Jump to content

fLaze

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Everything posted by fLaze

  1. fLaze
    After I was infected with the windows police pro virus, and removed it with mbam, I noticed my sound disappeared, on my speakers and headphones. I'm running on XP sp2. Do I need to reinstall my sound drivers?
  2. fLaze
    ComboFix 09-09-18.02 - JJ 09/20/2009 12:14.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.438 [GMT -4:00] Running from: c:\documents and settings\JJ\Desktop\ComboFix.exe AV: *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Tianhua\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\Tianhua\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat C:\p2hhr.bat c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\Installer\302ca4.msi c:\windows\kb913800.exe c:\windows\regedit.com c:\windows\run.log c:\windows\system32\bszip.dll c:\windows\system32\Data c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\launcher.exe c:\windows\Tasks\hkujamll.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_uacFlt -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} -------\Service_uacFlt ((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 ))))))))))))))))))))))))))))))) . 2009-09-20 05:07 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-20 05:07 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-20 05:07 . 2009-09-20 05:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-20 04:41 . 2009-09-20 04:50 -------- d-----w- C:\legitfiles 2009-09-19 18:07 . 2009-09-19 18:07 -------- d--h--w- c:\windows\system32\GroupPolicy 2009-09-19 17:18 . 2009-09-19 17:18 -------- d-----w- C:\ARK 2009-09-17 23:50 . 2009-09-17 23:50 -------- d-----w- c:\program files\Formatta 7.0 2009-09-17 23:48 . 2009-09-17 23:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2009-09-12 02:30 . 2009-09-12 02:36 -------- d-----w- c:\program files\Windows Live Safety Center 2009-09-07 14:26 . 2009-09-19 17:08 -------- d-----w- c:\documents and settings\JJ\Local Settings\Application Data\Temp 2009-09-07 14:26 . 2009-09-07 14:28 -------- d-----w- c:\documents and settings\JJ\Local Settings\Application Data\Google 2009-09-07 13:48 . 2009-09-07 14:12 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-07 13:48 . 2009-09-07 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-07 03:43 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-09-07 03:42 . 2009-09-07 03:42 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-09-01 02:41 . 2009-09-01 02:41 -------- d-----w- c:\documents and settings\JJ\Local Settings\Application Data\PCHealth 2009-08-31 05:05 . 2009-08-31 05:05 -------- d-----w- c:\program files\MSXML 6.0 2009-08-22 22:29 . 2009-08-22 22:29 -------- d-----w- c:\windows\ServicePackFiles 2009-08-22 21:36 . 2009-08-22 21:36 -------- d-----w- c:\documents and settings\JJ\Application Data\Motive 2009-08-22 21:36 . 2009-08-22 21:36 -------- d-----w- c:\documents and settings\JJ\Local Settings\Application Data\AVG Security Toolbar . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-20 04:33 . 2006-01-11 03:45 -------- d-----w- c:\program files\Dl_cats 2009-09-19 20:01 . 2006-08-08 03:29 3350 -csha-w- c:\windows\system32\KGyGaAvL.sys 2009-09-19 20:01 . 2005-12-29 15:38 56 --sh--r- c:\windows\system32\7C6B49F63F.sys 2009-09-17 23:42 . 2007-04-16 03:32 -------- d-----w- c:\program files\McAfee 2009-09-15 01:36 . 2006-01-12 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-07 04:55 . 2008-11-06 20:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-07 03:42 . 2007-04-27 23:26 -------- d-----w- c:\program files\Lavasoft 2009-09-07 03:41 . 2006-03-14 21:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-09-07 01:51 . 2008-11-06 20:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-07 01:51 . 2008-11-06 20:24 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-07 01:51 . 2007-04-27 23:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-08-24 05:56 . 2009-08-24 05:56 0 ----a-w- c:\documents and settings\Tianhua\ntuser.tmp 2009-08-22 21:29 . 2005-12-10 15:57 129872 -c--a-w- c:\documents and settings\JJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-22 04:10 . 2008-01-26 21:55 -------- d-----w- c:\documents and settings\Tianhua\Application Data\U3 2009-08-22 04:04 . 2008-11-08 04:55 -------- d-----w- c:\program files\Microsoft Silverlight 2009-08-21 03:58 . 2008-12-24 00:09 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-08-05 09:11 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-17 18:55 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-13 14:08 . 