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3248271683-3951922948-1184423176-500\S-1-5-21-3248271683-3951922948-1184423176-500 Status: Locked to the Windows API! Path: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-861567501-1078081533-725345543-500 Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft Status: Locked to the Windows API! Path: C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft Status: Locked to the Windows API! SSDT ------------------- #: 031 Function Name: NtConnectPort Status: Hooked by "<unknown>" at address 0x897c98e8 ==EOF== Win32 Log: WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp\ZAP2F8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D2.tmp\ZAP3D2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FD.tmp\ZAP3FD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9D.tmp\ZAP9D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\mail\mail Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\l2schemas\l2schemas Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1368161332-2723273657-3337644624-1172\S-1-5-21-1368161332-2723273657-3337644624-1172 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\bits\bits Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ZQPEPHR8\ZQPEPHR8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526} Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\QHVX3U4W\QHVX3U4W Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3248271683-3951922948-1184423176-500\S-1-5-21-3248271683-3951922948-1184423176-500 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-861567501-1078081533-725345543-500 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\668b56910397\668b56910397 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3248271683-3951922948-1184423176-500\S-1-5-21-3248271683-3951922948-1184423176-500 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-861567501-1078081533-725345543-500 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\en\en Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\scripting\scripting Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\New\New Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\Old\1\1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\The All-New `08 CTS dir\The All-New `08 CTS dir Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished!

My computer has also seemed to have picked up something that is blocking any anti-malware programs from running. So far I have attempted to run about 5 anti-malware programs including MBAM and Rootrepeal. All of the programs will begin to run and then are closed. Subsequent attempts to run any of these programs gives the error message: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." I am also having trouble with google search engines. I have seen that most recommendations start with running win32k and posting the log which I have done below. I'm hoping for some help! Thanks! George Here are the win32 results: WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB929338\KB929338 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB931784\KB931784 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP103.tmp\ZAP103.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F8.tmp\ZAP2F8.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D2.tmp\ZAP3D2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FD.tmp\ZAP3FD.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9D.tmp\ZAP9D.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\temp\temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\mail\mail Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Cbz\Cbz Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Lib\Lib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Help\SBSI\Training\WXPPRO\Wave\Wave Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\chsime\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\ime\shared\res\res Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\classes\classes Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\l2schemas\l2schemas Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\10\policy\policy Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\51\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\52\policy\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-1368161332-2723273657-3337644624-1172\S-1-5-21-1368161332-2723273657-3337644624-1172 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\bits\bits Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe\Flash Player\AssetCache\ZQPEPHR8\ZQPEPHR8 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526}\{31391EF3-B3AC-4F12-94D8-DC2DA45E9526} Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia\Flash Player\#SharedObjects\QHVX3U4W\QHVX3U4W Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-3248271683-3951922948-1184423176-500\S-1-5-21-3248271683-3951922948-1184423176-500 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-861567501-1078081533-725345543-500 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Google Desktop\668b56910397\668b56910397 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-3248271683-3951922948-1184423176-500\S-1-5-21-3248271683-3951922948-1184423176-500 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-861567501-1078081533-725345543-500\S-1-5-21-861567501-1078081533-725345543-500 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\OFFICE\OFFICE Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\en\en Mount point destination : \Device\__max++>\^ Cannot access: C:\WINDOWS\system32\eventlog.dll [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll (Microsoft Corporation) [1] 2004-08-04 06:00:00 63488 C:\WINDOWS\system32\eventlog.dll () [2] 2004-08-04 06:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) [1] 2004-08-04 06:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\FxsTmp\FxsTmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\CINTLGNT\CINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\PINTLGNT\PINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\IME\TINTLGNT\TINTLGNT Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\LogFiles\WUDF\WUDF Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\scripting\scripting Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\New\New Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\spool\drivers\w32x86\3\Old\1\1 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\The All-New `08 CTS dir\The All-New `08 CTS dir Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\mof\good\good Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\Adobe\Acrobat\6.0\6.0 Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\mod_auto_data_gen\mod_auto_data_gen Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\NLU2.tmp\NLU2.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\Temp\NLU2F.tmp\NLU2F.tmp Mount point destination : \Device\__max++>\^ Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Finished!