2005-08-16 10:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2005-08-16 10:18 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-25 18:36 . 2005-08-16 10:18 471552 ----a-w- c:\windows\system32\mqutil.dll 2009-06-25 18:36 . 2005-08-16 10:18 95744 ----a-w- c:\windows\system32\mqsec.dll 2009-06-25 18:36 . 2005-08-16 10:18 661504 ----a-w- c:\windows\system32\mqqm.dll 2009-06-25 18:36 . 2005-08-16 10:18 517120 ----a-w- c:\windows\system32\mqsnap.dll 2009-06-25 18:36 . 2005-08-16 10:18 48640 ----a-w- c:\windows\system32\mqupgrd.dll 2009-06-25 18:36 . 2005-08-16 10:18 186880 ----a-w- c:\windows\system32\mqtrig.dll 2009-06-25 18:36 . 2005-08-16 10:18 177152 ----a-w- c:\windows\system32\mqrt.dll 2009-06-25 18:36 . 2005-08-16 10:18 123392 ----a-w- c:\windows\system32\mqrtdep.dll 2009-06-25 18:36 . 2005-08-16 10:18 47104 ----a-w- c:\windows\system32\mqdscli.dll 2009-06-25 18:36 . 2005-08-16 10:18 225280 ----a-w- c:\windows\system32\mqoa.dll 2009-06-25 18:36 . 2005-08-16 10:18 16896 ----a-w- c:\windows\system32\mqise.dll 2009-06-25 18:36 . 2005-08-16 10:18 138240 ----a-w- c:\windows\system32\mqad.dll 2009-06-25 08:17 . 2005-08-16 10:18 59392 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:17 . 2005-08-16 10:18 56320 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:17 . 2005-08-16 10:18 168448 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:17 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:17 . 2005-08-16 10:18 729600 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:17 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll 2007-02-15 11:51 . 2007-02-15 11:51 169248 -c--a-w- c:\program files\MC 2006-01-05 04:38 . 2006-02-12 19:34 3808240 -c--a-w- c:\program files\gtk+-2.8.9-setup-1.exe 2006-05-06 16:42 . 2006-07-20 03:22 7260160 -c--a-w- c:\program files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208] "Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Google Update"="c:\documents and settings\JJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-07 133104] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "Motive SmartBridge"="c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 327680] "dlcjmon.exe"="c:\program files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 430080] "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 286720] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "DLCJCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll" [2005-08-15 73728] "BootSkin Startup Jobs"="c:\progra~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 270336] "COMODO Firewall Pro"="c:\program files\Comodo\Firewall\CPF.exe" [2007-10-21 1115728] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-07 2007832] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] "P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2004-06-10 60928] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "application"="c:\program files\AKProg\AKProg.exe" [2009-01-11 522752] c:\documents and settings\Tianhua\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-2-6 3581680] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-5 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588] Perstray.lnk - c:\program files\PerSono\perstray.exe [2006-3-15 32768] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-8-3 394856] [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] Source= c:\windows\system32\onhelp.htm FriendlyName= tets [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-07 01:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Verizon Online Support Center.lnk backup=c:\windows\pss\Verizon Online Support Center.lnkCommon Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup "AVG Control Center"=c:\program files\Grisoft\AVG7\avgcc.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "MimBoot"=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe "dla"=c:\windows\system32\dla\tfswctrl.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "UpdReg"=c:\windows\UpdReg.EXE "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Steam\\SteamApps\\infectox\\counter-strike\\hl.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Steam\\SteamApps\\infectox\\counter-strike source\\hl2.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Steam\\SteamApps\\infectox\\dedicated server\\hlds.exe"= "c:\\Program Files\\Invisible Browsing\\InvisibleBrowsing.exe"= "c:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "51236:TCP"= 51236:TCP:BitComet 51236 TCP "51236:UDP"= 51236:UDP:BitComet 51236 UDP "6112:TCP"= 6112:TCP:Blizzard "4000:TCP"= 4000:TCP:Blizzard2 "6113:TCP"= 6113:TCP:Blizzard3 "6114:TCP"= 6114:TCP:Blizzard4 "6115:TCP"= 6115:TCP:Blizzard5 "6116:TCP"= 6116:TCP:Blizzard6 "6117:TCP"= 6117:TCP:Blizzard7 "6118:TCP"= 6118:TCP:Blizzard8 "6119:TCP"= 6119:TCP:Blizzard9 "16900:UDP"= 16900:UDP:CrashOnlineRecv "16910:UDP"= 16910:UDP:CrashOnlineSend "25:TCP"= 25:TCP:sc "9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager "9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/6/2009 11:43 PM 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/6/2008 4:24 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/6/2008 4:24 PM 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/6/2008 4:23 PM 297752] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/23/2008 5:23 PM 92296] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/9/2009 11:04 AM 24652] S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?] S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/6/2008 4:23 PM 908056] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456] S3 cpuz130;cpuz130;\??\c:\docume~1\Tianhua\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Tianhua\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [11/15/2008 1:53 PM 33752] S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 3:13 AM 34064] S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 3:47 PM 20640] S3 tapgamerail;GameRail Adapter;c:\windows\system32\drivers\tapgamerail.sys [6/23/2007 5:00 PM 26368] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-09-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] 2009-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2441737916-2716685914-562067877-1005Core.job - c:\documents and settings\JJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-07 14:26] 2009-09-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2441737916-2716685914-562067877-1005UA.job - c:\documents and settings\JJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-07 14:26] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = 127.0.0.1 IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tianhua\Start Menu\Programs\IMVU\Run IMVU.lnk Trusted Zone: turbotax.com Trusted Zone: musicmatch.com\online DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\JJ\Application Data\Mozilla\Firefox\Profiles\ksluehzk.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll FF - plugin: c:\documents and settings\JJ\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npoctoshape.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npvlc.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-20 12:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCJCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... c:\docume~1\JJ\LOCALS~1\Temp\GUR2.tmp 0 bytes c:\docume~1\JJ\LOCALS~1\Temp\lucene-ede5717dd3ebcaad15c9a07963bbb1f1-write.lock 0 bytes scan completed successfully hidden files: 2 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}] "ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2441737916-2716685914-562067877-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{765102BD-2A0B-43B4-1712-400C9E6AB5D3}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oalaadiffcmiemljnfmomjjcebjngi"=hex:64,61,6c,6f,61,6a,66,69,00,90 "oahjhlckcijamdbljagljdmkhojmac"=hex:69,61,66,6f,6d,66,61,6c,65,6b,63,68,6a,6c, 61,66,63,6d,00,00 "nanjoanhcfemdlefcdljfjieopno"=hex:6a,61,6b,6f,6a,6a,69,61,70,67,68,6f,62,70, 68,63,70,69,6e,6b,00,fd [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2fb03f69-b62a-4c63-bff6-423047d82f72}] @Denied: (Full) (Everyone) "Model"=dword:00000018 "Therad"=dword:00000018 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{37ed398b-d851-4f85-a38c-161088f26757}] @Denied: (Full) (Everyone) "Model"=dword:0000006e "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,a8,a5,91,e0,f3,36,42,6b,0e,19,9b,7e,c0,c3,5d,71,69,0b,ea,46,83,b4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):87,20,2c,b7,e7,a6,bd,92,66,b6,40,4b,27,ff,01,62,2f,e5,d9,9f,93, 7a,70,90,7e,05,21,9c,d9,50,0e,84,56,2a,29,64,f1,aa,12,46,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):04,98,4f,55,32,d3,04,4f,a2,7c,24,9e,b5,3f,ca,68,a3,3b,4e,1b,02, e8,32,95,0e,37,1b,a5,a3,98,fb,2b,08,f9,53,49,4f,e0,c7,b0,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\
  3. fLaze
    No I couldn't find Combofix.txt Malwarebytes' Anti-Malware 1.41 Database version: 2830 Windows 5.1.2600 Service Pack 2 9/20/2009 11:29:53 AM mbam-log-2009-09-20 (11-29-53).txt Scan type: Quick Scan Objects scanned: 142965 Time elapsed: 22 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  4. fLaze
    I was able to do a full scan after reinstalling. Got over 90 infections Malwarebytes' Anti-Malware 1.41 Database version: 2828 Windows 5.1.2600 Service Pack 2 9/20/2009 1:31:28 AM mbam-log-2009-09-20 (01-31-28).txt Scan type: Quick Scan Objects scanned: 143460 Time elapsed: 21 minute(s), 16 second(s) Memory Processes Infected: 2 Memory Modules Infected: 5 Registry Keys Infected: 11 Registry Values Infected: 9 Registry Data Items Infected: 9 Folders Infected: 4 Files Infected: 55 Memory Processes Infected: C:\Documents and Settings\JJ\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> Unloaded process successfully. C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Rogue.AntiVirusPro2010) -> Unloaded process successfully. Memory Modules Infected: C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Downloader) -> Delete on reboot. C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro) -> Delete on reboot. C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot. C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010) -> Delete on reboot. C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Downloader) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{76dc0b63-1533-4ba9-8be8-d59eb676fa02} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{5a4c9202-7e5d-4995-8ab7-f7d9f3baa2aa} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5a4c9202-7e5d-4995-8ab7-f7d9f3baa2aa} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antiviruspro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntipPro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{bf56a325-23f2-42ad-f4e4-00aac39caa53} (Trojan.Zlob.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus pro 2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows rescue disk (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\data (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Start Menu\Programs\AntivirusPro_2010 (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\tajf83ikdmf.dll (Trojan.Zlob.H) -> Delete on reboot. C:\Program Files\AntivirusPro_2010\htmlayout.dll (Rogue.AntiVirusPro) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\fyblb.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\xvhu.exe (Trojan.Inject) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2441737916-2716685914-562067877-1005\Dc5.sdfdfda (Trojan.Dropper) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2441737916-2716685914-562067877-1005\Dc6.knjjnjn (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-2441737916-2716685914-562067877-1005\Dc4\windows Police Pro.asdfsdad (Antivirus2009) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\pologodi.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wisdstr.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\WINDOWS\system32\_scui.cpl (Rogue.HomeAntiVirus) -> Delete on reboot. C:\WINDOWS\system32\drivers\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\1809484932.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\3393758174.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\cmd.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\D7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\D8.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\D9.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\notepad.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\setup.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\spoolsv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\user.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\CR2YOJVK\zjjaof[1].htm (Trojan.Inject) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\O53XBZ9S\ekyymmqe[1].htm (Spyware.Banker) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Local Settings\Temporary Internet Files\Content.IE5\O53XBZ9S\zwjkbb[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\cru629.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\AVEngn.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\pthreadVC2.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Uninstall.exe (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\wscui.cpl (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Program Files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\WINDOWS\system32\~.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\system32\dllcache\beep.sys (Fake.Beep.sys) -> Quarantined and deleted successfully. C:\WINDOWS\system32\onhelp.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wispex.html (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\braviax.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Desktop\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully. C:\Documents and Settings\JJ\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.
  5. fLaze
    Volume in drive C has no label. Volume Serial Number is 38A3-7B40 Directory of C:\i386 08/10/2004 07:00 AM 22,016 lpk.dll Directory of C:\i386 08/10/2004 07:00 AM 110,080 imm32.dll 2 File(s) 132,096 bytes Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e 04/13/2008 08:11 PM 22,016 lpk.dll Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e 04/13/2008 08:11 PM 110,080 imm32.dll 2 File(s) 132,096 bytes Directory of C:\WINDOWS\system32 08/10/2004 07:00 AM 22,016 lpk.dll Directory of C:\WINDOWS\system32 08/10/2004 07:00 AM 110,080 imm32.dll 2 File(s) 132,096 bytes Total Files Listed: 6 File(s) 396,288 bytes 0 Dir(s) 1,989,693,440 bytes free
  6. fLaze
    Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File move operation "C:\legitfiles\eventlog.dll|C:\WINDOWS\System32\eventlog.dll" completed successfully. Completed script processing. ******************* Finished! Terminate.
  7. fLaze
    Hmm, I can't seem to run combofix for some reason. I renamed it to explorer.exe before saving it to my desktop. After I clicked "yes" on the disclaimer prompt, the command window came up with the message: System file is infected !! Attempting to restore "C:\WINDOWS\system32\lpk.dll System file is infected !! Attempting to restore "C:\WINDOWS\system32\imm32.dll" Then it closed by itself and I got the message "Combofix is uninstalled". I think it was trying to create a restore point according to the guide I was following. But, a while back I disabled windows restore and I can't turn it back on.
  8. fLaze
    GMER 1.0.15.15087 - http://www.gmer.net Rootkit quick scan 2009-09-19 13:19:29 Windows 5.1.2600 Service Pack 2 Running: qu6tvmum.exe; Driver: C:\DOCUME~1\JJ\LOCALS~1\Temp\pxtdypob.sys ---- System - GMER 1.0.15 ---- SSDT sphk.sys ZwEnumerateKey [0xF72C8CA2] SSDT sphk.sys ZwEnumerateValueKey [0xF72C9030] SSDT \SystemRoot\System32\Drivers\Beep.SYS ZwQuerySystemInformation [0xF65371A0] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 875D21F8 AttachedDevice \Driver\Tcpip \Device\Ip cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp cmdmon.sys (Comodo Application Engine driver/Comodo Research Lab., Inc.) ---- EOF - GMER 1.0.15 ----
  9. fLaze
    Ignore the invalid script error. I didn't copy and paste the entire code the first time. ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows XP (build 2600, Service Pack 2) Sat Sep 19 13:01:55 2009 13:01:55: Error: Invalid script. A valid script must begin with a command directive. Aborting execution! ////////////////////////////////////////// Logfile of The Avenger Version 2.0,
  10. fLaze
    For the past week, my pc was infected with the Windows Police Pro virus. I followed various online guides to manually remove some of the infected files. However, when I tried to run a scan with malwarebytes (after a fresh install) the scan closes after 3 secs. When I try to reopen the program I get the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Here are my logs: Running from: C:\Documents and Settings\JJ\desktop\win32kdiag.exe Log file at : C:\Documents and Settings\JJ\Desktop\Win32kDiag.txt Removing all found mount points. Attempting to reset file permissions. WARNING: Could not get backup privileges! Searching 'C:\WINDOWS'... Found mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB904706\KB904706 Found mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB912812\KB912812 Found mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB916281\KB916281 Found mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB918899\KB918899 Found mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB920213\KB920213 Found mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB922760\KB922760 Found mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB924496\KB924496 Found mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB925454\KB925454 Found mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB932168\KB932168 Found mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB933729\KB933729 Found mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB941568\KB941568 Found mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\$hf_mig$\KB943460\KB943460 Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10C.tmp\ZAP10C.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10C.tmp\ZAP10C.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP121.tmp\ZAP121.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP121.tmp\ZAP121.tmp Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP208.tmp\ZAP208.tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP208.tmp\ZAP208.tmp Found mount point : C:\WINDOWS\assembly\tmp\tmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\assembly\tmp\tmp Found mount point : C:\WINDOWS\Config\Config Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Config\Config Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Connection Wizard\Connection Wizard Found mount point : C:\WINDOWS\CSC\d1\d1 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d1\d1 Found mount point : C:\WINDOWS\CSC\d2\d2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d2\d2 Found mount point : C:\WINDOWS\CSC\d3\d3 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d3\d3 Found mount point : C:\WINDOWS\CSC\d4\d4 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d4\d4 Found mount point : C:\WINDOWS\CSC\d5\d5 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d5\d5 Found mount point : C:\WINDOWS\CSC\d6\d6 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d6\d6 Found mount point : C:\WINDOWS\CSC\d7\d7 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d7\d7 Found mount point : C:\WINDOWS\CSC\d8\d8 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\CSC\d8\d8 Found mount point : C:\WINDOWS\fontvect\fontvect Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\fontvect\fontvect Found mount point : C:\WINDOWS\ime\imejp\applets\applets Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp\applets\applets Found mount point : C:\WINDOWS\ime\imejp98\imejp98 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\ime\imejp98\imejp98 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\50512592984F2284DAAF236CED4E1F41\8.0.6\8.0.6 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\50512592984F2284DAAF236CED4E1F41\8.0.6\8.0.6 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\52CB9D6ECBD08634E8A4D7EE0866C19D\8.0.148\8.0.148 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\52CB9D6ECBD08634E8A4D7EE0866C19D\8.0.148\8.0.148 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\AC1F0757D610CA645B68DC4746E5BF25\8.0.211\8.0.211 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\AC1F0757D610CA645B68DC4746E5BF25\8.0.211\8.0.211 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729 Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\FC62732BFB866A144ABE271FF278EF50\8.0.63\8.0.63 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\FC62732BFB866A144ABE271FF278EF50\8.0.63\8.0.63 Found mount point : C:\WINDOWS\java\trustlib\trustlib Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\java\trustlib\trustlib Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs Found mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files Found mount point : C:\WINDOWS\msapps\msinfo\msinfo Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\msapps\msinfo\msinfo Found mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QHEADLES\QHEADLES Found mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\ErrorRep\QSIGNOFF\QSIGNOFF Found mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\batch\batch Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS Found mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\System\News\News Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp Found mount point : C:\WINDOWS\PIF\PIF Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\PIF\PIF Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Registration\CRMLog\CRMLog Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded Found mount point : C:\WINDOWS\SoftwareDistribution\Download\38a8eda614ff45eb7360274e207cd81f\sp2gdr\sp2gdr Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\38a8eda614ff45eb7360274e207cd81f\sp2gdr\sp2gdr Found mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78\sp3qfe\sp3qfe Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\40fc5c00ee89ac515590995374843d78\sp3qfe\sp3qfe Found mount point : C:\WINDOWS\SoftwareDistribution\Download\5576ebf17c8d936aec4fdc0b3f9f566d\sp2qfe\sp2qfe Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\5576ebf17c8d936aec4fdc0b3f9f566d\sp2qfe\sp2qfe Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\10\policy\policy Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\51\policy\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\52\policy\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\60\msft\msft Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\asms\70\70 Found mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\backup\root\root Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel Found mount point : C:\WINDOWS\system32\1025\1025 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1025\1025 Found mount point : C:\WINDOWS\system32\1028\1028 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1028\1028 Found mount point : C:\WINDOWS\system32\1031\1031 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1031\1031 Found mount point : C:\WINDOWS\system32\1037\1037 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1037\1037 Found mount point : C:\WINDOWS\system32\1041\1041 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1041\1041 Found mount point : C:\WINDOWS\system32\1042\1042 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1042\1042 Found mount point : C:\WINDOWS\system32\1054\1054 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\1054\1054 Found mount point : C:\WINDOWS\system32\2052\2052 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\2052\2052 Found mount point : C:\WINDOWS\system32\3076\3076 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3076\3076 Found mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\3com_dmi\3com_dmi Found mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\MACHINE\MACHINE Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2441737916-2716685914-562067877-1005\S-1-5-21-2441737916-2716685914-562067877-1005 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2441737916-2716685914-562067877-1005\S-1-5-21-2441737916-2716685914-562067877-1005 Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2441737916-2716685914-562067877-1006\S-1-5-21-2441737916-2716685914-562067877-1006 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2441737916-2716685914-562067877-1006\S-1-5-21-2441737916-2716685914-562067877-1006 Found mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2441737916-2716685914-562067877-500\S-1-5-21-2441737916-2716685914-562067877-500 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\appmgmt\S-1-5-21-2441737916-2716685914-562067877-500\S-1-5-21-2441737916-2716685914-562067877-500 Found mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\CatRoot_bak\CatRoot_bak Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\{4E3254D7-522A-412A-9296-3F4767B3A2CB} Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Identities\{4E3254D7-522A-412A-9296-3F4767B3A2CB}\{4E3254D7-522A-412A-9296-3F4767B3A2CB} Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2441737916-2716685914-562067877-500\S-1-5-21-2441737916-2716685914-562067877-500 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-2441737916-2716685914-562067877-500\S-1-5-21-2441737916-2716685914-562067877-500 Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500 Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Media Player\Media Player Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\MMC\MMC Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\Certificates\Certificates Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CRLs\CRLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\SystemCertificates\My\CTLs\CTLs Found mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\javaws\cache\cache Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\BVRP Software\NetWaiting\NetWaiting Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\CD Burning\CD Burning Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2441737916-2716685914-562067877-500\S-1-5-21-2441737916-2716685914-562067877-500 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-2441737916-2716685914-562067877-500\S-1-5-21-2441737916-2716685914-562067877-500 Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Credentials\S-1-5-21-343818398-1004336348-839522115-500\S-1-5-21-343818398-1004336348-839522115-500 Found mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Musicmatch\Jukebox\Cache\Cache Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Musicmatch\Jukebox\Cache\Cache Found mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\CCWin\Address Book\Address Book Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\My Documents\CCWin\Address Book\Address Book Found mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\NetHood\NetHood Found mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\config\systemprofile\PrintHood\PrintHood Found mount point : C:\WINDOWS\system32\Data\Data Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Data\Data Found mount point : C:\WINDOWS\system32\Defaults\Defaults Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Defaults\Defaults Found mount point : C:\WINDOWS\system32\dhcp\dhcp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\dhcp\dhcp Found mount point : C:\WINDOWS\system32\drivers\disdn\disdn Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\drivers\disdn\disdn Cannot access: C:\WINDOWS\system32\eventlog.dll Attempting to restore permissions of : C:\WINDOWS\system32\eventlog.dll [1] 2008-04-13 20:11:53 56320 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll (Microsoft Corporation) [1] 2004-08-10 07:00:00 62464 C:\WINDOWS\system32\eventlog.dll () [2] 2004-08-10 07:00:00 55808 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation) [1] 2004-08-10 07:00:00 55808 C:\i386\eventlog.dll (Microsoft Corporation) Found mount point : C:\WINDOWS\system32\export\export Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\export\export Found mount point : C:\WINDOWS\system32\inetsrv\inetsrv Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\inetsrv\inetsrv Found mount point : C:\WINDOWS\system32\Macromed\update\update Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Macromed\update\update Found mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\Microsoft\Crypto\RSA\MachineKeys\MachineKeys Found mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\mui\dispspec\dispspec Found mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\ispsgnup\ispsgnup Found mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemcust\oemcust Found mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemhw\oemhw Found mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\html\oemreg\oemreg Found mount point : C:\WINDOWS\system32\oobe\sample\sample Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\oobe\sample\sample Found mount point : C:\WINDOWS\system32\ShellExt\ShellExt Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\ShellExt\ShellExt Found mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\spool\PRINTERS\PRINTERS Found mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\mof\bad\bad Found mount point : C:\WINDOWS\system32\wbem\snmp\snmp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wbem\snmp\snmp Found mount point : C:\WINDOWS\system32\wins\wins Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\wins\wins Found mount point : C:\WINDOWS\system32\xircom\xircom Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\system32\xircom\xircom Found mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\Temp\SiteAdvisor\SiteAdvisor Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Mount point destination : \Device\__max++>\^ Removing mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2 Finished!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.